Solved Viruses, Adware, Trojans. I'm sunk.

[Resolved]Viruses, Adware, Trojans. I'm sunk.

Well, where to start. Heck this darn XP hard drive is infected with alot of bad stuff, and I can see from reading another post I'll need to download alot of fixers, but if it keeps me from re-formatting I'll give it a shot. I hate this trying to work it out but, I guess that's what I get for spending too much time/too many places looking for a hack.

Also, I don't use windows everyday; but, at least once a week. I do have AVG free installed. And Spybot. I also downloaded HIJACKTHIS, because when I did a Google search for my "Error Windows No Disk" I ended up at a sight that mention getting that program. So, I assume I'll need to copy/paste the Hijackthis results?? If so I will warn you that copy/paste is something I have avoided for years. I did it once on my Linux box and lost a few hairs doing it . So I warn ya I'll need help with that also. Well whether I'm ready or not we'll give 'er.

As long as the helper has patience with me because I work and am gone from 2PM to 1:15AM, Mon thru Sat. CDT. US.

Pepse.

 

Hi Pepse
First go here and read this.
http://www.windowsbbs.com/showthread.php?t=67780

Download both tools to run and post the logs.

To copy and paste, do this.

In the logs that open click on the "Edit" tab click on "Select all" click on the Edit tab again click on copy.
Now come back here to this thread and click Post Reply, in the white posting area Right click and click paste.
You will need to copy and paste 1 log at a time.

Then we'll see what you have going on.

Thanks
Geri

 

Logfile of HijackThis v1.99.1
Scan saved at 11:47:33 AM, on 10/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\amgawhag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pepse\Desktop\Pepse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "www.google.com "); (C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {36A5FE24-299B-48ED-B6CA-84C99C7DCCE5} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {479da9e8-1dd2-11b2-9fa9-873c0b90b5d5} - C:\WINDOWS\rubcnsri.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {645af146-1dd2-11b2-b2bb-8782910e93a0} - C:\WINDOWS\tgfydonq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\pyqikxie.dll
O2 - BHO: (no name) - {8B3F8A93-933C-4DDA-B24C-AEB0697C132A} - C:\WINDOWS\system32\khhiggf.dll
O2 - BHO: (no name) - {c48d83c8-1dd1-11b2-a29b-88574dde46ab} - C:\WINDOWS\ryvwjofq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [qzidexet] rundll32.exe "C:\Program Files\qzidexet\qxmxyvqn.dll ",Init
O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ytavtomq.dll ",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390
O20 - Winlogon Notify: khhiggf - C:\WINDOWS\SYSTEM32\khhiggf.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\amgawhag.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Pepse.

 

Hi Pepse
OK I'm going to guess that my link was no longer valid and that is why you didn't follow the directions I gave you.

Here is the link again,
http://www.windowsbbs.com/announcement.php?f=41
Please delete the HJT application you have, and download the one in the link.

Then do this.
Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Now please follow my instructions.
Download the new version of HJT and the Deckard System scanner

Please Post these logs.
VundoFix log, The new HJT log, and the dss log (Main.txt only for now.)

Thanks
Geri

 

Windows cannot find VUNDOFIX.EXE on reboot. I did Vundofix, again, after the first reboot and I got the same error after running it a second time. Now if we get this figured out I will do the HJT and DSS. Also, how am I going to post what is in the vundofix log through C:\ ?

Pepse.

 

Hi Pepse

Click on "Start" > click on "My Computer" > Under Hard Disk Drives Double click on ( C: ) Drive.

Look for This C:\vundofix.txt or C\:vundofix\backups
Double click it to open, Then do the copy/paste and post the log here.

Thanks.
Geri

 

VundoFix V6.5.9

Checking Java version...

Scan started at 1:20:02 AM 10/3/2007

Listing files found while scanning....

C:\windows\system32\efcdcya.dll
C:\windows\system32\hggdcda.dll
C:\WINDOWS\system32\khhiggf.dll
C:\WINDOWS\system32\ljfhkpym.ini
C:\WINDOWS\system32\mypkhfjl.dll
C:\WINDOWS\system32\pyqikxie.dll
C:\WINDOWS\system32\qqdfeqty.dll
C:\windows\system32\ututv.bak1
C:\windows\system32\ututv.bak2
C:\windows\system32\ututv.ini
C:\windows\system32\ututv.ini2
C:\windows\system32\ututv.tmp
C:\WINDOWS\system32\vtutu.dll

Beginning removal...

Attempting to delete C:\windows\system32\efcdcya.dll
C:\windows\system32\efcdcya.dll Has been deleted!

Attempting to delete C:\windows\system32\hggdcda.dll
C:\windows\system32\hggdcda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khhiggf.dll
C:\WINDOWS\system32\khhiggf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ljfhkpym.ini
C:\WINDOWS\system32\ljfhkpym.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mypkhfjl.dll
C:\WINDOWS\system32\mypkhfjl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pyqikxie.dll
C:\WINDOWS\system32\pyqikxie.dll Could not be deleted.

Attempting to delete C:\windows\system32\ututv.bak1
C:\windows\system32\ututv.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ututv.bak2
C:\windows\system32\ututv.bak2 Has been deleted!

Attempting to delete C:\windows\system32\ututv.ini
C:\windows\system32\ututv.ini Has been deleted!

Attempting to delete C:\windows\system32\ututv.ini2
C:\windows\system32\ututv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\ututv.tmp
C:\windows\system32\ututv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 1:34:31 AM 10/3/2007

Listing files found while scanning....

C:\windows\system32\khhiggf.dll
C:\WINDOWS\system32\lufbbcbs.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vtutu.dll

Beginning removal...

Attempting to delete C:\windows\system32\khhiggf.dll
C:\windows\system32\khhiggf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lufbbcbs.dll
C:\WINDOWS\system32\lufbbcbs.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Pepse.

 

Hi
OK Thanks for that log

Now please post the dss log and download this, we will be using it.

Download
OTMoveIt by OldTimer to your Desktop.

Thanks
Geri

 

Deckard's System Scanner v20070905.67
Run by Pepse on 2007-10-04 11:43:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pepse.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:11 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Trkic\webinfox2.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\amgawhag.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pepse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pepse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "www.google.com "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {479da9e8-1dd2-11b2-9fa9-873c0b90b5d5} - C:\WINDOWS\rubcnsri.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {645af146-1dd2-11b2-b2bb-8782910e93a0} - C:\WINDOWS\tgfydonq.dll (file missing)
O2 - BHO: (no name) - {65526F9E-C0F8-4BE1-929A-9CE6B399641C} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xmkvgrrw.dll
O2 - BHO: (no name) - {8B3F8A93-933C-4DDA-B24C-AEB0697C132A} - C:\WINDOWS\system32\khhiggf.dll
O2 - BHO: (no name) - {c48d83c8-1dd1-11b2-a29b-88574dde46ab} - C:\WINDOWS\ryvwjofq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [qzidexet] rundll32.exe "C:\Program Files\qzidexet\qxmxyvqn.dll ",Init
O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKLM\..\Run: [WebInf] C:\Program Files\Trkic\webinfox2.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ucbkkknt.dll ",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390
O20 - Winlogon Notify: khhiggf - C:\WINDOWS\SYSTEM32\khhiggf.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\amgawhag.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9746 bytes

-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-10-04 01:00:55 85056 --a------ C:\WINDOWS\system32\ucbkkknt.dll
2007-10-04 00:54:56 77376 --a------ C:\WINDOWS\system32\xmkvgrrw.dll
2007-10-04 00:51:55 75328 --a------ C:\WINDOWS\system32\npseixxb.exe <Not Verified; ; DDC>
2007-10-04 00:50:34 1511356 ---hs---- C:\WINDOWS\system32\ututv.bak2
2007-10-03 01:31:28 77376 -----n--- C:\WINDOWS\system32\lufbbcbs.dll
2007-10-03 01:20:02 0 d-------- C:\VundoFix Backups
2007-10-03 01:15:23 0 d-------- C:\Program Files\Trend Micro
2007-10-03 00:47:05 86080 -----n--- C:\WINDOWS\system32\mypkhfjl.dll
2007-10-03 00:41:05 75328 --a------ C:\WINDOWS\system32\jprueowk.exe <Not Verified; ; DDC>
2007-10-03 00:38:28 0 d-------- C:\Program Files\Trkic
2007-10-02 09:55:56 77376 -----n--- C:\WINDOWS\system32\pyqikxie.dll
2007-10-01 12:53:39 75328 --a------ C:\WINDOWS\system32\shkeglkf.exe <Not Verified; ; DDC>
2007-10-01 02:04:55 75328 --a------ C:\WINDOWS\system32\wlwiqdnp.exe <Not Verified; ; DDC>
2007-10-01 00:59:26 75328 --a------ C:\WINDOWS\system32\rqfedtad.exe <Not Verified; ; DDC>
2007-09-29 18:56:50 75328 --a------ C:\WINDOWS\system32\ojoqmiac.exe <Not Verified; ; DDC>
2007-09-23 23:51:40 75328 --a------ C:\WINDOWS\system32\mstopxsl.exe <Not Verified; ; DDC>
2007-09-23 23:35:27 75328 --a------ C:\WINDOWS\system32\tytwtidh.exe <Not Verified; ; DDC>
2007-09-23 23:24:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-23 23:24:24 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-23 23:24:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-23 23:24:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-23 23:24:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-23 23:24:24 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-23 23:24:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-09-23 23:24:10 0 d-------- C:\WINDOWS\PerfInfo
2007-09-23 23:24:10 0 d-------- C:\Program Files\PerfSoft
2007-09-23 22:19:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-23 22:19:57 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-09-23 22:19:57 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-23 22:19:57 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-09-23 22:19:57 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-09-23 22:19:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-23 22:19:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-23 22:19:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-23 21:22:32 75328 --a------ C:\WINDOWS\system32\dtpdnrli.exe <Not Verified; ; DDC>
2007-09-23 20:20:15 0 d-------- C:\Program Files\WinPerformance
2007-09-23 20:00:56 75328 --a------ C:\WINDOWS\system32\qhxjvvbi.exe <Not Verified; ; DDC>
2007-09-23 19:39:12 85568 -----n--- C:\WINDOWS\system32\fgljssqs.dll
2007-09-23 19:33:12 75328 --a------ C:\WINDOWS\system32\swxdbydy.exe <Not Verified; ; DDC>
2007-09-07 10:01:47 75328 --a------ C:\WINDOWS\system32\rnpnoyam.exe <Not Verified; ; DDC>
2007-09-06 22:50:23 75328 --a------ C:\WINDOWS\system32\kytfokxj.exe <Not Verified; ; DDC>
2007-09-06 16:50:28 75328 --a------ C:\WINDOWS\system32\amgawhag.exe <Not Verified; ; DDC>
2007-09-06 16:47:24 0 d-------- C:\WINDOWS\system32\tpdiumhe
2007-09-06 16:46:52 98304 --a------ C:\WINDOWS\ryvwjofq.dll
2007-09-06 13:16:16 75328 --a------ C:\WINDOWS\system32\qvupbocq.exe <Not Verified; ; DDC>


-- Find3M Report ---------------------------------------------------------------

2007-10-04 11:23:18 0 d-------- C:\Documents and Settings\Pepse\Application Data\AVG7
2007-10-01 13:11:05 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-09-29 21:41:42 124 --a------ C:\WINDOWS\p61v1
2007-09-23 23:24:07 0 d-------- C:\Program Files\DivX
2007-09-23 23:24:06 0 d-------- C:\Program Files\MyApp
2007-09-23 23:23:29 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-09-23 23:23:21 0 d-------- C:\Program Files\USoft
2007-09-03 00:44:28 75328 --a------ C:\WINDOWS\system32\gdtyabfb.exe <Not Verified; ; DDC>
2007-08-30 11:29:41 0 d-------- C:\Documents and Settings\Pepse\Application Data\Nokia
2007-08-30 11:11:54 75328 --a------ C:\WINDOWS\system32\oinasbuo.exe <Not Verified; ; DDC>
2007-08-29 11:10:02 75328 --a------ C:\WINDOWS\system32\lbhlhegj.exe <Not Verified; ; DDC>
2007-08-27 00:46:27 298080 -----n--- C:\WINDOWS\system32\vtutu.dll
2007-08-26 23:35:26 43542 -----n--- C:\WINDOWS\system32\khhiggf.dll
2007-08-25 12:13:24 0 d-------- C:\Documents and Settings\Pepse\Application Data\aMule
2007-08-16 12:40:32 0 dr-h----- C:\Documents and Settings\Pepse\Application Data\yahoo!
2007-08-15 21:01:29 0 d-------- C:\Program Files\qzidexet
2007-08-15 16:33:38 4 --a------ C:\WINDOWS\system32\60DCC5
2007-08-15 16:28:58 0 d-------- C:\Documents and Settings\Pepse\Application Data\Real
2007-08-15 16:27:34 0 d-------- C:\Program Files\The Weather Channel FW
2007-08-15 16:23:02 0 d-------- C:\Program Files\Common Files
2007-08-15 16:23:02 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-15 16:22:58 0 d-------- C:\Program Files\Common Files\Real
2007-08-15 16:07:56 0 d-------- C:\Documents and Settings\Pepse\Application Data\Apple Computer
2007-08-04 13:06:43 8 --a------ C:\Documents and Settings\Pepse\Application Data\NMM-MetaData.db
2007-08-04 13:04:01 0 d-------- C:\Documents and Settings\Pepse\Application Data\Nokia Multimedia Player
2007-08-02 12:12:27 528384 --a------ C:\WINDOWS\system32\After Dark Flying Toasters Free.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{479da9e8-1dd2-11b2-9fa9-873c0b90b5d5}]
C:\WINDOWS\rubcnsri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{645af146-1dd2-11b2-b2bb-8782910e93a0}]
C:\WINDOWS\tgfydonq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65526F9E-C0F8-4BE1-929A-9CE6B399641C}]
08/27/2007 12:46 AM 298080 --------- C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
10/04/2007 12:54 AM 77376 --a------ C:\WINDOWS\system32\xmkvgrrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B3F8A93-933C-4DDA-B24C-AEB0697C132A}]
08/26/2007 11:35 PM 43542 --------- C:\WINDOWS\system32\khhiggf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c48d83c8-1dd1-11b2-a29b-88574dde46ab}]
09/06/2007 04:46 PM 98304 --a------ C:\WINDOWS\ryvwjofq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService "= "carpserv.exe" [01/02/2002 07:06 PM C:\WINDOWS\system32\carpserv.exe]
"WCOLOREAL "= "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [01/22/2002 05:46 PM]
"CPQEASYACC "= "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [12/14/2001 03:01 PM]
"srmclean "= "C:\Cpqs\Scom\srmclean.exe" [07/24/2001 04:34 PM]
"Smapp "= "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [10/12/2001 04:45 PM]
"Microsoft Works Portfolio "= "C:\Program Files\Microsoft Works\WksSb.exe" [07/13/2000 01:00 PM]
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe" [07/13/2000 01:00 PM]
"AutoLogon "=" " []
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [11/06/2003 11:03 PM]
"nwiz "= "nwiz.exe" [11/06/2003 11:04 PM C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon "= "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 11:42 AM]
"CamMonitor "= "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/04/2002 05:36 PM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/07/2005 11:55 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"HPHUPD05 "= "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [07/07/2005 11:55 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/05/2003 04:41 PM]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [07/07/2005 11:55 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [09/23/2007 07:31 PM]
"PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 04:24 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/15/2007 04:22 PM]
"qzidexet "= "C:\Program Files\qzidexet\qxmxyvqn.dll" [08/15/2007 09:01 PM]
"Ultimate Fixer "= "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" []
"WebInf "= "C:\Program Files\Trkic\webinfox2.exe" [10/03/2007 12:38 AM]
"SearchIndexer "= "C:\WINDOWS\system32\ucbkkknt.dll" [10/04/2007 01:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [01/19/2007 01:49 PM]
"DW4 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [7/13/2000 1:00:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8B3F8A93-933C-4DDA-B24C-AEB0697C132A} "= C:\WINDOWS\system32\khhiggf.dll [08/26/2007 11:35 PM 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhiggf]
khhiggf.dll 08/26/2007 11:35 PM 43542 C:\WINDOWS\system32\khhiggf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\system32\vtutu.dll 08/27/2007 12:46 AM 298080 C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2007-10-04 11:46:11 ------------

Later. Pepse.

 

Hi Pepse

OK here is what we need to do next.

Go to Start > Run and type Services.msc then hit Ok
Scroll down and find the below service:

DomainService

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

aMule <<P2P files sharing is a good way to become infected, I suggest removing it.
qzidexet
Trkic
Ultimate Fixer
WebInf

Close the Control Panel.

Now we are going to have to copy and paste, but this time it will be done a little differently.
Here is how.

Put your cruser on the right side of the bottom file and left click your mouse. holding it down drag it across the line and up to the top left of the top file. let up on the mouse button
It should now be highlighted in black. Right click on the highlighted lines and click on copy in the menu that comes up.

• Double click OTMoveIt.exe to launch it.
• Now right click and Paste the contents of the box below into the left hand pane of OTMoveIt.

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Please post this log.
C:\_OTMoveIt\MovedFiles, and a new dss log.

Thanks
Geri

 

Geri,

I did the "Services.msc " bit and everything is good with that part, but as for the "ADD/REMOVE" part, none of those items come up. Also, as for the next part about the new way to copy/paste, unless I'm missing something (I re-read that part 4 times) The right side of the bottom file of what?? And then what/where?? Sorry you lost me, or didn't say everything I need to do.

Pepse.

 

Hi
"The right side of the bottom file of what?? "

Everything inside the blue box above. Those are all infected files.

Geri

 

Sorry for the late response. Other things happened. Anyway, it appears I have a bigger problem as after pasting the stuff in OTMoveit and then clicking on Move It I have an error htat I can't cut and paste here so I will type it in.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtutu.dll
C:\WIDOWS\system32\vtutu.dll NOT unregistered.
File move failed. C:\Windows\system32\vtutu.dll scheduled to be removed on reboot.

File/Folder C:\WINDOWS\system32\xmkvgrrw.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\khhiggif.dll
C:\WINDOWS\system32\khhiggf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\khhiggf.dll scheduled to be removed on reboot.

Now one reason for this error is that when I intially ran the program it locked up and after an hour of waiting I decided to reboot the compter. On re-boot I got an error of: ERROR LOADING C:\WINDOWS\system32\hejbrfdu.dll Specified Move could not be found.

Also, whether it matters or not I have been using IE 6.02.xxxxxx .

Later. Pepse.

 

Hi Pepse
OK, Please delete OTMoveIt.

We'll try this one instead.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below by highlighting ALL of them right-click and choose copy):
  
  C:\WINDOWS\system32\vtutu.dll
  C:\WINDOWS\system32\xmkvgrrw.dll
  C:\WINDOWS\system32\khhiggf.dll
  C:\WINDOWS\ryvwjofq.dll
  C:\Program Files\qzidexet\qxmxyvqn.dll
  C:\Program Files\Ultimate Fixer\UltimateFixer.exe
  C:\Program Files\Trkic\webinfox2.exe
  C:\WINDOWS\system32\ucbkkknt.dll
  C:\WINDOWS\system32\xmkvgrrw.dll
  C:\WINDOWS\system32\npseixxb.exe
  C:\WINDOWS\system32\ututv.bak2
  C:\WINDOWS\system32\lufbbcbs.dll
  C:\WINDOWS\system32\mypkhfjl.dll
  C:\WINDOWS\system32\jprueowk.exe
  C:\WINDOWS\system32\pyqikxie.dll
  C:\WINDOWS\system32\shkeglkf.exe
  C:\WINDOWS\system32\wlwiqdnp.exe
  C:\WINDOWS\system32\rqfedtad.exe
  C:\WINDOWS\system32\ojoqmiac.exe
  C:\WINDOWS\system32\mstopxsl.exe
  C:\WINDOWS\system32\tytwtidh.exe
  C:\WINDOWS\system32\dtpdnrli.exe
  C:\WINDOWS\system32\qhxjvvbi.exe
  C:\WINDOWS\system32\fgljssqs.dll
  C:\WINDOWS\system32\swxdbydy.exe
  C:\WINDOWS\system32\rnpnoyam.exe
  C:\WINDOWS\system32\kytfokxj.exe
  C:\WINDOWS\system32\amgawhag.exe
  C:\WINDOWS\system32\tpdiumhe
  C:\WINDOWS\ryvwjofq.dll
  C:\WINDOWS\system32\qvupbocq.exe
  C:\WINDOWS\p61v1
  C:\WINDOWS\system32\gdtyabfb.exe
  C:\WINDOWS\system32\oinasbuo.exe
  C:\WINDOWS\system32\lbhlhegj.exe
  C:\WINDOWS\system32\60DCC5
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please post a new dss log.

Thanks
Geri

 

Geri,

No problems using Killbox. I did get a "PendingFileRename Operations:
PendingFileRename Operations Registry data has been removed by external proccess ". I did have to do a manual re-boot. And upon reboot I got that: ERROR LOADING C:\WINDOWS\system32\hejbrfdu.dll Specified MoModule could not be found . Oh, this copy/paste stuff is a piece of pie, thanx for telling me how to do it . Anyway here is the new DSS log:
Deckard's System Scanner v20070905.67
Run by Pepse on 2007-10-08 01:33:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pepse.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:51 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trkic\webinfox2.exe
C:\Program Files\Trkic\webinfox2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Pepse\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pepse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "www.google.com "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {194C175F-763A-41F5-B898-D7D592E46E0E} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {479da9e8-1dd2-11b2-9fa9-873c0b90b5d5} - C:\WINDOWS\rubcnsri.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {645af146-1dd2-11b2-b2bb-8782910e93a0} - C:\WINDOWS\tgfydonq.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\xmkvgrrw.dll (file missing)
O2 - BHO: (no name) - {8B3F8A93-933C-4DDA-B24C-AEB0697C132A} - C:\WINDOWS\system32\khhiggf.dll
O2 - BHO: (no name) - {c48d83c8-1dd1-11b2-a29b-88574dde46ab} - C:\WINDOWS\ryvwjofq.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [qzidexet] rundll32.exe "C:\Program Files\qzidexet\qxmxyvqn.dll ",Init
O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKLM\..\Run: [WebInf] C:\Program Files\Trkic\webinfox2.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hejbrfdu.dll ",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390
O20 - Winlogon Notify: khhiggf - C:\WINDOWS\SYSTEM32\khhiggf.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9640 bytes

-- Files created between 2007-09-08 and 2007-10-08 -----------------------------

2007-10-08 01:18:35 0 d-------- C:\!KillBox
2007-10-07 12:19:41 75328 --a------ C:\WINDOWS\system32\lgerwujj.exe <Not Verified; ; DDC>
2007-10-05 01:28:37 75328 --a------ C:\WINDOWS\system32\shffpper.exe <Not Verified; ; DDC>
2007-10-04 00:51:55 75328 -----n--- C:\WINDOWS\system32\npseixxb.exe <Not Verified; ; DDC>
2007-10-04 00:50:34 1502893 -----n--- C:\WINDOWS\system32\ututv.bak2
2007-10-03 01:31:28 77376 -----n--- C:\WINDOWS\system32\lufbbcbs.dll
2007-10-03 01:20:02 0 d-------- C:\VundoFix Backups
2007-10-03 01:15:23 0 d-------- C:\Program Files\Trend Micro
2007-10-03 00:41:05 75328 -----n--- C:\WINDOWS\system32\jprueowk.exe <Not Verified; ; DDC>
2007-10-03 00:38:28 0 d-------- C:\Program Files\Trkic
2007-10-02 09:55:56 77376 -----n--- C:\WINDOWS\system32\pyqikxie.dll
2007-10-01 12:53:39 75328 -----n--- C:\WINDOWS\system32\shkeglkf.exe <Not Verified; ; DDC>
2007-10-01 02:04:55 75328 -----n--- C:\WINDOWS\system32\wlwiqdnp.exe <Not Verified; ; DDC>
2007-10-01 00:59:26 75328 -----n--- C:\WINDOWS\system32\rqfedtad.exe <Not Verified; ; DDC>
2007-09-29 18:56:50 75328 -----n--- C:\WINDOWS\system32\ojoqmiac.exe <Not Verified; ; DDC>
2007-09-23 23:51:40 75328 -----n--- C:\WINDOWS\system32\mstopxsl.exe <Not Verified; ; DDC>
2007-09-23 23:35:27 75328 -----n--- C:\WINDOWS\system32\tytwtidh.exe <Not Verified; ; DDC>
2007-09-23 23:24:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-23 23:24:24 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-23 23:24:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-09-23 23:24:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-23 23:24:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-23 23:24:24 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-23 23:24:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-09-23 23:24:10 0 d-------- C:\WINDOWS\PerfInfo
2007-09-23 23:24:10 0 d-------- C:\Program Files\PerfSoft
2007-09-23 22:19:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-23 22:19:57 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-09-23 22:19:57 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-23 22:19:57 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-09-23 22:19:57 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-09-23 22:19:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-23 22:19:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-23 22:19:56 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-23 21:22:32 75328 -----n--- C:\WINDOWS\system32\dtpdnrli.exe <Not Verified; ; DDC>
2007-09-23 20:20:15 0 d-------- C:\Program Files\WinPerformance
2007-09-23 20:00:56 75328 -----n--- C:\WINDOWS\system32\qhxjvvbi.exe <Not Verified; ; DDC>
2007-09-23 19:39:12 85568 -----n--- C:\WINDOWS\system32\fgljssqs.dll
2007-09-23 19:33:12 75328 -----n--- C:\WINDOWS\system32\swxdbydy.exe <Not Verified; ; DDC>


-- Find3M Report ---------------------------------------------------------------

2007-10-07 12:15:27 0 d-------- C:\Documents and Settings\Pepse\Application Data\AVG7
2007-10-01 13:11:05 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-09-29 21:41:42 124 -----n--- C:\WINDOWS\p61v1
2007-09-23 23:24:07 0 d-------- C:\Program Files\DivX
2007-09-23 23:24:06 0 d-------- C:\Program Files\MyApp
2007-09-23 23:23:29 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2007-09-23 23:23:21 0 d-------- C:\Program Files\USoft
2007-09-07 10:01:47 75328 -----n--- C:\WINDOWS\system32\rnpnoyam.exe <Not Verified; ; DDC>
2007-09-06 22:50:23 75328 -----n--- C:\WINDOWS\system32\kytfokxj.exe <Not Verified; ; DDC>
2007-09-06 16:50:28 75328 -----n--- C:\WINDOWS\system32\amgawhag.exe <Not Verified; ; DDC>
2007-09-06 16:46:52 98304 -----n--- C:\WINDOWS\ryvwjofq.dll
2007-09-06 13:16:19 75328 -----n--- C:\WINDOWS\system32\qvupbocq.exe <Not Verified; ; DDC>
2007-09-03 00:44:28 75328 -----n--- C:\WINDOWS\system32\gdtyabfb.exe <Not Verified; ; DDC>
2007-08-30 11:29:41 0 d-------- C:\Documents and Settings\Pepse\Application Data\Nokia
2007-08-30 11:11:54 75328 -----n--- C:\WINDOWS\system32\oinasbuo.exe <Not Verified; ; DDC>
2007-08-29 11:10:02 75328 -----n--- C:\WINDOWS\system32\lbhlhegj.exe <Not Verified; ; DDC>
2007-08-27 00:46:27 298080 -----n--- C:\WINDOWS\system32\vtutu.dll
2007-08-26 23:35:26 43542 -----n--- C:\WINDOWS\system32\khhiggf.dll
2007-08-25 12:13:24 0 d-------- C:\Documents and Settings\Pepse\Application Data\aMule
2007-08-16 12:40:32 0 dr-h----- C:\Documents and Settings\Pepse\Application Data\yahoo!
2007-08-15 21:01:29 0 d-------- C:\Program Files\qzidexet
2007-08-15 16:33:38 4 -----n--- C:\WINDOWS\system32\60DCC5
2007-08-15 16:28:58 0 d-------- C:\Documents and Settings\Pepse\Application Data\Real
2007-08-15 16:27:34 0 d-------- C:\Program Files\The Weather Channel FW
2007-08-15 16:23:02 0 d-------- C:\Program Files\Common Files
2007-08-15 16:23:02 0 d-------- C:\Program Files\Common Files\xing shared
2007-08-15 16:22:58 0 d-------- C:\Program Files\Common Files\Real
2007-08-15 16:07:56 0 d-------- C:\Documents and Settings\Pepse\Application Data\Apple Computer
2007-08-04 13:06:43 8 --a------ C:\Documents and Settings\Pepse\Application Data\NMM-MetaData.db
2007-08-02 12:12:27 528384 --a------ C:\WINDOWS\system32\After Dark Flying Toasters Free.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{194C175F-763A-41F5-B898-D7D592E46E0E}]
08/27/2007 12:46 AM 298080 --------- C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{479da9e8-1dd2-11b2-9fa9-873c0b90b5d5}]
C:\WINDOWS\rubcnsri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{645af146-1dd2-11b2-b2bb-8782910e93a0}]
C:\WINDOWS\tgfydonq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
C:\WINDOWS\system32\xmkvgrrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B3F8A93-933C-4DDA-B24C-AEB0697C132A}]
08/26/2007 11:35 PM 43542 --------- C:\WINDOWS\system32\khhiggf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c48d83c8-1dd1-11b2-a29b-88574dde46ab}]
09/06/2007 04:46 PM 98304 --------- C:\WINDOWS\ryvwjofq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService "= "carpserv.exe" [01/02/2002 07:06 PM C:\WINDOWS\system32\carpserv.exe]
"WCOLOREAL "= "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [01/22/2002 05:46 PM]
"CPQEASYACC "= "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [12/14/2001 03:01 PM]
"srmclean "= "C:\Cpqs\Scom\srmclean.exe" [07/24/2001 04:34 PM]
"Smapp "= "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [10/12/2001 04:45 PM]
"Microsoft Works Portfolio "= "C:\Program Files\Microsoft Works\WksSb.exe" [07/13/2000 01:00 PM]
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe" [07/13/2000 01:00 PM]
"AutoLogon "=" " []
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [11/06/2003 11:03 PM]
"nwiz "= "nwiz.exe" [11/06/2003 11:04 PM C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon "= "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 11:42 AM]
"CamMonitor "= "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [06/04/2002 05:36 PM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/07/2005 11:55 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"HPHUPD05 "= "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [07/07/2005 11:55 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/05/2003 04:41 PM]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [07/07/2005 11:55 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [09/23/2007 07:31 PM]
"PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [03/11/2003 04:24 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [09/01/2006 04:57 PM]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/2007 03:10 PM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/15/2007 04:22 PM]
"qzidexet "= "C:\Program Files\qzidexet\qxmxyvqn.dll" [08/15/2007 09:01 PM]
"Ultimate Fixer "= "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" []
"WebInf "= "C:\Program Files\Trkic\webinfox2.exe" [10/03/2007 12:38 AM]
"SearchIndexer "= "C:\WINDOWS\system32\hejbrfdu.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [01/19/2007 01:49 PM]
"DW4 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [7/13/2000 1:00:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8B3F8A93-933C-4DDA-B24C-AEB0697C132A} "= C:\WINDOWS\system32\khhiggf.dll [08/26/2007 11:35 PM 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhiggf]
khhiggf.dll 08/26/2007 11:35 PM 43542 C:\WINDOWS\system32\khhiggf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\system32\vtutu.dll 08/27/2007 12:46 AM 298080 C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2007-10-08 01:34:32 ------------

Later. Pepse.

 

Hi

Please give me a uninstall list and a start up list.
Here is how.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Create a Startup List

• Open HiJackThis
• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools "
• Check off the 2 boxes next to the Box that says "Generate StartupList log "
• Click on the button "Generate StartupList log "
• Copy and past the StartupList from the notepad into your next post

Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Please post the Uninstall list, Start up list and the Combofix logs.
These logs may be to long for just one post, you may have to put them in two postings.

Thanks
Geri

 

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
After Dark Flying Toasters Free Screen Saver
Apple Software Update
AVG Free Edition
Camera Driver
Coloreal
Copy Utility
DVD Shrink 3.2
Easy Access Button Support
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
HijackThis 2.0.2
hp instant support
HP Photo and Imaging 1.1 - Photosmart Cameras
HP Software Update
Image Resizer Powertoy for Windows XP
Independence Day
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Macromedia Flash Player 8
Microsoft Plus! Digital Media Edition
Microsoft Plus! for Windows XP
Microsoft Works 6.0
ModemXpert
Mozilla Firefox (2.0.0.6)
Mozilla Firefox (2.0.0.7)
Mozilla Thunderbird (1.5.0.12)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MyDSC2
Nero Suite
Netscape (7.2)
Netscape Navigator (9.0b2)
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Display Driver
Official Guide To J. Michael Straczynski's Babylon 5
Oozic Player
Parashara's Light 6.1
PC Connectivity Solution
Photosmart 140,240,7200,7600,7700,7900 Series
PowerDVD
PowerManga (Uninstall)
QuickTime
RealPlayer
ScanToWeb
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sierra Utilities
SoundMAX
Spybot - Search & Destroy 1.4
The Weather Channel Desktop
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player (Remove Only)
Weather Services
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Browser Services
Yahoo! Essentials
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
YAMAHA DS-XG Driver

Pepse.

 

Geri,

The startup list is to long to post. How do I split it?

Pepse.

 

Hi
Go down to where you see,
Enumerating Download Program Files: Or Enumerating Winsock LSP files:
That should be close to half way.

Copy and paste everything above that and post it.
Then do everything below it and copy and paste it in a different post.

Don't forget the ComboFix log also.

Thanks
Geri

 

Geri,

My power supply died. Will have a new one by Friday. I live in smalltown USA and had to order one. Using wife's very old and slow HP/Win98SE for now.

Later. Pepse.