Win32/Adware.Virtumonde application

Night · November 10, 2007

Hi~.~

I'm new at computer and i've this virus( Win32/Adware.Virtumonde application ) and its alwalys poping up even i press delete in NOD32 it come out again...T.T

this the Hijack Save log

Logfile of HijackThis v1991

Scan saved at 17:07:59, on 10/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6002 SP2 (60029002180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\STacSV.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\sttray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Nightshade\Desktop\Downloads\wtfIshThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: {61bad7a4-232b-44cb-ec44-194806d43fd4} - {4df34d60-8491-44ce-bc44-b2324a7dab16} - C:\WINDOWS\system32\fomhhrin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\opnmkjk.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\duezclhx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {FD6852D2-7511-47D4-9E6C-0D5F31EE98AF} - C:\WINDOWS\system32\pmnlm.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [bcbede60] rundll32.exe "C:\WINDOWS\system32\orkyyfkq.dll",b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1FAF427B-1EE5-43D3-A023-2009142AFCD4} (CS Order Entry Control (PBB)) - https://www2.pbebank.com/ebroking/wecos/control/csoe_pbb.cab

O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCE1} (CS Order Entry Control (PBB)) - https://www2.pbebank.com/ebroking/wecos/con...l/csoex_pbb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab

O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB102} (CS Control) - https://www2.pbebank.com/ebroking/wecos/control/csw.cab

O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - https://www2.pbebank.com/ebroking/wecos/control/cswx.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: duezclhx - C:\WINDOWS\SYSTEM32\duezclhx.dll

O20 - Winlogon Notify: opnmkjk - C:\WINDOWS\SYSTEM32\opnmkjk.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

I bought this Computer 3-4weeks ago so i'm not good at it, so please can tell me in particular how to use please>.< Thank you very Much~.~

or u can e-mail me at nighthshade13th@hotmail.com Thank you very much again~.~

__RiP_ChAiN_ · November 10, 2007

Hello Night,

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Night · November 11, 2007

Hello Night,
Download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix 07-11-08.1 - Nightshade 2007-11-11 12:48:57.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.600 [GMT 8:00]

Running from: C:\Documents and Settings\Nightshade\Desktop\Downloads\ComboFix.exe

.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\duezclhx.dllbox

.

---- Previous Run -------

.

C:\Documents and Settings\Nightshade\Application Data\macromedia\Flash Player\#SharedObjects\2LYHHFJY\iforex.com

C:\Documents and Settings\Nightshade\Application Data\macromedia\Flash Player\#SharedObjects\2LYHHFJY\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Nightshade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Nightshade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

C:\Documents and Settings\Nightshade\Application Data\p4p

C:\Documents and Settings\Nightshade\Application Data\p4p\dlmgr.dat

C:\Documents and Settings\Nightshade\Application Data\p4p\rss.opml

C:\Documents and Settings\Nightshade\Application Data\p4p\rsslasturl.txt

C:\Program Files\p4p

C:\Program Files\p4p\encyclopedia.map

C:\Program Files\p4p\SohuToolbar.INI

C:\Program Files\p4p\temp.map

C:\WINDOWS\system32\comploader.dll

C:\WINDOWS\system32\cquxveex.dll

C:\WINDOWS\system32\dgjlm.bak1

C:\WINDOWS\system32\dgjlm.ini

C:\WINDOWS\system32\duezclhx.dllbox

C:\WINDOWS\system32\fomhhrin.dll

C:\WINDOWS\system32\logtatmw.dll

C:\WINDOWS\system32\mljgd.dll

C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\mlnmp.ini2

C:\WINDOWS\system32\oikkjliw.dll

C:\WINDOWS\system32\pmnlm.dll

C:\WINDOWS\system32\socul.dll

C:\WINDOWS\system32\unsocul.exe

C:\WINDOWS\system32\xbkeipxr.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))

.

2007-11-11 12:22 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-11 12:18 85,568 --a------ C:\WINDOWS\system32\dxatapqy.dll

2007-11-10 19:55 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2007-11-10 08:36 85,568 --------- C:\WINDOWS\system32\orkyyfkq.dll

2007-11-09 07:39 85,568 --------- C:\WINDOWS\system32\abhkmagh.dll

2007-11-08 16:21 <DIR> d-------- C:\Documents and Settings\Nightshade\Application Data\InstallShield

2007-11-08 16:21 80 --ah----- C:\WINDOWS\system32\HsInfo.dat

2007-11-07 07:15 159,296 --a------ C:\WINDOWS\system32\duezclhx.dll

2007-11-07 07:14 159,296 --a------ C:\WINDOWS\system32\ukjoulwf.dll

2007-11-04 08:03 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2007-11-03 16:44 <DIR> d-------- C:\WINDOWS\pss

2007-11-03 11:33 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-11-03 11:33 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-11-02 14:18 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys

2007-11-02 14:05 <DIR> d-------- C:\Program Files\Windows Live

2007-11-02 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-11-02 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller

2007-11-01 20:24 10,752 -rahs---- C:\WINDOWS\system32\agtsvc.exe

2007-10-25 21:10 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-10-24 17:12 <DIR> d-------- C:\Documents and Settings\Nightshade\Application Data\Ahead

2007-10-20 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

2007-10-20 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft

2007-10-20 18:05 <DIR> d-------- C:\Documents and Settings\Nightshade\Application Data\Yahoo!

2007-10-20 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2007-10-20 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!

2007-10-20 17:54 <DIR> d-------- C:\Program Files\Yahoo!

2007-10-19 18:11 <DIR> d-------- C:\Program Files\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-08 08:21 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-02 06:06 --------- d-----w C:\Program Files\Real

2007-10-25 13:16 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-20 07:29 --------- d-----w C:\Program Files\Microsoft Games

2007-10-15 10:47 --------- d-----w C:\Program Files\Java

2007-10-09 08:39 657,185 ----a-w C:\WINDOWS\Condition Zero Uninstaller.exe

2007-09-29 02:51 --------- d-----w C:\Program Files\Common Files\Java

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-16 08:17 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]

C:\WINDOWS\system32\opnmkjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-07 07:15 159296 --a------ C:\WINDOWS\system32\duezclhx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-07 04:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-07 04:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-07 04:00]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-07-29 22:07]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]

"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" []

"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 14:19 C:\WINDOWS\sttray.exe]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 22:49]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59]

"bcbede60"="C:\WINDOWS\system32\dxatapqy.dll" [2007-11-11 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-07 04:00]

"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\opnmkjk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\duezclhx]

duezclhx.dll 2007-11-07 07:15 159296 C:\WINDOWS\system32\duezclhx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmkjk]

opnmkjk.dll

S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows

S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys

S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fca75c6-52a3-11dc-aee1-0019d117f30d}]

\Shell\AutoRun\command - D:\autorun.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-11 12:54:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-11 12:55:23 - machine was rebooted

.

--- E O F ---

~.~ Thanks this the savelog

__RiP_ChAiN_ · November 11, 2007

Could you please post a new HijackThis log, as well?

Night · November 11, 2007

Could you please post a new HijackThis log, as well?

Logfile of HijackThis v1991

Scan saved at 19:29:39, on 11/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6002 SP2 (60029002180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\sttray.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\STacSV.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

J:\Online Games\softnyx\Rakion\NyxLauncher.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Nightshade\Desktop\Downloads\wtfIshThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\opnmkjk.dll (file missing)