Hello, really need some help with trying to fix a virus. I am unable to open My Documents, Control Panel, My Computer, Zip Files, Or Internet Explorer (when I click on them the toolbar and icons dissapear and only shows the background)

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:23:58 PM, on 6/27/2007
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system\msnntlp.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\enternet.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\Explorer.exe
C:\DOCUMENTS AND SETTINGS\RICK\DESKTOP\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINNT\System32\ipv6mons.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175453089317
O20 - Winlogon Notify: crypt - C:\WINNT\SYSTEM32\crypts.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

--
End of file - 3840 bytes


anyhelp would be highly apreciated

Recommended Answers

All 5 Replies

godz, how much trouble would it be for you to format and reinstall? You have two backdoor hacks in there allowing remorte control of your computer - read up on these:
msnntlp.exe & csrrs.exe -Google them. But that is not all you have... spammers and infostealers. We possibly can clean it if you wish, fix some registry entries too, if you have a lot of precious stuff in there.

so it is possible to fix this without formating and reinstaling the os. because i have alots of files on this computer that i really cant lose

We can always try, but no promises - it depends just how clever the controller is. Ever heard of backups, btw? I have a second HD dedicated to them. But no preaching. Let's get into it....
CCleaner:
==Get CCleaner from http://www.ccleaner.com/ - and put it in a new folder. You should aim to keep this one for general use. I set it from the installation checkboxes to only open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...]. Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs .. Note that CCleaner is also a free registry cleaner. Explore all its options, but skip the prefetch folder cleaning option. That one is unnecessary because windows automatically dumps old unused entries anyway, they can do no harm, and further, if there is no prefetch entry for an app you wish to load then your sys will just be a lil bit slower loading it. And an entry will then be generated anyway.]
==For a start you have a vundo infection... so just in case something else is hidden would you rename hijackthis.exe to.. umm... imabunny.exe for the next scan, please?

==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to start it, click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post the contents of C:\vundofix.txt.
Panda Online Scan:
==Please do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
AVG - AS:
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-the link is almost at the bottom of the page , avgas 7.5.0.50. Install it and UPDATE it.
Combofix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes, press Yes to bypass System Restore.
- On the Windows Advanced Options Menu, select Safe Mode with Command Prompt and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using your account if an administrator, otherwise use the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file.
==ComboFix:- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

==Restart in normal mode.
Post the panda, AVG, vundofix and combofix logs pleas, plus a fresh hijackthis log run in normal mode.
That should keep you quiet for 10 minutes or more.. :)

well i am happy to say as far as i can tell after doing what u have told me to do that my computer is back to normal. here are the logs u wanted. thank u so much for the time u took to help me.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------


+ Created at:   11:44:21 PM 6/28/2007


+ Scan result:


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1715567821-1677128483-1060284298-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
C:\WINNT\system32\ge1.exe -> Backdoor.SdBot.xd : Ignored.
C:\httpmicro.exe -> Hijacker.Agent.jn : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@2o7[2].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Local Settings\Temp\Cookies\rick@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Ignored.
:mozilla.24:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.25:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.26:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@www.adobe[1].txt -> TrackingCookie.Adobe : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Local Settings\Temp\Cookies\rick@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@bfast[2].txt -> TrackingCookie.Bfast : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@www.burstnet[1].txt -> TrackingCookie.Burstnet : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@casinotropez[1].txt -> TrackingCookie.Casinotropez : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Ignored.
:mozilla.15:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@search.live[2].txt -> TrackingCookie.Live : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@www.lop[2].txt -> TrackingCookie.Lop : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@mediaplex[2].txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@search.msn[2].txt -> TrackingCookie.Msn : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@revsci[2].txt -> TrackingCookie.Revsci : Ignored.
:mozilla.12:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.13:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.14:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.16:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.17:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.19:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@statcounter[1].txt -> TrackingCookie.Statcounter : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@tacoda[2].txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.18:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.20:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@m.webtrends[1].txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.27:C:\Documents and Settings\Rick\Application Data\Mozilla\Firefox\Profiles\avj1510g.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored.
C:\Documents and Settings\Rick.RICK-3N5XY8PTPE\Cookies\rick@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Ignored.
G:\Documents and Settings\Richard\Cookies\richard@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.



::Report end


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:52:30 PM, on 6/28/2007
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
Boot mode: Normal


Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\loadqm.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Rick\Desktop\ababybunny.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175453089317
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe


--
End of file - 4071 bytes



"Rick" - 2007-06-28 23:46:29 - ComboFix 07-06-27.7 - Service Pack 1  NTFS  [SAFE MODE]



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\WINNT\system32\crypts.dll
C:\WINNT\system32\ipv6mons.dll
C:\WINNT\system32\rpcc.dll



(((((((((((((((((((((((((   Files Created from 2007-05-28 to 2007-06-29  )))))))))))))))))))))))))))))))



2007-06-28 23:45    49,152  --a------   C:\WINNT\nircmd.exe
2007-06-28 20:21    10,872  --a------   C:\WINNT\system32\drivers\AvgAsCln.sys
2007-06-28 20:14    <DIR>    d--------   C:\VundoFix Backups
2007-06-28 20:09    <DIR>    d--------   C:\Program Files\CCleaner
2007-06-28 19:50    <DIR>    d--hs----   C:\RECYCLER
2007-06-28 16:14    68,608  --a------   C:\httpmicro.exe
2007-06-28 14:52    70,144  --a------   C:\htgl.exe
2007-06-28 00:01    <DIR>    d--h-----   C:\Program Files\QMgr
2007-06-28 00:00    <DIR>    d--------   C:\WINNT\Tasks
2007-06-07 01:36    99,965  --a------   C:\WINNT\UninstallFirefox.exe
2007-06-07 01:36    0   --a------   C:\WINNT\nsreg.dat
2007-06-07 01:35    3,394   --a------   C:\WINNT\mozver.dat
2007-06-07 01:29    499,712 --a------   C:\WINNT\system32\msvcp71.dll
2007-06-07 01:29    348,160 --a------   C:\WINNT\system32\msvcr71.dll
2007-06-06 23:57    0   ---h-----   C:\CONFIG.SYS
2007-06-06 23:57    0   ---h-----   C:\AUTOEXEC.BAT
2007-06-06 23:56    71,952  --a------   C:\WINNT\system32\isign32.dll
2007-06-06 23:56    67,856  --a------   C:\WINNT\system32\msoert2.dll
2007-06-06 23:56    63,248  --a------   C:\WINNT\system32\ils.dll
2007-06-06 23:56    59,904  --a------   C:\WINNT\system32\acctres.dll
2007-06-06 23:56    57,104  --a------   C:\WINNT\system32\icwdial.dll
2007-06-06 23:56    568,592 --a------   C:\WINNT\system32\inetcomm.dll
2007-06-06 23:56    53,520  --a------   C:\WINNT\system32\msconf.dll
2007-06-06 23:56    5,904   --a------   C:\WINNT\system32\icfgnt5.dll
2007-06-06 23:56    49,424  --a------   C:\WINNT\system32\icwphbk.dll
2007-06-06 23:56    47,616  --a------   C:\WINNT\system32\inetres.dll
2007-06-06 23:56    32,880  --a------   C:\WINNT\system32\mnmdd.dll
2007-06-06 23:56    3,072   --a------   C:\WINNT\system32\nmevtmsg.dll
2007-06-06 23:56    251,152 --a------   C:\WINNT\system32\inetcfg.dll
2007-06-06 23:56    218,384 --a------   C:\WINNT\system32\mstask.dll
2007-06-06 23:56    21,776  --a------   C:\WINNT\system32\mnmsrvc.exe
2007-06-06 23:56    200,464 --a------   C:\WINNT\system32\msoeacct.dll
2007-06-06 23:56    12,560  --a------   C:\WINNT\system32\nmmkcert.dll
2007-06-06 23:56    118,032 --a------   C:\WINNT\system32\mstask.exe
2007-06-06 23:56    10,000  --a------   C:\WINNT\system32\mstinit.exe
2007-06-06 23:21    148,992 --a------   C:\WINNT\system32\spxcoins.dll
2007-06-06 00:27    <DIR>    d--------   C:\DOCUME~1\Rick\APPLIC~1\RegSweep
2007-06-05 23:38    40,008  --a------   C:\d39hz.exe
2007-06-05 23:10    83,968  --a------   C:\WINNT\system32\drivers\nabtsfec.sys
2007-06-05 23:10    80,896  --a------   C:\WINNT\system32\dpvsetup.exe
2007-06-05 23:10    76,800  --a------   C:\WINNT\system32\dmscript.dll
2007-06-05 23:10    733,184 --a------   C:\WINNT\system32\qedwipes.dll
2007-06-05 23:10    7,168   --a------   C:\WINNT\system32\d3d8thk.dll
2007-06-05 23:10    68,096  --a------   C:\WINNT\system32\dsdmoprp.dll
2007-06-05 23:10    68,096  --a------   C:\WINNT\system32\dpnhupnp.dll
2007-06-05 23:10    56,832  --a------   C:\WINNT\system32\drivers\msdv.sys
2007-06-05 23:10    524,800 --a------   C:\WINNT\system32\qedit.dll
2007-06-05 23:10    5,504   --a------   C:\WINNT\system32\drivers\mstee.sys
2007-06-05 23:10    480,256 --a------   C:\WINNT\system32\msvidctl.dll
2007-06-05 23:10    47,104  --a------   C:\WINNT\system32\wstdecod.dll
2007-06-05 23:10    46,592  --a------   C:\WINNT\system32\dxdllreg.exe
2007-06-05 23:10    4,096   --a------   C:\WINNT\system32\ksuser.dll
2007-06-05 23:10    377,856 --a------   C:\WINNT\system32\dpnet.dll
2007-06-05 23:10    354,816 --a------   C:\WINNT\system32\psisdecd.dll
2007-06-05 23:10    32,768  --a------   C:\WINNT\system32\dpnhpast.dll
2007-06-05 23:10    3,072   --a------   C:\WINNT\system32\dpnlobby.dll
2007-06-05 23:10    3,072   --a------   C:\WINNT\system32\dpnaddr.dll
2007-06-05 23:10    258,424 --a------   C:\WINNT\system32\qasf.dll
2007-06-05 23:10    203,264 --a------   C:\WINNT\system32\dpvoice.dll
2007-06-05 23:10    194,560 --a------   C:\WINNT\system32\mswebdvd.dll
2007-06-05 23:10    19,968  --a------   C:\WINNT\system32\dpvacm.dll
2007-06-05 23:10    186,880 --a------   C:\WINNT\system32\dsdmo.dll
2007-06-05 23:10    18,944  --a------   C:\WINNT\system32\encapi.dll
2007-06-05 23:10    18,688  --a------   C:\WINNT\system32\drivers\wstcodec.sys
2007-06-05 23:10    18,432  --a------   C:\WINNT\system32\dswave.dll
2007-06-05 23:10    16,896  --a------   C:\WINNT\system32\msyuv.dll
2007-06-05 23:10    16,896  --a------   C:\WINNT\system32\dpnsvr.exe
2007-06-05 23:10    16,384  --a------   C:\WINNT\system32\drivers\ccdecode.sys
2007-06-05 23:10    15,104  --a------   C:\WINNT\system32\drivers\mpe.sys
2007-06-05 23:10    14,976  --a------   C:\WINNT\system32\drivers\streamip.sys
2007-06-05 23:10    130,304 --a------   C:\WINNT\system32\drivers\ks.sys
2007-06-05 23:10    13,312  --a------   C:\WINNT\system32\msdmo.dll
2007-06-05 23:10    112,128 --a------   C:\WINNT\system32\dpvvox.dll
2007-06-05 23:10    11,392  --a------   C:\WINNT\system32\drivers\bdasup.sys
2007-06-05 23:10    10,880  --a------   C:\WINNT\system32\drivers\slip.sys
2007-06-05 23:10    10,112  --a------   C:\WINNT\system32\drivers\ndisip.sys
2007-06-05 23:10    1,769,472   --a------   C:\WINNT\system32\dxdiagn.dll
2007-06-05 23:10    1,689,600   --a------   C:\WINNT\system32\d3d9.dll
2007-06-05 23:10    1,189,888   --a------   C:\WINNT\system32\dx8vb.dll
2007-06-05 23:10    1,179,648   --a------   C:\WINNT\system32\d3d8.dll
2007-06-05 21:43    5,332   --a------   C:\WINNT\system32\drivers\FlashSys.sys
2007-06-05 21:43    4,440   --a------   C:\WINNT\system32\drivers\WinFlash.sys
2007-06-05 21:43    16,721  --a------   C:\WINNT\system32\Ntaccess.sys
2007-06-05 21:43    <DIR>    d-a------   C:\Program Files\MSI
2007-06-05 19:33    <DIR>    d--------   C:\DOCUME~1\Rick\APPLIC~1\WinRAR
2007-06-05 19:24    768 --a------   C:\WINNT\system32\d3d8caps.dat
2007-06-05 19:24    4,682   --a------   C:\WINNT\system32\npptNT2.sys
2007-06-05 19:19    44,032  --a------   C:\WINNT\system32\dimap.dll
2007-06-05 19:19    386,048 --a------   C:\WINNT\system32\diactfrm.dll
2007-06-05 19:19    31,744  --a------   C:\WINNT\system32\pid.dll
2007-06-05 19:19    166,400 --a------   C:\WINNT\system32\dinput8.dll
2007-06-05 19:19    <DIR>    d-a------   C:\WINNT\system32\DirectX
2007-06-05 19:19    <DIR>    d-a------   C:\Program Files\directx
2007-06-05 19:14    <DIR>    d--------   C:\Nexon
2007-06-05 15:50    41,472  --a------   C:\WINNT\system32\ge1.exe
2007-06-05 15:32    77,760  --a------   C:\WINNT\system32\qmgr.dll
2007-06-05 15:32    7,536   --a------   C:\WINNT\loadqm.exe
2007-06-05 15:32    48,224  --a------   C:\WINNT\system32\progdl.dll
2007-06-05 15:32    42,576  --a------   C:\WINNT\system32\qmgrprxy.dll
2007-06-05 01:33    <DIR>    d-a------   C:\WINNT\system32\Macromed



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-06-07 04:55:55 15,012  ----a-w C:\WINNT\system32\emptyregdb.dat
2007-06-07 04:55:04 --------    d---a-w C:\Program Files\Windows NT
2007-06-05 20:32:33 --------    d---a-w C:\Program Files\MSN Messenger
2007-06-02 02:30:39 --------    d---a-w C:\Program Files\Common Files\Symantec Shared
2007-03-31 18:13:53 6,656   ----a-w C:\WINNT\system32\haspvdd.dll
2007-03-31 18:13:53 383 ----a-w C:\WINNT\system32\haspdos.sys



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [01-03-02 13:02 ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 12:00  C:\WINNT\system32\mobsync.exe]
"LoadQM"="loadqm.exe" [00-05-03 17:23  C:\WINNT\loadqm.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-06-07 04:19 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 04:25 ]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-06-14 10:05 ]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [07-05-30 07:29 ]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]



**************************************************************************


catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 23:50:10
Windows 5.0.2195 Service Pack 1 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-06-28 23:51:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-06-28 23:51


--- E O F ---

nothing was found in vundofix and at the time i could not run an online scan because with the pandasoft u need internet explore and i could only open mozilla fire fox. Is there anything else wrong with my computer? once again thank you for all your help

Godz, in this bit of my post:
"==Start AVG a-s 7.5;
-under Scanner/ Settings please set Recommended actions to Quarantine, and run the complete system scan.
-save the log file."
this bit was extremely important: "-under Scanner/ Settings please set Recommended actions to Quarantine"
You MUST do that, and rerun the AVG complete system scan. Post the log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.