0

After what I thought was a good job of cleaning my system of Vundo, a few popups remain.

Please find below my HJT log file and any ideas you have are more than welcome.

Thanks,
Matthew
------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:37 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 6614 bytes

2
Contributors
3
Replies
4
Views
9 Years
Discussion Span
Last Post by crunchie
0

Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

1. Make sure that Combofix is downloaded and run from your desktop.

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

0

Thanks for your help so far, here is what you requested.

----
ComboFix 07-11-06.4 - baff 2007-11-06 10:13:05.2 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1682 [GMT -5:00]
Running from: Z:\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini

.
(((((((((((((((((((((((((   Files Created from 2007-10-06 to 2007-11-06  )))))))))))))))))))))))))))))))
.

2007-11-05 23:19    <DIR>    d--------   C:\Program Files\Trend Micro
2007-11-05 15:34    83,008  --a------   C:\WINDOWS\system32\jcowxcmv.dll
2007-11-05 15:28    85,568  --a------   C:\WINDOWS\system32\toigxtgr.dll
2007-11-03 22:13    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-11-03 22:12    <DIR>    d--------   C:\VundoFix Backups
2007-11-03 22:05    <DIR>    d--------   C:\WINDOWS\system32\acespy
2007-11-03 22:05    32,256  --a------   C:\WINDOWS\system32\ace16win.dll
2007-11-03 22:02    6,802   ---hs----   C:\WINDOWS\system32\xyadd.ini2
2007-11-03 21:53    <DIR>    d---s----   C:\WINDOWS\system32\Microsoft
2007-11-03 21:53    <DIR>    d--------   C:\WINDOWS\?ymantec
2007-11-03 21:52    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:49    <DIR>    d--------   C:\WINDOWS\system32\T?sks
2007-11-03 21:49    <DIR>    d---s----   C:\WINDOWS\system32\Microsoft
2007-11-03 21:49    <DIR>    d--------   C:\Program Files\Common Files\?ppPatch
2007-11-03 21:48    <DIR>    dr--s----   C:\WINDOWS\assembly
2007-11-03 21:48    <DIR>    d--------   C:\Program Files\Common Files\M?crosoft
2007-11-03 21:48    <DIR>    d--------   C:\Program Files\Common Files\A?pPatch
2007-11-03 21:48    <DIR>    d---s----   C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:48    36,352  --a------   C:\WINDOWS\system32\gebbcby.dll
2007-11-03 21:47    <DIR>    d--------   C:\Program Files\Symantec
2007-11-03 21:47    36,352  --a------   C:\WINDOWS\system32\iifeday.dll
2007-11-03 21:46    <DIR>    d--------   C:\WINDOWS\system32\?icrosoft.NET
2007-11-03 21:46    <DIR>    d--------   C:\WINDOWS\system32\A?pPatch
2007-11-03 21:46    <DIR>    d---s----   C:\WINDOWS\system32\Microsoft
2007-11-03 21:46    <DIR>    d--------   C:\WINDOWS\AppPatch
2007-11-03 21:46    <DIR>    d--------   C:\WINDOWS\AppPatch
2007-11-03 21:46    <DIR>    d--------   C:\WINDOWS\M?crosoft
2007-11-03 21:46    <DIR>    d--------   C:\Program Files\Common Files\T?sks
2007-11-03 21:46    <DIR>    d--------   C:\Program Files\Microsoft.NET
2007-11-03 21:45    <DIR>    d--------   C:\WINDOWS\system32\A?pPatch
2007-11-03 21:45    <DIR>    d--------   C:\WINDOWS\system32\?ystem32
2007-11-03 21:45    <DIR>    d--------   C:\WINDOWS\?dobe
2007-11-03 21:45    <DIR>    d--------   C:\WINDOWS\?dobe
2007-11-03 21:45    <DIR>    d--------   C:\Program Files\Common Files\System
2007-11-03 21:45    <DIR>    d--------   C:\Program Files\Common Files\M?crosoft
2007-11-03 21:45    <DIR>    d--------   C:\Program Files\?asks
2007-11-03 21:45    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-03 21:44    <DIR>    d--------   C:\WINDOWS\system32\?ppPatch
2007-11-03 21:44    <DIR>    d---s----   C:\WINDOWS\system32\Microsoft
2007-11-03 21:44    <DIR>    d--------   C:\WINDOWS\system32\s?stem32
2007-11-03 21:44    <DIR>    d--------   C:\WINDOWS\system32
2007-11-03 21:44    <DIR>    d--------   C:\WINDOWS\Microsoft.NET
2007-11-03 21:44    <DIR>    d--------   C:\Program Files\Common Files\A?pPatch
2007-11-03 21:44    <DIR>    d--------   C:\Program Files\?ssembly
2007-11-03 21:44    <DIR>    d--------   C:\Program Files\?racle
2007-11-03 21:44    <DIR>    d--------   C:\Program Files\?ppPatch
2007-11-03 21:44    <DIR>    d--------   C:\Program Files\Microsoft.NET
2007-11-03 21:44    36,352  --a------   C:\WINDOWS\system32\ssqpool.dll
2007-11-03 21:44    12  --a------   C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-03 21:43    <DIR>    d--------   C:\WINDOWS\system32\a?sembly
2007-11-03 21:43    <DIR>    d--------   C:\WINDOWS\system32\?ecurity
2007-11-03 21:43    <DIR>    d--------   C:\WINDOWS\M?crosoft
2007-11-03 21:43    <DIR>    d--------   C:\WINDOWS\Microsoft.NET
2007-11-03 21:43    <DIR>    d--------   C:\WINDOWS\security
2007-11-03 21:43    <DIR>    d--------   C:\Program Files\Common Files\A?pPatch
2007-11-03 21:43    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\?ystem
2007-11-03 21:43    <DIR>    d---s----   C:\Documents and Settings\baff\Application Data\Microsoft
2007-11-03 21:43    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\?asks
2007-11-03 21:43    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\a?sembly
2007-11-03 21:42    <DIR>    d--------   C:\WINDOWS\system32\s?mbols
2007-11-03 21:42    <DIR>    d--------   C:\WINDOWS\system32\?ymantec
2007-11-03 21:42    <DIR>    d--------   C:\WINDOWS\system32\Adobe
2007-11-03 21:42    <DIR>    d--------   C:\WINDOWS\system32\S?mantec
2007-11-03 21:42    <DIR>    d--------   C:\Program Files\Common Files\s?mbols
2007-11-03 21:42    <DIR>    d--------   C:\Program Files\Common Files\?asks
2007-11-03 21:41    <DIR>    d--------   C:\WINDOWS\system32\Mz08r
2007-11-03 21:41    <DIR>    d--------   C:\temp\mZOr
2007-10-31 01:46    <DIR>    d--------   C:\Documents and Settings\baff\Application Data\Move Networks
2007-10-30 01:32    <DIR>    d--------   C:\Program Files\7-Zip
2007-10-23 22:41    <DIR>    d--------   C:\Program Files\AviSynth 2.5
2007-10-23 22:41    502,784 --a------   C:\WINDOWS\x2.64.exe
2007-10-23 22:41    394,240 --a------   C:\WINDOWS\system32\Smab.dll
2007-10-23 22:41    318,976 --a------   C:\WINDOWS\system32\avisynth.dll
2007-10-23 22:41    240,128 --a------   C:\WINDOWS\system32\x.264.exe
2007-10-23 22:41    217,073 --a------   C:\WINDOWS\meta4.exe
2007-10-23 22:41    70,656  --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-10-23 22:41    70,656  --a------   C:\WINDOWS\system32\i420vfw.dll
2007-10-23 22:41    66,560  --a------   C:\WINDOWS\MOTA113.exe
2007-10-23 22:41    27,648  --a------   C:\WINDOWS\system32\AVSredirect.dll
2007-10-23 22:37    <DIR>    d--------   C:\Program Files\eRightSoft
2007-10-23 22:37    163,328 -r-hs----   C:\WINDOWS\system32\flvDX.dll
2007-10-23 22:37    31,232  -r-hs----   C:\WINDOWS\system32\msfDX.dll
2007-10-22 01:22    60,273  --a------   C:\WINDOWS\system32\pthreadGC2.dll
2007-10-22 00:31    <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2007-10-22 00:23    <DIR>    d--------   C:\Program Files\Zune
2007-10-22 00:18    43,352  --a------   C:\WINDOWS\system32\wups2.dll
2007-10-22 00:08    <DIR>    d--------   C:\Program Files\Cucusoft
2007-10-22 00:08    <DIR>    d--------   C:\ConverterOutput
2007-10-22 00:08    2,255,360   --a------   C:\WINDOWS\system32\libavcodec.dll
2007-10-22 00:08    395,776 --a------   C:\WINDOWS\system32\libmplayer.dll
2007-10-22 00:08    262,144 --a------   C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-10-22 00:08    112,640 --a------   C:\WINDOWS\system32\libmpeg2_ff.dll
2007-10-22 00:08    34,820  --a------   C:\WINDOWS\system32\ffdshow.reg
2007-10-21 23:58    <DIR>    d--------   C:\Program Files\ZuneTvWatcher
2007-10-16 09:18    <DIR>    d--------   C:\Program Files\DIFX
2007-10-16 09:17    <DIR>    d--------   C:\WINDOWS\system32\drivers\UMDF
2007-10-16 09:17    <DIR>    d--------   C:\Program Files\Common Files\ComponentOne
2007-10-13 22:37    <DIR>    d--------   C:\WINDOWS\nview
2007-10-13 22:37    356,352 --a------   C:\WINDOWS\system32\nvudisp.exe
2007-10-13 22:36    <DIR>    d--------   C:\NVIDIA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 07:25    ---------   d-----w C:\Program Files\nbpro
2007-11-06 06:57    ---------   d-----w C:\Program Files\SUPERAntiSpyware
2007-11-06 06:39    ---------   d-----w C:\Program Files\Steam
2007-11-05 23:55    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-04 02:49    ---------   d-----w C:\Program Files\Common Files\?ppPatch
2007-11-04 02:48    ---------   d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:47    ---------   d-----w C:\Program Files\??mantec
2007-11-04 02:46    ---------   d-----w C:\Program Files\Common Files\??sks
2007-11-04 02:46    ---------   d-----w C:\Program Files\?icrosoft.NET
2007-11-04 02:45    ---------   d-----w C:\Program Files\Common Files\??crosoft
2007-11-04 02:45    ---------   d-----w C:\Program Files\?asks
2007-11-04 02:45    ---------   d-----w C:\Documents and Settings\baff\Application Data\?ymbols
2007-11-04 02:44    ---------   d-----w C:\Program Files\Common Files\??pPatch
2007-11-04 02:44    ---------   d-----w C:\Program Files\?ssembly
2007-11-04 02:44    ---------   d-----w C:\Program Files\?racle
2007-11-04 02:44    ---------   d-----w C:\Program Files\?ppPatch
2007-11-04 02:44    ---------   d-----w C:\Program Files\??crosoft.NET
2007-11-04 02:43    ---------   d-----w C:\Documents and Settings\baff\Application Data\?ystem
2007-11-04 02:43    ---------   d-----w C:\Documents and Settings\baff\Application Data\?icrosoft
2007-11-04 02:43    ---------   d-----w C:\Documents and Settings\baff\Application Data\?asks
2007-11-04 02:43    ---------   d-----w C:\Documents and Settings\baff\Application Data\??sembly
2007-11-04 02:42    ---------   d-----w C:\Program Files\Common Files\?asks
2007-11-02 08:03    ---------   d-----w C:\Program Files\ffdshow
2007-10-25 17:46    142 ----a-w C:\Program Files\Common Files\proky.html
2007-10-22 05:10    ---------   d-----w C:\Program Files\XviD
2007-10-21 06:14    ---------   d-----w C:\Program Files\ASUS
2007-10-20 18:36    ---------   d-----w C:\Documents and Settings\baff\Application Data\IGN_DLM
2007-10-15 04:08    ---------   d-----w C:\Program Files\Qtracker
2007-10-15 04:03    22,328  ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-15 04:03    103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-14 05:05    ---------   d-----w C:\Program Files\ATITool
2007-10-13 16:14    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 01:50    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 01:50    ---------   d-----w C:\Program Files\AGEIA Technologies
2007-10-05 19:25    81,920  ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-05 19:25    81,920  ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-05 19:25    8,491,008   ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-05 19:25    753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-05 19:25    6,854,368   ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-05 19:25    6,750,208   ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-05 19:25    6,344,704   ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-05 19:25    5,755,520   ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-05 19:25    466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-05 19:25    45,056  ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-05 19:25    442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-05 19:25    425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-05 19:25    364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-05 19:25    36,864  ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-05 19:25    36,864  ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-05 19:25    307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-05 19:25    3,551,232   ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-05 19:25    3,334,144   ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-05 19:25    286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-05 19:25    229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-05 19:25    2,371,584   ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-05 19:25    188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-05 19:25    155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-05 19:25    147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-05 19:25    1,703,936   ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-05 19:25    1,626,112   ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-05 19:25    1,478,656   ----a-w C:\WINDOWS\system32\nview.dll
2007-10-05 19:25    1,339,392   ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-05 19:25    1,150,976   ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-05 19:25    1,019,904   ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-27 01:35    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-24 05:22    ---------   d-----w C:\Program Files\jv16 PowerTools 2007
2007-09-24 05:02    ---------   d-----w C:\Program Files\JoyceAudioConverter
2007-09-24 05:00    ---------   d-----w C:\Program Files\Helpsoft
2007-09-24 04:56    ---------   d-----w C:\Program Files\GCFScape
2007-09-24 04:49    ---------   d-----w C:\Documents and Settings\baff\Application Data\Softplicity
2007-09-24 04:47    ---------   d-----w C:\Documents and Settings\baff\Application Data\GetRightToGo
2007-09-13 13:45    70,944  ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2007-09-13 05:14    ---------   d-----w C:\Documents and Settings\baff\Application Data\Bioshock
2007-09-11 02:11    66,872  ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-07 18:55    6,173   ----a-w C:\WINDOWS\system32\drivers\Entech.vxd
2007-09-07 18:55    27,672  ----a-w C:\WINDOWS\system32\drivers\Entech.sys
2007-09-07 18:55    12,744  ----a-w C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-07 04:39    12,464  ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-04 06:10    13,110  ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2007-08-10 06:44    22,328  ----a-w C:\Documents and Settings\baff\Application Data\PnkBstrK.sys
2007-07-13 04:36    246 ----a-w C:\Program Files\Common Files\labu545
2005-04-06 01:41    663 ----a-w C:\Documents and Settings\baff\Application Data\waver_2.95.dat
2003-04-17 02:21    27,552  ----a-w C:\Documents and Settings\baff\Application Data\GDIPFONTCACHEV1.DAT
2007-05-23 06:37:18 23  --sha-w C:\WINDOWS\system32\dbfdb9_r.dll
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232  --sh--r C:\WINDOWS\system32\msfDX.dll
2007-07-13 04:21:17 6,369   --sh--w C:\WINDOWS\system32\rqtwa.bak1
2007-07-14 07:52:39 514 --sh--w C:\WINDOWS\system32\rqtwa.ini2
.

(((((((((((((((((((((((((((((   snapshot@2007-11-03_22.16.38.23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-11 20:04:36   190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
+ 2007-11-05 04:50:42   48,749  ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2007-10-28 16:52:42   60,664  ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 03:20:21   60,664  ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 16:52:42   398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 03:20:21   398,590 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8aff8d03-afc0-479a-8e86-c980fe25346f}]
2007-11-05 15:34    83008   --a------   C:\WINDOWS\system32\jcowxcmv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
            C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B61C6CA3-77BF-4299-AB70-5019FCD4AF09}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 15:11 C:\WINDOWS\system32\P17.dll]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-05 14:25]
"nwiz"="nwiz.exe" [2007-10-05 14:25 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-05 14:25]
"fce7cecd"="C:\WINDOWS\system32\toigxtgr.dll" [2007-11-05 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 06:11]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 12:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-14 03:13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"IMEKRMIG6.1"=764864796526306025252386548716015713461135492

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlig] 
pmnmlig.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^baff^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\baff\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys
R0 SI3114;SiI-3114 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3114.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S1 TVicPort64;TVicPort64;\??\C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys
S2 lsass;Local Security Authority Subsystem Service;"C:\WINDOWS\svhost.exe"
S2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;E:\Folding@Home Windows SMP Client V1.01\smpd.exe
S3 cpuz126;cpuz126;\??\C:\DOCUME~1\baff\LOCALS~1\Temp\cpuz.sys
S3 CrystalCpuInfo;CrystalCpuInfo;\??\C:\Program Files\OCCT\CpuInfo.sys
S3 RivaTuner;RivaTuner;\??\C:\RivaTuner\RivaTuner.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
S3 RivaTunerEx;RivaTunerEx;\??\C:\Program Files\RivaTuner\RivaTunerEx.sys
S3 SERREGS;SERREGS;C:\WINDOWS\system32\drivers\serregs.sys
S3 TVicPort;TVICPORT;\??\C:\WINDOWS\System32\DRIVERS\TVICPORT.SYS
S3 vtdg46xx;vtdg46xx;\??\C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-11-06 10:13:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-06 10:14:11
C:\ComboFix2.txt ... 2007-11-03 22:16
.
    --- E O F ---

And the Hijackthis log.

-------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:20 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\baff\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - [url]http://usercenter.cox.net/rsuite/sdccommon/download/tgctlcm.cab[/url]
O16 - DPF: {10003000-1000-0000-1000-000000000000} - 
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - [url]http://www.yougamers.com/systeminfo/MSC3.cab[/url]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_2.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\svhost.exe (file missing)
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - E:\Folding@Home Windows SMP Client V1.01\smpd.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 6627 bytes

Edited by mike_2000_17: Fixed formatting

0

Can you please do the following.


===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: {f64352ef-089c-68e8-a974-0cfa30d8ffa8} - {8aff8d03-afc0-479a-8e86-c980fe25346f} - C:\WINDOWS\system32\jcowxcmv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: H - {B61C6CA3-77BF-4299-AB70-5019FCD4AF09} - park31.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)

O4 - HKLM\..\Run: [fce7cecd] rundll32.exe "C:\WINDOWS\system32\toigxtgr.dll",b

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} -

O20 - Winlogon Notify: pmnmlig - pmnmlig.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\PartyPoker

files...

C:\WINDOWS\system32\jcowxcmv.dll
C:\WINDOWS\system32\toigxtgr.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

To help protect your system from hostile ActiveX content, or special 'downloadable' files:

Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.

-

Note: Remember to regularly check for updates.

===============

Run Combofix again and then after a reboot, post both logs please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.