i cant get rid of this thing after viewing a few post a have a log to post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:57 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ED5ACE0-6162-4061-A3C0-12D2FF789767} - C:\WINDOWS\system32\byxvt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\mljjkhi.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask .exe” -atboottime
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O20 - Winlogon Notify: mljjkhi - C:\WINDOWS\SYSTEM32\mljjkhi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

–
End of file - 5129 bytes

This is a bit more than just a BHO, but we should be able to get it.

Please do not open any programs or reboot your computer unless instructed. If combofix wants to reboot, let it.

Open HJT, run a system scan only, check mark these lines if present

O2 - BHO: (no name) - {2ED5ACE0-6162-4061-A3C0-12D2FF789767} - C:\WINDOWS\system32\byxvt.dll (file missing)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\mljjkhi.dll
O20 - Winlogon Notify: mljjkhi - C:\WINDOWS\SYSTEM32\mljjkhi.dll

Close all other browsers/windows, click fix, close HJT.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Run combofix first then HJT thanks

ok i cant get combofix to run on my computer
unknown publisher combofix.exe is not a valid win 32 application
what to do now

Please delete that copy and download a new one from either link. It may just be a corrupted download.

ComboFix 08-01-11.3 - Owner 2008-01-12 9:51:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.115 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

• Created a new restore point
  .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player#SharedObjects\FVALB9QV\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player#SharedObjects\FVALB9QV\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player#SharedObjects\FVALB9QV\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol
C:\WINDOWS\system32~.exe
C:\WINDOWS\system32\awvwt.dll
C:\WINDOWS\system32\mljjkhi.dll
C:\WINDOWS\system32\RCX27.tmp
C:\WINDOWS\system32\RCX28.tmp
C:\WINDOWS\system32\RCX29.tmp
C:\WINDOWS\system32\RCX2A.tmp
C:\WINDOWS\system32\RCX2B.tmp
C:\WINDOWS\system32\RCX2C.tmp
C:\WINDOWS\system32\RCX2D.tmp
C:\WINDOWS\system32\RCX2E.tmp
C:\WINDOWS\system32\RCX2F.tmp
C:\WINDOWS\system32\RCX30.tmp
C:\WINDOWS\system32\RCX31.tmp
C:\WINDOWS\system32\RCX32.tmp
C:\WINDOWS\system32\RCX33.tmp
C:\WINDOWS\system32\RCX34.tmp
C:\WINDOWS\system32\RCX35.tmp
C:\WINDOWS\system32\RCX36.tmp
C:\WINDOWS\system32\RCX37.tmp
C:\WINDOWS\system32\RCX38.tmp
C:\WINDOWS\system32\RCX39.tmp
C:\WINDOWS\system32\RCX3A.tmp
C:\WINDOWS\system32\RCX3B.tmp
C:\WINDOWS\system32\RCX3C.tmp
C:\WINDOWS\system32\RCX3D.tmp
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCX3F.tmp
C:\WINDOWS\system32\RCX40.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX42.tmp
C:\WINDOWS\system32\RCX43.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX45.tmp
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\system32\RCX47.tmp
C:\WINDOWS\system32\RCX48.tmp
C:\WINDOWS\system32\RCX49.tmp
C:\WINDOWS\system32\RCX4A.tmp
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\RCX4C.tmp
C:\WINDOWS\system32\RCX4D.tmp
C:\WINDOWS\system32\RCX4E.tmp
C:\WINDOWS\system32\RCX4F.tmp
C:\WINDOWS\system32\RCX50.tmp
C:\WINDOWS\system32\RCX51.tmp
C:\WINDOWS\system32\RCX52.tmp
C:\WINDOWS\system32\RCX53.tmp
C:\WINDOWS\system32\RCX54.tmp
C:\WINDOWS\system32\tuvuv.dll
C:\WINDOWS\system32\tvxyb.ini
C:\WINDOWS\system32\tvxyb.ini2
C:\WINDOWS\system32\vtssr.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 09:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 00:53 . 2008-01-12 00:53 d-------- C:\Program Files\Trend Micro
2008-01-07 17:51 . 2008-01-07 17:51 169 --a------ C:\WINDOWS\RtlRack.ini
2007-12-25 10:58 . 2007-12-25 10:57 3,866,930 --a------ C:\Soulja Boy - Crank That Batman.mp3
2007-12-24 09:47 . 2008-01-11 19:45 392,192 --a------ C:\WINDOWS\system32\regscan .exe
2007-12-24 09:47 . 2008-01-11 19:45 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-24 09:47 . 2008-01-11 19:45 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 10:05 . 2007-12-29 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 10:05 . 2007-12-23 10:05 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 03:19 --------- d-----w C:\Program Files\QuickTime
2008-01-12 02:45 --------- d-----w C:\Program Files\Digital Media Reader
2007-12-23 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-09 04:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\SopCast
2007-12-09 03:28 --------- d-----w C:\Program Files\SopCast
2007-12-07 00:55 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-07 21:11 12,099,848 ----a-w C:\Program Files\setupeng.exe
.

<pre>
----a-w           307,200 2008-01-12 00:45:50  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            79,224 2008-01-12 00:45:46  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           185,896 2008-01-12 00:45:50  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            32,768 2008-01-12 00:45:36  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w           135,168 2008-01-12 00:45:36  C:\Program Files\Digital Media Reader\shwiconem .exe
----a-w           132,496 2008-01-12 00:45:50  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,694,208 2008-01-12 00:45:53  C:\Program Files\Messenger\msmsgs .exe
----a-w            98,304 2008-01-12 00:45:44  C:\Program Files\QuickTime\qttask                                                   .exe
----a-w            15,360 2008-01-12 00:45:49  C:\WINDOWS\system32\ctfmon .exe
----a-w           155,648 2008-01-12 00:45:36  C:\WINDOWS\system32\NeroCheck .exe
----a-w           392,192 2008-01-12 00:45:51  C:\WINDOWS\system32\regscan .exe
----a-w           196,608 2008-01-12 00:45:50  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{2ED5ACE0-6162-4061-A3C0-12D2FF789767}]
C:\WINDOWS\system32\byxvt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-09-18 11:32 7204864]
“nwiz”=“nwiz.exe” [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-09-18 11:32 86016]
“Recguard”=“%WINDIR%\SMINST\RECGUARD.EXE”
“Reminder”=“%WINDIR%\Creator\Remind_XP.exe”
“QuickTime Task”=“C:\Program Files\QuickTime\qttask .exe” [2008-01-11 19:45 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-02 21:57:01]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-05-28 11:39:21]

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{80b93b61-ae64-11da-acfc-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the ‘Scheduled Tasks’ folder
“2006-05-24 18:16:35 C:\WINDOWS\Tasks\ISP signup reminder 1.job”

• C:\WINDOWS\system32\OOBE\oobebaln.exe
  “2006-05-24 18:16:35 C:\WINDOWS\Tasks\ISP signup reminder 3.job”
• C:\WINDOWS\system32\OOBE\oobebaln.exe
  .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 12:03:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-12 12:04:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 17:04:35
.
2008-01-09 23:39:19 — E O F —

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:10 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask .exe” -atboottime
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

–
End of file - 4805 bytes

Please submit this file to virustotal for analysis

To submit a file to virustoal, please click om this link

www.virustotal.com

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

C:\WINDOWS\RtlRack.ini

scroll down a bit and click “send file”, wait for the results and post then in your next reply.

Open HJT, run a system scan only, check mark these lines if present

O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask .exe” -atboottime

Close all other browsers/windows, click fix, close HJT.

Open a new Notepad session (Do not use a Word Processor or WordPad). Click “Format” and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as…, and set the location to your Desktop, and enter (including quotation marks) as the filename: “CFscript.txt” . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

File:: C:\WINDOWS\system32\regscan .exe C:\WINDOWS\system32\regscan.exe

RENV::

----a-w           307,200 2008-01-12 00:45:50  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            79,224 2008-01-12 00:45:46  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           185,896 2008-01-12 00:45:50  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            32,768 2008-01-12 00:45:36  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w           135,168 2008-01-12 00:45:36  C:\Program Files\Digital Media Reader\shwiconem .exe
----a-w           132,496 2008-01-12 00:45:50  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,694,208 2008-01-12 00:45:53  C:\Program Files\Messenger\msmsgs .exe
----a-w            98,304 2008-01-12 00:45:44  C:\Program Files\QuickTime\qttask                                                   .exe
----a-w            15,360 2008-01-12 00:45:49  C:\WINDOWS\system32\ctfmon .exe
----a-w           155,648 2008-01-12 00:45:36  C:\WINDOWS\system32\NeroCheck .exe
----a-w           196,608 2008-01-12 00:45:50  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04 .exe

This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log.

i appreciate you helping me with this…thank you

File RtlRack.ini_ received on 01.13.2008 04:28:08 (CET)
Current status: Loading … queued waiting scanning finished NOT FOUND STOPPED

Result: 0/31 (0%)
Loading server information…
Your file is queued in position: 4.
Estimated start time is between 47 and 68 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they’re generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.1.12.10 2008.01.11 -
AntiVir 7.6.0.46 2008.01.11 -
Authentium 4.93.8 2008.01.12 -
Avast 4.7.1098.0 2008.01.12 -
AVG 7.5.0.516 2008.01.12 -
BitDefender 7.2 2008.01.13 -
CAT-QuickHeal 9.00 2008.01.12 -
ClamAV 0.91.2 2008.01.13 -
DrWeb 4.44.0.09170 2008.01.12 -
eSafe 7.0.15.0 2008.01.10 -
eTrust-Vet 31.3.5451 2008.01.11 -
Ewido 4.0 2008.01.12 -
FileAdvisor 1 2008.01.13 -
Fortinet 3.14.0.0 2008.01.13 -
F-Prot 4.4.2.54 2008.01.13 -
F-Secure 6.70.13030.0 2008.01.12 -
Ikarus T3.1.1.20 2008.01.13 -
Kaspersky 7.0.0.125 2008.01.13 -
McAfee 5205 2008.01.11 -
Microsoft 1.3109 2008.01.13 -
NOD32v2 2787 2008.01.13 -
Norman 5.80.02 2008.01.11 -
Panda 9.0.0.4 2008.01.12 -
Prevx1 V2 2008.01.13 -
Rising 20.26.60.00 2008.01.13 -
Sophos 4.24.0 2008.01.13 -
Sunbelt 2.2.907.0 2008.01.12 -
Symantec 10 2008.01.12 -
TheHacker 6.2.9.186 2008.01.11 -
VBA32 3.12.2.5 2008.01.13 -
Webwasher-Gateway 6.6.2 2008.01.13 -
Additional information
File size: 169 bytes
MD5: 75cdb02a3732980b9df1f2a98b225f93
SHA1: a06f21b1e12fe796c13e334343a93f843f468e5c
PEiD: -

ComboFix 08-01-11.3 - Owner 2008-01-12 22:51:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.129 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFscript.txt

• Created a new restore point

FILE
C:\WINDOWS\system32\regscan .exe
C:\WINDOWS\system32\regscan.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\regscan .exe

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 09:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 00:53 . 2008-01-12 00:53 d-------- C:\Program Files\Trend Micro
2008-01-07 17:51 . 2008-01-07 17:51 169 --a------ C:\WINDOWS\RtlRack.ini
2007-12-25 10:58 . 2007-12-25 10:57 3,866,930 --a------ C:\Soulja Boy - Crank That Batman.mp3
2007-12-24 09:47 . 2008-01-11 19:45 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-24 09:47 . 2008-01-11 19:45 15,360 --a–c— C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-24 09:47 . 2008-01-11 19:45 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 10:05 . 2007-12-29 15:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-23 10:05 . 2007-12-23 10:05 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 03:51 --------- d-----w C:\Program Files\QuickTime
2008-01-13 03:51 --------- d-----w C:\Program Files\Digital Media Reader
2007-12-23 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-07 00:55 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-10-07 21:11 12,099,848 ----a-w C:\Program Files\setupeng.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_12.04.23.88 )))))))))))))))))))))))))))))))))))))))))
.

• 2008-01-12 14:49:58 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT

• 2008-01-13 03:51:30 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000001\NTUSER.DAT

• 2008-01-12 14:49:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat

• 2008-01-13 03:51:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000002\UsrClass.dat

• 2008-01-12 14:49:59 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT

• 2008-01-13 03:51:30 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000003\NTUSER.DAT

• 2008-01-12 14:49:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat

• 2008-01-13 03:51:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000004\UsrClass.dat

• 2008-01-12 14:49:59 4,534,272 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT

• 2008-01-13 03:51:30 4,534,272 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000005\NTUSER.DAT

• 2008-01-12 14:49:59 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat

• 2008-01-13 03:51:30 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users[u]0[/u]0000006\UsrClass.dat
• 2008-01-12 00:45:50 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
• 2008-01-13 03:08:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  Note empty entries & legit default entries are not shown
  REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-01-11 19:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2005-09-26 18:07 90112 C:\WINDOWS\soundman.exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-09-18 11:32 7204864]
“nwiz”=“nwiz.exe” [2005-09-18 11:32 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-09-18 11:32 86016]
“Recguard”=“%WINDIR%\SMINST\RECGUARD.EXE”
“Reminder”=“%WINDIR%\Creator\Remind_XP.exe”

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-02 21:57:01]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-05-28 11:39:21]

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 09:42]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 12:33]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{80b93b61-ae64-11da-acfc-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the ‘Scheduled Tasks’ folder
“2006-05-24 18:16:35 C:\WINDOWS\Tasks\ISP signup reminder 1.job”

• C:\WINDOWS\system32\OOBE\oobebaln.exe
  “2006-05-24 18:16:35 C:\WINDOWS\Tasks\ISP signup reminder 3.job”
• C:\WINDOWS\system32\OOBE\oobebaln.exe
  .

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 22:53:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2008-01-12 22:53:57
ComboFix-quarantined-files.txt 2008-01-13 03:53:42
ComboFix2.txt 2008-01-12 17:04:44
.
2008-01-09 23:39:19 — E O F —

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:02 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

–
End of file - 4510 bytes

Everthing okay? Looks good here, but I still don’t trust that file.

Let’s try something, We’re going to scan for alternate data streams. Get the free version of this program.

Download superantispyware

First update SAS Then boot into save mode and set SAS up like this.

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked

• CHECK ALL BOXES

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found . Reboot if asked.

When you post the log, edit out the tracking cookies, they are not that important. Hopefully it will be a short log.

Before you run the scan, clear out some old restore points

Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

Remove old restore points

• Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

everything seems to be find, i will do the next step and post reply

Ok, I’ll check back in a bit. 8)

ok i got another warning from avast about a trojan horse

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

–
End of file - 4983 bytes

Hi travis27610

Can you please post the file name and path avast detected? You can find the log here

c:\program files\alwil software\avast4\data\log , thw warning log will be in the right hand panel. Open it with notepad and post the most recent detections.

Or if you can read it here

right click the “a” icon, select log viewer, click the warning button.

There isn’t anything apparent in the hjt log, but that doesn’t mean there isn’t something to look for.

Thanks

thanks for the help

1/4/2008 3:19:06 PM 1199477946 SYSTEM 2008 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\SYSTEM32\BYXVT.DLL” file.
1/4/2008 3:35:07 PM 1199478909 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:09 PM 1199478909 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:14 PM 1199478914 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:15 PM 1199478915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:15 PM 1199478915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:20 PM 1199478920 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:26 PM 1199478926 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:26 PM 1199478926 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:29 PM 1199478929 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:41 PM 1199558861 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:42 PM 1199558862 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:50 PM 1199558870 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:53:16 PM 1199559196 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 2:15:34 PM 1199560534 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:52 PM 1199564633 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:54 PM 1199564634 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:24:05 PM 1199564645 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:31 PM 1199576911 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:32 PM 1199576912 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:33 PM 1199576913 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:35 PM 1199576915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:36 PM 1199576916 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:39 PM 1199576919 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.

1/4/2008 3:19:06 PM 1199477946 SYSTEM 2008 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\SYSTEM32\BYXVT.DLL” file.
1/4/2008 3:35:07 PM 1199478909 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:09 PM 1199478909 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:14 PM 1199478914 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:15 PM 1199478915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:15 PM 1199478915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:20 PM 1199478920 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:26 PM 1199478926 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:26 PM 1199478926 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/4/2008 3:35:29 PM 1199478929 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:41 PM 1199558861 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:42 PM 1199558862 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:46 PM 1199558866 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:47:50 PM 1199558870 SYSTEM 1460 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 1:53:16 PM 1199559196 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been foun

1/5/2008 2:15:34 PM 1199560534 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:52 PM 1199564633 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:54 PM 1199564634 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:23:56 PM 1199564636 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 3:24:05 PM 1199564645 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:31 PM 1199576911 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:32 PM 1199576912 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:33 PM 1199576913 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:35 PM 1199576915 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:36 PM 1199576916 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:39 PM 1199576919 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:40 PM 1199576920 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 6:48:40 PM 1199576920 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/5/2008 10:08:06 PM 1199588886 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:24:12 AM 1199633052 SYSTEM 1988 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:31:11 AM 1199633472 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” file.
1/6/2008 10:31:12 AM 1199633472 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:31:12 AM 1199633472 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:31:13 AM 1199633473 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” file.
1/6/2008 10:31:14 AM 1199633474 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/6/2008 10:31:14 AM 1199633474 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:31:15 AM 1199633475 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/6/2008 10:31:15 AM 1199633475 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:31:15 AM 1199633475 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/6/2008 10:31:19 AM 1199633479 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:28 AM 1199636069 Owner 224 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/6/2008 11:14:29 AM 1199636069 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:29 AM 1199636069 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:29 AM 1199636069 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:29 AM 1199636069 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:32 AM 1199636072 Owner 224 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/6/2008 11:14:32 AM 1199636072 Owner 224 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/6/2008 11:14:32 AM 1199636072 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:34 AM 1199636074 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 11:14:34 AM 1199636074 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 2:55:01 PM 1199649301 Owner 224 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:24 PM 1199677284 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/6/2008 10:41:25 PM 1199677285 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:25 PM 1199677285 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:25 PM 1199677285 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:25 PM 1199677285 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:26 PM 1199677286 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:26 PM 1199677286 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:41:29 PM 1199677289 Owner 2016 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/6/2008 10:41:30 PM 1199677290 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:47:12 PM 1199677632 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/6/2008 10:47:58 PM 1199677678 Owner 2016 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.

1/7/2008 8:36:52 AM 1199713012 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 8:36:56 AM 1199713016 SYSTEM 208 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” file.
1/7/2008 8:36:56 AM 1199713016 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 8:36:57 AM 1199713017 SYSTEM 208 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/7/2008 8:37:00 AM 1199713020 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 8:37:04 AM 1199713024 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 8:37:04 AM 1199713024 SYSTEM 208 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/7/2008 8:41:44 AM 1199713304 SYSTEM 208 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\pmkjg.dll” file.
1/7/2008 9:09:21 AM 1199714961 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 9:09:24 AM 1199714964 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 9:09:26 AM 1199714966 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 9:11:14 AM 1199715074 SYSTEM 216 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/7/2008 11:45:59 AM 1199724360 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 11:47:25 AM 1199724445 SYSTEM 216 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/7/2008 12:14:17 PM 1199726057 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 12:14:31 PM 1199726071 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 12:14:57 PM 1199726097 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 1:01:58 PM 1199728918 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 1:03:43 PM 1199729023 Owner 3432 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 1:07:05 PM 1199729225 SYSTEM 216 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\byxvt.exe” file.
1/7/2008 1:07:17 PM 1199729237 SYSTEM 216 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:37 PM 1199745098 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:38 PM 1199745098 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:41 PM 1199745101 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:41 PM 1199745101 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:42 PM 1199745102 SYSTEM 204 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” file.
1/7/2008 5:31:43 PM 1199745103 SYSTEM 204 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/7/2008 5:31:47 PM 1199745107 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:50 PM 1199745110 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 5:31:50 PM 1199745110 SYSTEM 204 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/7/2008 5:36:35 PM 1199745395 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\iiihh.dll” file.
1/7/2008 5:37:51 PM 1199745471 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/7/2008 6:36:35 PM 1199748995 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\qopqr.dll” file.
1/7/2008 7:36:41 PM 1199752601 SYSTEM 204 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\fccax.dll” file.
1/8/2008 5:22:35 PM 1199830955 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 5:22:38 PM 1199830958 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 5:22:39 PM 1199830959 SYSTEM 196 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” file.
1/8/2008 5:22:40 PM 1199830960 SYSTEM 196 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/8/2008 5:22:43 PM 1199830963 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 5:22:47 PM 1199830967 SYSTEM 196 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/8/2008 5:22:47 PM 1199830967 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 5:23:51 PM 1199831031 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 5:27:34 PM 1199831254 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\awvwt.dll” file.

1/8/2008 5:27:36 PM 1199831256 SYSTEM 196 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\awvwt.dll” file.
1/8/2008 7:26:24 PM 1199838384 Owner 212 Sign of “Win32:Trat-C [Drp]” has been found in “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” file.
1/8/2008 7:26:25 PM 1199838385 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 7:26:25 PM 1199838385 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 7:26:25 PM 1199838385 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 7:26:25 PM 1199838385 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 7:26:27 PM 1199838387 Owner 212 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” file.
1/8/2008 7:26:28 PM 1199838388 Owner 212 Sign of “Win32:Trat-C [Drp]” has been found in “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” file.
1/8/2008 7:26:29 PM 1199838389 Owner 212 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\ctfmon.exe” file.
1/8/2008 7:26:29 PM 1199838389 Owner 212 Sign of “Win32:Trat-C [Drp]” has been found in “C:\WINDOWS\system32\regscan.exe” file.
1/8/2008 7:26:29 PM 1199838389 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.
1/8/2008 7:26:32 PM 1199838392 Owner 212 Sign of “Win32:TratBHO [trj]” has been found in “C:\WINDOWS\system32\byxvt.dll” file.