0

Hey everyone

I have been having problems with my desktop, this time the icons and task bar disappeared. I was alerted that there were some torjan that have been founded by Avast, which was removed at the time, and then soon after the icons and task bar disappeared.

Not knowing what was wrong i restarted my machine, the problem persisted and on start up once windows loaded up a error came out saying a there is a missing dll. sockins32.dll, i think, not have the icons and task bar I then went about using the task manager so that i use anti-malware and other cleanup programs.

I used Malwarebytes' Anti-Malware to try to remove the problems which it did at first the error also disappeared, but about 15 or so minute after windows loaded without problem the icons and task bar will suddenly disappear again and then going back to Malwarebytes the trojan vundo returns. I cant seem to remove these trojan.

This is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:48, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
E:\General\Repair tool\hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4733 bytes

and Malwarebytes log

Malwarebytes' Anti-Malware 1.12
Database version: 737

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 56026
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\nnnnKeCs.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f5abfc7-5fd7-47de-a7e6-bbb4b215efd0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4f5abfc7-5fd7-47de-a7e6-bbb4b215efd0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nnnnKeCs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sCeKnnnn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sCeKnnnn.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.


Also when i went into safe mode windows seems to reload itself again and again.. the message that comes up at the start of safe mode about the system restore loads again and again.. i will be able to use windows for no more then 30 seconds then that message comes up again asking whether i will to continue to safe mode or use system restore.

can someone help please, thank you for your time

2
Contributors
12
Replies
13
Views
9 Years
Discussion Span
Last Post by crunchie
0

Can you right click on hijackthis.exe and rename it to analysethis and do another scan and post the log.

0

Here is the log from the rename exe scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:36, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\General\Repair tool\hijack\analysethis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\vtUmKCTK.dll
O2 - BHO: (no name) - {82D34086-E929-489E-ACCC-17C07AE6488D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUmKCTK - C:\WINDOWS\SYSTEM32\vtUmKCTK.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5086 bytes

0

That has uncovered the culprit. Run Malwarebytes anti-malware again and update it first. Do a scan and allow it to clean up what it finds.
Post back the log and another hijackthis log.

0

Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Full Scan (C:\|)
Objects scanned: 51751
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qoMeCsRi.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c92e65b1-42bb-4ac3-96e5-4c4b5bad4edb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c92e65b1-42bb-4ac3-96e5-4c4b5bad4edb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qoMeCsRi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iRsCeMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iRsCeMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:39:51, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\General\Repair tool\hijack\analysethis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\vtUmKCTK.dll
O2 - BHO: (no name) - {82D34086-E929-489E-ACCC-17C07AE6488D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUmKCTK - C:\WINDOWS\SYSTEM32\vtUmKCTK.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5086 bytes

This have not worked, as i am writing this the icon and task bar have disappeared once again.

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Here is the combofix log

ComboFix 07-08-14.4 - "Michael" 2008-05-18  9:15:34.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.44.1033.18.1668 [GMT 1:00]
* Created a new restore point



(((((((((((((((((((((((((   Files Created from 2008-04-18 to 2008-05-18  )))))))))))))))))))))))))))))))



2008-05-18 09:14    51,200  --a------   C:\WINDOWS\nircmd.exe
2008-05-17 15:20    345 --ahs----   C:\WINDOWS\system32\cfeeOqss.ini2
2008-05-10 10:18    <DIR>    d--------   C:\VundoFix Backups
2008-05-10 01:54    57,344  --a------   C:\WINDOWS\system32\vtUmKCTK.dll
2008-05-10 01:06    <DIR>    d--------   C:\Program Files\Microsoft Games
2008-05-10 01:00    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\WinRAR
2008-05-08 03:00    <DIR>    d--------   C:\Program Files\MSXML 4.0
2008-05-07 21:36    <DIR>    d--------   C:\Program Files\DAMN NFO Viewer
2008-05-07 20:30    <DIR>    d--------   C:\Program Files\CCleaner
2008-05-07 19:45    27,048  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 19:45    15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 19:45    <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Malwarebytes
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-05-07 19:44    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-05-07 04:06    <DIR>    d--------   C:\Program Files\Enigma Software Group
2008-05-07 00:16    <DIR>    d--------   C:\Program Files\DAEMON Tools Lite
2008-05-07 00:12    717,296 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-05-07 00:12    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DAEMON Tools
2008-05-06 23:52    90,112  --a------   C:\WINDOWS\system32\TG_SYNC.DLL
2008-05-06 23:52    110,592 --a------   C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-06 23:52    102,400 --a------   C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-05-06 23:16    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Bioshock
2008-05-06 21:47    <DIR>    d--------   C:\Program Files\MyFree Codec
2008-05-06 21:44    974,848 --a------   C:\WINDOWS\system32\mfc70.dll
2008-05-06 21:44    921,600 --a------   C:\WINDOWS\system32\vorbisenc.dll
2008-05-06 21:44    89,088  --a------   C:\WINDOWS\system32\atl71.dll
2008-05-06 21:44    82,432  --a------   C:\WINDOWS\system32\msxml4r.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MTXSYNCICON.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MK_Lyric.dll
2008-05-06 21:44    507,904 --a------   C:\WINDOWS\system32\MSLUP71.dll
2008-05-06 21:44    49,152  --a------   C:\WINDOWS\system32\MaJGUILib.dll
2008-05-06 21:44    471,040 --a------   C:\WINDOWS\system32\muzapp.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\Ogg.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MaXMLProto.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MACXMLProto.dll
2008-05-06 21:44    44,544  --a------   C:\WINDOWS\system32\msxml4a.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MTTELECHIP.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MAMACExtract.dll
2008-05-06 21:44    364,544 --a------   C:\WINDOWS\system32\MASetupWizard.dll
2008-05-06 21:44    352,256 --a------   C:\WINDOWS\system32\MSLUR71.dll
2008-05-06 21:44    344,064 --a------   C:\WINDOWS\system32\msvcr70.dll
2008-05-06 21:44    258,352 --a------   C:\WINDOWS\system32\unicows.dll
2008-05-06 21:44    245,760 --a------   C:\WINDOWS\system32\MSCLib.dll
2008-05-06 21:44    24,576  --a------   C:\WINDOWS\system32\MASetupCleaner.exe
2008-05-06 21:44    237,568 --a------   C:\WINDOWS\system32\OggDS.dll
2008-05-06 21:44    200,704 --a------   C:\WINDOWS\system32\muzwmts.dll
2008-05-06 21:44    188,416 --a------   C:\WINDOWS\system32\vorbis.dll
2008-05-06 21:44    167,936 --a------   C:\WINDOWS\system32\muzapp.exe
2008-05-06 21:44    155,648 --a------   C:\WINDOWS\system32\MSFLib.dll
2008-05-06 21:44    135,168 --a------   C:\WINDOWS\system32\muzaf1.dll
2008-05-06 21:44    118,784 --a------   C:\WINDOWS\system32\MaDRM.dll
2008-05-06 21:44    110,592 --a------   C:\WINDOWS\system32\tg_dump.dll
2008-05-06 21:44    106,609 --a------   C:\WINDOWS\system32\MaJUtilLib.dll
2008-05-06 21:44    1,047,552   --a------   C:\WINDOWS\system32\MFC71u.dll
2008-05-06 21:44    1,046,528   --a------   C:\WINDOWS\system32\MFC71LU.DLL
2008-05-06 21:44    <DIR>    d--------   C:\Program Files\Samsung
2008-05-06 21:44    <DIR>    d--------   C:\Program Files\MarkAny
2008-05-06 21:44    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DataCast
2008-05-06 16:34    271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2008-05-06 16:34    207,736 --a------   C:\WINDOWS\system32\muweb.dll
2008-05-06 12:23    <DIR>    dr-h-----   C:\DOCUME~1\Michael\APPLIC~1\SecuROM
2008-05-06 12:06    81,768  --a------   C:\WINDOWS\system32\xinput1_3.dll
2008-05-06 12:06    62,744  --a------   C:\WINDOWS\system32\xinput1_2.dll
2008-05-06 12:06    443,752 --a------   C:\WINDOWS\system32\d3dx10_34.dll
2008-05-06 12:06    443,752 --a------   C:\WINDOWS\system32\d3dx10_33.dll
2008-05-06 12:06    3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2008-05-06 12:06    3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2008-05-06 12:06    3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-05-06 12:06    266,088 --a------   C:\WINDOWS\system32\xactengine2_8.dll
2008-05-06 12:06    261,480 --a------   C:\WINDOWS\system32\xactengine2_7.dll
2008-05-06 12:06    255,848 --a------   C:\WINDOWS\system32\xactengine2_6.dll
2008-05-06 12:06    251,672 --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-05-06 12:06    237,848 --a------   C:\WINDOWS\system32\xactengine2_4.dll
2008-05-06 12:06    236,824 --a------   C:\WINDOWS\system32\xactengine2_3.dll
2008-05-06 12:06    2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2008-05-06 12:06    2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2008-05-06 12:06    18,280  --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-06 12:06    15,128  --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-06 12:06    1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-06 12:06    1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-06 12:04    108,144 --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-05-06 11:55    <DIR>    d--------   C:\Program Files\2K Games
2008-05-06 11:54    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\InstallShield
2008-05-06 03:12    63,488  -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 03:12    6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 03:12    52,224  -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 03:12    459,264 -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 03:12    383,488 -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 03:12    267,776 -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 03:12    2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 03:12    13,824  -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 03:02    <DIR>    d--------   C:\Program Files\MSXML 6.0
2008-05-06 01:38    26,496  --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-06 00:10    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Media Player Classic
2008-05-06 00:08    81,920  --a------   C:\WINDOWS\system32\dpl100.dll
2008-05-06 00:08    755,027 --a------   C:\WINDOWS\system32\xvidcore.dll
2008-05-06 00:08    7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-05-06 00:08    682,496 --a------   C:\WINDOWS\system32\divx.dll
2008-05-06 00:08    3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-05-07 21:14    8972    --a------   C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2008-05-07 21:14    2378    --a------   C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-03-27 09:12    151583  --a--c---   C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 09:12    151583  --a------   C:\WINDOWS\system32\msjint40.dll
2008-03-25 05:50    838432  --a--c---   C:\WINDOWS\system32\dllcache\mswdat10.dll
2008-03-25 05:50    838432  --a------   C:\WINDOWS\system32\mswdat10.dll
2008-03-25 05:50    621344  --a--c---   C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 05:50    621344  --a------   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 05:50    60192   --a--c---   C:\WINDOWS\system32\dllcache\msjter40.dll
2008-03-25 05:50    60192   --a------   C:\WINDOWS\system32\msjter40.dll
2008-03-25 05:50    559904  --a--c---   C:\WINDOWS\system32\dllcache\msrepl40.dll
2008-03-25 05:50    559904  --a------   C:\WINDOWS\system32\msrepl40.dll
2008-03-25 05:50    518944  --a--c---   C:\WINDOWS\system32\dllcache\msexch40.dll
2008-03-25 05:50    518944  --a------   C:\WINDOWS\system32\msexch40.dll
2008-03-25 05:50    432928  --a--c---   C:\WINDOWS\system32\dllcache\msrd2x40.dll
2008-03-25 05:50    432928  --a------   C:\WINDOWS\system32\msrd2x40.dll
2008-03-25 05:50    355112  --a--c---   C:\WINDOWS\system32\dllcache\msjetol1.dll
2008-03-25 05:50    355112  --a------   C:\WINDOWS\system32\msjetoledb40.dll
2008-03-25 05:50    355104  --a--c---   C:\WINDOWS\system32\dllcache\msxbde40.dll
2008-03-25 05:50    355104  --a--c---   C:\WINDOWS\system32\dllcache\mspbde40.dll
2008-03-25 05:50    355104  --a------   C:\WINDOWS\system32\msxbde40.dll
2008-03-25 05:50    355104  --a------   C:\WINDOWS\system32\mspbde40.dll
2008-03-25 05:50    326432  --a--c---   C:\WINDOWS\system32\dllcache\msexcl40.dll
2008-03-25 05:50    326432  --a------   C:\WINDOWS\system32\msexcl40.dll
2008-03-25 05:50    322336  --a--c---   C:\WINDOWS\system32\dllcache\msrd3x40.dll
2008-03-25 05:50    322336  --a------   C:\WINDOWS\system32\msrd3x40.dll
2008-03-25 05:50    264992  --a--c---   C:\WINDOWS\system32\dllcache\mstext40.dll
2008-03-25 05:50    264992  --a------   C:\WINDOWS\system32\mstext40.dll
2008-03-25 05:50    248608  --a--c---   C:\WINDOWS\system32\dllcache\msjtes40.dll
2008-03-25 05:50    248608  --a------   C:\WINDOWS\system32\msjtes40.dll
2008-03-25 05:50    219936  --a--c---   C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 05:50    219936  --a------   C:\WINDOWS\system32\msltus40.dll
2008-03-25 05:50    1516568 --a--c---   C:\WINDOWS\system32\dllcache\msjet40.dll
2008-03-25 05:50    1516568 --a------   C:\WINDOWS\system32\msjet40.dll
2008-03-19 10:47    1845248 --a--c---   C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 10:47    1845248 --a------   C:\WINDOWS\system32\win32k.sys
2008-03-01 18:36    3591680 --a--c---   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 14:06    826368  --a--c---   C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 14:06    671232  --a--c---   C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 14:06    478208  --a--c---   C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 14:06    44544   --a--c---   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 14:06    44544   --a--c---   C:\WINDOWS\system32\dllcache\iernonce.dll
2008-03-01 14:06    384512  --a--c---   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-03-01 14:06    347136  --a--c---   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-03-01 14:06    27648   --a--c---   C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-03-01 14:06    233472  --a--c---   C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 14:06    230400  --a--c---   C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-03-01 14:06    214528  --a--c---   C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-03-01 14:06    193024  --a--c---   C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 14:06    153088  --a--c---   C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-03-01 14:06    133120  --a--c---   C:\WINDOWS\system32\dllcache\extmgr.dll
2008-03-01 14:06    124928  --a--c---   C:\WINDOWS\system32\dllcache\advpack.dll
2008-03-01 14:06    1159680 --a--c---   C:\WINDOWS\system32\dllcache\urlmon.dll
2008-03-01 14:06    105984  --a--c---   C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 14:06    102912  --a--c---   C:\WINDOWS\system32\dllcache\occache.dll
2008-02-29 09:55    70656   --a--c---   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-20 07:51    282624  --a--c---   C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 07:51    282624  --a------   C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:32    45568   --a--c---   C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 06:32    45568   --a------   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:32    148992  --a--c---   C:\WINDOWS\system32\dllcache\dnsapi.dll



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}]
2008-05-10 01:54    57344   --a------   C:\WINDOWS\system32\vtUmKCTK.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82D34086-E929-489E-ACCC-17C07AE6488D}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 13:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 18:41]
"nwiz"="nwiz.exe" [2007-12-04 18:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 18:41]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 17:21]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-05 23:17]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
"{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}"= C:\WINDOWS\system32\vtUmKCTK.dll [2008-05-10 01:54 57344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCTK]
vtUmKCTK.dll 2008-05-10 01:54 57344 C:\WINDOWS\system32\vtUmKCTK.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys



**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 09:16:31
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2008-05-18  9:17:06


--- E O F ---


And the new HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:06, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\General\Repair tool\hijack\analysethis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - C:\WINDOWS\system32\vtUmKCTK.dll
O2 - BHO: (no name) - {82D34086-E929-489E-ACCC-17C07AE6488D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUmKCTK - C:\WINDOWS\SYSTEM32\vtUmKCTK.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--
End of file - 5118 bytes

Edited by happygeek: fixed formatting

0

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\vtUmKCTK.dll
C:\WINDOWS\system32\MTXSYNCICON.dll
C:\WINDOWS\system32\MK_Lyric.dll

0

This Jotti's scan of vtUmKCTK.dll

Scan taken on 18 May 2008 12:01:19 (GMT)
A-Squared Found nothing
AntiVir Found ADSPY/Virtumonde.rcq
ArcaVir Found Adware.Virtumonde.Rcq
Avast Found nothing
AVG Antivirus Found Generic10.WPE
BitDefender Found Trojan.Vundo.ELK
ClamAV Found Trojan.Vundo-2991
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.rcq (4, 1, 400)
Fortinet Found Adware/VirtuMonde
Ikarus Found Trojan.Vundo.ELK
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Virtumonde.rcq
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.VKG
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Jotti's scan of MTXSYNCICON.dll

status for this file was ok nothing found at all

Jotti's scan of MK_Lyric.dll

status for this file was ok nothing found at all


virustotal scan of vtUmKCTK.dll

Antivirus Version Last Update Result
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 ADSPY/Virtumonde.rcq
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 Generic10.WPE
BitDefender 7.2 2008.05.08 Trojan.Vundo.ELK
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
DrWeb 4.44.0.09170 2008.05.13 -
eSafe 7.0.15.0 2008.05.12 -
eTrust-Vet 31.4.5784 2008.05.13 -
Ewido 4.0 2008.05.13 -
F-Prot 4.4.2.54 2008.05.13 -
F-Secure 6.70.13260.0 2008.05.13 -
Fortinet 3.14.0.0 2008.05.13 -
GData 2.0.7306.1023 2008.05.14 -
Ikarus T3.1.1.26.0 2008.05.13 -
Kaspersky 7.0.0.125 2008.05.13 not-a-virus:AdWare.Win32.Virtumonde.rcq
McAfee 5293 2008.05.12 -
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
NOD32v2 3095 2008.05.13 -
Norman 5.80.02 2008.05.09 -
Panda 9.0.0.4 2008.05.12 -
Prevx1 V2 2008.05.18 Cloaked Malware
Rising 20.44.12.00 2008.05.13 -
Sophos 4.29.0 2008.05.13 -
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.13 -
TheHacker 6.2.92.309 2008.05.13 -
VBA32 3.12.6.6 2008.05.13 -
VirusBuster 4.3.26:9 2008.05.12 -
Webwasher-Gateway 6.6.2 2008.05.13 Ad-Spyware.Virtumonde.rcq


again nothing was found on the other two files

0

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\vtUmKCTK.dll

Folder::
C:\VundoFix BackupsNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments th_CFScript.gif 27.09 KB
0
ComboFix 07-08-14.4 - "Michael" 2008-05-19 18:28:49.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1639 [GMT 1:00]
Command switches used ::  C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point


FILE::
C:\WINDOWS\system32\vtUmKCTK.dll



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\VundoFix Backups
C:\WINDOWS\system32\vtUmKCTK.dll



(((((((((((((((((((((((((   Files Created from 2008-04-19 to 2008-05-19  )))))))))))))))))))))))))))))))



2008-05-18 09:14    51,200  --a------   C:\WINDOWS\nircmd.exe
2008-05-17 15:20    345 --ahs----   C:\WINDOWS\system32\cfeeOqss.ini2
2008-05-10 01:06    <DIR>    d--------   C:\Program Files\Microsoft Games
2008-05-10 01:00    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\WinRAR
2008-05-08 03:00    <DIR>    d--------   C:\Program Files\MSXML 4.0
2008-05-07 21:36    <DIR>    d--------   C:\Program Files\DAMN NFO Viewer
2008-05-07 20:30    <DIR>    d--------   C:\Program Files\CCleaner
2008-05-07 19:45    27,048  --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 19:45    15,864  --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 19:45    <DIR>    d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Malwarebytes
2008-05-07 19:45    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-05-07 19:44    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-05-07 04:06    <DIR>    d--------   C:\Program Files\Enigma Software Group
2008-05-07 00:16    <DIR>    d--------   C:\Program Files\DAEMON Tools Lite
2008-05-07 00:12    717,296 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-05-07 00:12    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DAEMON Tools
2008-05-06 23:52    90,112  --a------   C:\WINDOWS\system32\TG_SYNC.DLL
2008-05-06 23:52    110,592 --a------   C:\WINDOWS\system32\TG_DUMP0708.DLL
2008-05-06 23:52    102,400 --a------   C:\WINDOWS\system32\TG_VIEW0607.DLL
2008-05-06 23:16    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Bioshock
2008-05-06 21:47    <DIR>    d--------   C:\Program Files\MyFree Codec
2008-05-06 21:44    974,848 --a------   C:\WINDOWS\system32\mfc70.dll
2008-05-06 21:44    921,600 --a------   C:\WINDOWS\system32\vorbisenc.dll
2008-05-06 21:44    89,088  --a------   C:\WINDOWS\system32\atl71.dll
2008-05-06 21:44    82,432  --a------   C:\WINDOWS\system32\msxml4r.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MTXSYNCICON.dll
2008-05-06 21:44    57,344  --a------   C:\WINDOWS\system32\MK_Lyric.dll
2008-05-06 21:44    507,904 --a------   C:\WINDOWS\system32\MSLUP71.dll
2008-05-06 21:44    49,152  --a------   C:\WINDOWS\system32\MaJGUILib.dll
2008-05-06 21:44    471,040 --a------   C:\WINDOWS\system32\muzapp.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\Ogg.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MaXMLProto.dll
2008-05-06 21:44    45,056  --a------   C:\WINDOWS\system32\MACXMLProto.dll
2008-05-06 21:44    44,544  --a------   C:\WINDOWS\system32\msxml4a.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MTTELECHIP.dll
2008-05-06 21:44    40,960  --a------   C:\WINDOWS\system32\MAMACExtract.dll
2008-05-06 21:44    364,544 --a------   C:\WINDOWS\system32\MASetupWizard.dll
2008-05-06 21:44    352,256 --a------   C:\WINDOWS\system32\MSLUR71.dll
2008-05-06 21:44    344,064 --a------   C:\WINDOWS\system32\msvcr70.dll
2008-05-06 21:44    258,352 --a------   C:\WINDOWS\system32\unicows.dll
2008-05-06 21:44    245,760 --a------   C:\WINDOWS\system32\MSCLib.dll
2008-05-06 21:44    24,576  --a------   C:\WINDOWS\system32\MASetupCleaner.exe
2008-05-06 21:44    237,568 --a------   C:\WINDOWS\system32\OggDS.dll
2008-05-06 21:44    200,704 --a------   C:\WINDOWS\system32\muzwmts.dll
2008-05-06 21:44    188,416 --a------   C:\WINDOWS\system32\vorbis.dll
2008-05-06 21:44    167,936 --a------   C:\WINDOWS\system32\muzapp.exe
2008-05-06 21:44    155,648 --a------   C:\WINDOWS\system32\MSFLib.dll
2008-05-06 21:44    135,168 --a------   C:\WINDOWS\system32\muzaf1.dll
2008-05-06 21:44    118,784 --a------   C:\WINDOWS\system32\MaDRM.dll
2008-05-06 21:44    110,592 --a------   C:\WINDOWS\system32\tg_dump.dll
2008-05-06 21:44    106,609 --a------   C:\WINDOWS\system32\MaJUtilLib.dll
2008-05-06 21:44    1,047,552   --a------   C:\WINDOWS\system32\MFC71u.dll
2008-05-06 21:44    1,046,528   --a------   C:\WINDOWS\system32\MFC71LU.DLL
2008-05-06 21:44    <DIR>    d--------   C:\Program Files\Samsung
2008-05-06 21:44    <DIR>    d--------   C:\Program Files\MarkAny
2008-05-06 21:44    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\DataCast
2008-05-06 16:34    271,224 --a------   C:\WINDOWS\system32\mucltui.dll
2008-05-06 16:34    207,736 --a------   C:\WINDOWS\system32\muweb.dll
2008-05-06 12:23    <DIR>    dr-h-----   C:\DOCUME~1\Michael\APPLIC~1\SecuROM
2008-05-06 12:06    81,768  --a------   C:\WINDOWS\system32\xinput1_3.dll
2008-05-06 12:06    62,744  --a------   C:\WINDOWS\system32\xinput1_2.dll
2008-05-06 12:06    443,752 --a------   C:\WINDOWS\system32\d3dx10_34.dll
2008-05-06 12:06    443,752 --a------   C:\WINDOWS\system32\d3dx10_33.dll
2008-05-06 12:06    3,497,832   --a------   C:\WINDOWS\system32\d3dx9_34.dll
2008-05-06 12:06    3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2008-05-06 12:06    3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2008-05-06 12:06    266,088 --a------   C:\WINDOWS\system32\xactengine2_8.dll
2008-05-06 12:06    261,480 --a------   C:\WINDOWS\system32\xactengine2_7.dll
2008-05-06 12:06    255,848 --a------   C:\WINDOWS\system32\xactengine2_6.dll
2008-05-06 12:06    251,672 --a------   C:\WINDOWS\system32\xactengine2_5.dll
2008-05-06 12:06    237,848 --a------   C:\WINDOWS\system32\xactengine2_4.dll
2008-05-06 12:06    236,824 --a------   C:\WINDOWS\system32\xactengine2_3.dll
2008-05-06 12:06    2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2008-05-06 12:06    2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2008-05-06 12:06    18,280  --a------   C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-06 12:06    15,128  --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-06 12:06    1,124,720   --a------   C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-06 12:06    1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-06 12:04    108,144 --a------   C:\WINDOWS\system32\CmdLineExt.dll
2008-05-06 11:55    <DIR>    d--------   C:\Program Files\2K Games
2008-05-06 11:54    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\InstallShield
2008-05-06 03:12    63,488  -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 03:12    6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 03:12    52,224  -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 03:12    459,264 -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 03:12    383,488 -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 03:12    267,776 -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 03:12    2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 03:12    13,824  -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 03:02    <DIR>    d--------   C:\Program Files\MSXML 6.0
2008-05-06 01:38    26,496  --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-06 00:10    <DIR>    d--------   C:\DOCUME~1\Michael\APPLIC~1\Media Player Classic
2008-05-06 00:08    81,920  --a------   C:\WINDOWS\system32\dpl100.dll
2008-05-06 00:08    755,027 --a------   C:\WINDOWS\system32\xvidcore.dll
2008-05-06 00:08    7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-05-06 00:08    682,496 --a------   C:\WINDOWS\system32\divx.dll
2008-05-06 00:08    3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2008-05-06 00:08    217,088 --a------   C:\WINDOWS\system32\yv12vfw.dll
2008-05-06 00:08    164,352 --a------   C:\WINDOWS\system32\unrar.dll



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-05-07 21:14    8972    --a------   C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2008-05-07 21:14    2378    --a------   C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-03-27 09:12    151583  --a--c---   C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-27 09:12    151583  --a------   C:\WINDOWS\system32\msjint40.dll
2008-03-25 05:50    838432  --a--c---   C:\WINDOWS\system32\dllcache\mswdat10.dll
2008-03-25 05:50    838432  --a------   C:\WINDOWS\system32\mswdat10.dll
2008-03-25 05:50    621344  --a--c---   C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 05:50    621344  --a------   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 05:50    60192   --a--c---   C:\WINDOWS\system32\dllcache\msjter40.dll
2008-03-25 05:50    60192   --a------   C:\WINDOWS\system32\msjter40.dll
2008-03-25 05:50    559904  --a--c---   C:\WINDOWS\system32\dllcache\msrepl40.dll
2008-03-25 05:50    559904  --a------   C:\WINDOWS\system32\msrepl40.dll
2008-03-25 05:50    518944  --a--c---   C:\WINDOWS\system32\dllcache\msexch40.dll
2008-03-25 05:50    518944  --a------   C:\WINDOWS\system32\msexch40.dll
2008-03-25 05:50    432928  --a--c---   C:\WINDOWS\system32\dllcache\msrd2x40.dll
2008-03-25 05:50    432928  --a------   C:\WINDOWS\system32\msrd2x40.dll
2008-03-25 05:50    355112  --a--c---   C:\WINDOWS\system32\dllcache\msjetol1.dll
2008-03-25 05:50    355112  --a------   C:\WINDOWS\system32\msjetoledb40.dll
2008-03-25 05:50    355104  --a--c---   C:\WINDOWS\system32\dllcache\msxbde40.dll
2008-03-25 05:50    355104  --a--c---   C:\WINDOWS\system32\dllcache\mspbde40.dll
2008-03-25 05:50    355104  --a------   C:\WINDOWS\system32\msxbde40.dll
2008-03-25 05:50    355104  --a------   C:\WINDOWS\system32\mspbde40.dll
2008-03-25 05:50    326432  --a--c---   C:\WINDOWS\system32\dllcache\msexcl40.dll
2008-03-25 05:50    326432  --a------   C:\WINDOWS\system32\msexcl40.dll
2008-03-25 05:50    322336  --a--c---   C:\WINDOWS\system32\dllcache\msrd3x40.dll
2008-03-25 05:50    322336  --a------   C:\WINDOWS\system32\msrd3x40.dll
2008-03-25 05:50    264992  --a--c---   C:\WINDOWS\system32\dllcache\mstext40.dll
2008-03-25 05:50    264992  --a------   C:\WINDOWS\system32\mstext40.dll
2008-03-25 05:50    248608  --a--c---   C:\WINDOWS\system32\dllcache\msjtes40.dll
2008-03-25 05:50    248608  --a------   C:\WINDOWS\system32\msjtes40.dll
2008-03-25 05:50    219936  --a--c---   C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-25 05:50    219936  --a------   C:\WINDOWS\system32\msltus40.dll
2008-03-25 05:50    1516568 --a--c---   C:\WINDOWS\system32\dllcache\msjet40.dll
2008-03-25 05:50    1516568 --a------   C:\WINDOWS\system32\msjet40.dll
2008-03-19 10:47    1845248 --a--c---   C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 10:47    1845248 --a------   C:\WINDOWS\system32\win32k.sys
2008-03-01 18:36    3591680 --a--c---   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 14:06    826368  --a--c---   C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 14:06    671232  --a--c---   C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 14:06    478208  --a--c---   C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 14:06    44544   --a--c---   C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 14:06    44544   --a--c---   C:\WINDOWS\system32\dllcache\iernonce.dll
2008-03-01 14:06    384512  --a--c---   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-03-01 14:06    347136  --a--c---   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-03-01 14:06    27648   --a--c---   C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-03-01 14:06    233472  --a--c---   C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 14:06    230400  --a--c---   C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-03-01 14:06    214528  --a--c---   C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-03-01 14:06    193024  --a--c---   C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 14:06    153088  --a--c---   C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-03-01 14:06    133120  --a--c---   C:\WINDOWS\system32\dllcache\extmgr.dll
2008-03-01 14:06    124928  --a--c---   C:\WINDOWS\system32\dllcache\advpack.dll
2008-03-01 14:06    1159680 --a--c---   C:\WINDOWS\system32\dllcache\urlmon.dll
2008-03-01 14:06    105984  --a--c---   C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 14:06    102912  --a--c---   C:\WINDOWS\system32\dllcache\occache.dll
2008-02-29 09:55    70656   --a--c---   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-20 07:51    282624  --a--c---   C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 07:51    282624  --a------   C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:32    45568   --a--c---   C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 06:32    45568   --a------   C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 06:32    148992  --a--c---   C:\WINDOWS\system32\dllcache\dnsapi.dll



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 13:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 18:41]
"nwiz"="nwiz.exe" [2007-12-04 18:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 18:41]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 C:\WINDOWS\RTHDCPL.exe]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 17:21]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-05-05 23:17]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 12:55]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCTK]
vtUmKCTK.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys



**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:31:08
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2008-05-19 18:31:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2008-05-19 18:31
C:\ComboFix2.txt ... 2008-05-18 09:17


--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:07, on 19/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
E:\General\Repair tool\hijack\analysethis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUmKCTK - vtUmKCTK.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--
End of file - 4780 bytes

Just one more thing the avast resident protection seems to have disappeared and i m not sure how to re-enable it, i m new to using avast is used to use AVG instead.
Thanks for the help, from what i can tell the problem file seems to have disappeared but i cant be sure whether the issue is solved yet, since it can take a while, before the problem comes back.
Thanks again for your time.

Edited by happygeek: fixed formatting

0

I m now sure that the problem have gone since it has been a long time now.
So thank you again

0

You may have to reinstall Avast in order to get it running correctly again.
I see that you ran Combofix and extra time. It should really only be run as instructed.

==

Scan with HijackThis and then place a check next to all the following, if present:


O20 - Winlogon Notify: vtUmKCTK - vtUmKCTK.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

==

Congratulations! Your log looks clean.

===============

Now that your PC is clean you need to follow these easy steps to keeping it this way:

Download CCleaner and install, then run it. It will clear out your temp folders.

  1. Uncheck "Cookies" under "Internet Explorer".
  2. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
  3. Close when finished.

====

An alternative to Ccleaner is ATF Cleaner.
Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

====

Use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera, which in my opinion, is better still.

====

Use a firewall. It is an essential part of your computers security. There is a link to a good, free firewall in my signature.

====

Install and keep updated, AVG anti-spyware, Ad-Aware SE and Spybot S&D.
Run them all on a regular basis, following the maker's recommendations.

====

Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

====

Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.

=====

For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.

Go to Start | Run and type msconfig and press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.

Check the box labelled 'Turn off System restore'.

Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Note that all previous restore points will be lost.

===============

If you have any more problems, post back.

-

Happy surfing,

crunchie.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.