Hello! I'm Xcyper33 and I need serious help please :) Virtuamonde, taskbar disappears

Question

Xcyper33 0 Newbie Poster

16 Years Ago

Thank you for helping me in advance. And you guys are so nice to start this forum up. I'll reccomend all of my friends here because I've seen you guys help alot of people. I guess I should start telling you the symptoms of my computer and post the Hijackthis so you can guys can view what exactly is wrong with my computer.

Well here are the symptoms, My taskbar occasionally disappears and with it takes key icons that secure my computer like Spybot, and Windows Defender. I get pop ups alot though not as serious as it use to be (Lehs.com yuck). Worse thing is Virtuamonde. Very bad trojan and I believe it is the mastermind behind it all. I sometimes get a "about blank" tab and then it starts to spam itself to the point where it is unresponsive. But I think that is due to the fact that my wireless router connection leaves on me which triggers this.

Also I get this windows message "DEP" I forget what is stands for but it makes me click it which makes the taskbar disappear. However it doesn't appear that often and my toolbar disappears on its own. Apparantly whenever I browse to a new page or open a new window, this triggers the task bar to disappear. Well that are most of my symptoms. here is this Hijackthis log so you can judge accordingly.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:47 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\VTTimer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gamefaqs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [vxdman] WTFCTF.exe
O4 - HKLM\..\Run: [sbin] panel_its.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\uipuhogw.dll",forkonce
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xwiz] cnftips.exe
O4 - HKCU\..\Run: [ftbar] NopeZ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: dxva_sig.txt
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Register\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PD - {4D80582B-A041-4CDC-BF41-1AE8CB5E5423} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154795972937
O20 - AppInit_DLLs: arpa.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 12554 bytes

Again, thank you in advance :)

windows-virus

2 Contributors
12 Replies
229 Views
1 Day Discussion Span
Latest Post 16 Years Ago Latest Post by crunchie

All 12 Replies

crunchie 990 Most Valuable Poster

16 Years Ago

1. Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

crunchie 990 Most Valuable Poster

16 Years Ago

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

crunchie 990 Most Valuable Poster

16 Years Ago

Can you please do the following.

===============

You will have to disable Spybot's Teatimer before we begin, as it will interfere with the fix. To do this can you start Spybot and go to the Mode button and select Advanced. Go to Tools > Resident and uncheck the box next to Tea-Timer. Make sure that the icon in the system tray is no longer there. If it is, just right click on it and select "Exit".
Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.
Do not forget to re-enable teatimer when we are done :).
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

===============

Can you also disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Turn on Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

===============

Scan with HijackThis and then place a check next to all the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop

O2 - BHO: (no name) - {1BB54790-BC1E-41F0-907D-E5FD3183A024} - (no file)
O2 - BHO: (no name) - {266D83FB-4B1D-1AEB-6B2C-1FE4C7B0B2C8} - (no file)
O2 - BHO: (no name) - {5BD182B2-06C0-4C58-96BD-DD32DCEBE8B5} - (no file)
O2 - BHO: (no name) - {6A95F53E-6B84-3D21-AB40-69E337E4FA98} - C:\WINDOWS\system32\vqe.dll (file missing)
O2 - BHO: (no name) - {6AB512D2-8A3A-8FC9-1B7B-DA581C7AF1CC} - (no file)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {A389EEE9-4702-4269-B360-42602056CAB0} - (no file)
O2 - BHO: (no name) - {A87F6225-55DE-4468-8AED-2FA87CEC1AEA} - (no file)
O2 - BHO: (no name) - {AD6DC212-54AD-5F5D-D947-599090D33A98} - C:\WINDOWS\system32\yhwpg.dll (file missing)
O2 - BHO: (no name) - {C33C8B9F-6750-4155-94F6-5AACE81038EA} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {C883552B-CB9D-CE3C-BF41-996C2F1F539A} - (no file)
O2 - BHO: (no name) - {EC138C13-53D7-4184-99A3-504066C43FBE} - (no file)
O2 - BHO: (no name) - {F60604AA-9816-C6E8-694B-C929AA8168C0} - C:\WINDOWS\system32\mpz.dll (file missing)
O2 - BHO: (no name) - {F8889485-0F3E-0E90-4108-58F077CD6D92} - (no file)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - (no file)

O4 - HKLM\..\Run: [sbin] panel_its.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe

O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1

O20 - AppInit_DLLs: arpa.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: gebcc - C:\WINDOWS\
O20 - Winlogon Notify: mlljh - C:\WINDOWS\
O20 - Winlogon Notify: tuvuurq - C:\WINDOWS\
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

Search for...

panel_its.exe
arpa.dll

...using "Start | Search...".

-

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:

Files to delete:
C:\WINDOWS\system32\cvmbbaun.dll
C:\WINDOWS\system32\tncjdadr.dll
C:\WINDOWS\system32\yorcrxcs.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\tuvuurq.dll
C:\WINDOWS\system32\kxftbynw.dll
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\tstwa.bak1
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\jlkkj.bak1
C:\WINDOWS\system32\ddcyx.dll
Folders to delete:
C:\Program Files\Block Checker

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Xcyper33 0 Newbie Poster · Answer 1 · 2007-07-27T19:48:28+00:00

Thanks for responding to my help topic! Here is the log you requested.

"Compaq_Owner" - 2007-07-27  9:18:50 - ComboFix 07-07-23.6 - Service Pack 2  NTFS



((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))



C:\WINDOWS\system32\cvmbbaun.dll
C:\WINDOWS\system32\tncjdadr.dll
C:\WINDOWS\system32\yorcrxcs.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak2
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\tuvuurq.dll
C:\WINDOWS\system32\tuvuurq.dll



* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\DOCUME~1\COMPAQ~1\APPLIC~1.\curity~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\dobe~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\dobe~2
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\fnts~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\icroso~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\icroso~1.net
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\mantec~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\mcroso~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\ppatch~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\racle~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\racle~2
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\sks~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\smante~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\ssembl~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\tsks~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\ymante~1
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\ystem~1
C:\DOCUME~1\COMPAQ~1\MYDOCU~1.\crosof~1.net
C:\DOCUME~1\COMPAQ~1\MYDOCU~1.\crosof~1.net\javaw.exe
C:\DOCUME~1\COMPAQ~1\MYDOCU~1.\mantec~1
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Rar$EX01.000\about ao\_desktop.ini
C:\Program Files\appatc~1
C:\Program Files\asembl~1
C:\Program Files\asks~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~2
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\scurit~1\spoolsv.exe
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymante~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\crosof~1.net
C:\Program Files\dobe~1
C:\Program Files\ecurit~1
C:\Program Files\fnts~1
C:\Program Files\fnts~2
C:\Program Files\mantec~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ppatch~1
C:\Program Files\racle~1
C:\Program Files\scurit~1
C:\Program Files\smante~1
C:\Program Files\smbols~1
C:\Program Files\ssembl~1
C:\Program Files\sstem~1
C:\Program Files\sstem3~1
C:\Program Files\stem~1
C:\Program Files\stem32~1
C:\Program Files\wnsxs~1
C:\Program Files\ystem~1
C:\WINDOWS\appatc~1
C:\WINDOWS\asembl~1
C:\WINDOWS\asks~1
C:\WINDOWS\asks~2
C:\WINDOWS\crosof~1
C:\WINDOWS\dobe~1
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\pppatc~2
C:\WINDOWS\sembly~1
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~2
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\tsks~1
C:\WINDOWS\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ymbols~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1



(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))



-------\LEGACY_SFSYNC02
-------\sfsync02



(((((((((((((((((((((((((   Files Created from 2007-06-27 to 2007-07-27  )))))))))))))))))))))))))))))))



2007-07-27 09:26    0   --a------   C:\WINDOWS\system32\sfsync02.dll
2007-07-27 09:17    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-07-27 05:52    69,184  --a------   C:\WINDOWS\system32\outaenlb.dll
2007-07-26 10:21    <DIR>    d--------   C:\Program Files\Pop up Blocker
2007-07-26 04:40    126,016 --a------   C:\WINDOWS\system32\ruqidode.dll
2007-07-25 07:11    <DIR>    d--------   C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
2007-07-25 04:45    126,016 --a------   C:\WINDOWS\system32\kxftbynw.dll
2007-07-25 04:34    1,765,610   --ahs----   C:\WINDOWS\system32\hjllm.bak2
2007-07-24 16:04    6,466   --ahs----   C:\WINDOWS\system32\hjllm.bak1
2007-07-24 16:04    228,960 --a------   C:\WINDOWS\system32\mlljh.dll
2007-07-24 08:22    6,471   --ahs----   C:\WINDOWS\system32\ybeeg.bak1
2007-07-24 07:18    6,471   --ahs----   C:\WINDOWS\system32\nqtss.bak2
2007-07-24 03:53    6,511   --ahs----   C:\WINDOWS\system32\ccbeg.bak1
2007-07-24 02:15    6,471   --ahs----   C:\WINDOWS\system32\rqstv.bak1
2007-07-23 21:52    6,471   --ahs----   C:\WINDOWS\system32\mmllm.bak1
2007-07-23 20:16    6,511   --ahs----   C:\WINDOWS\system32\xyadd.bak1
2007-07-23 08:23    6,471   --ahs----   C:\WINDOWS\system32\hgjlm.bak1
2007-07-23 07:43    <DIR>    d--------   C:\Program Files\StarWarsGalaxies
2007-07-23 07:42    <DIR>    d--------   C:\Program Files\Sony
2007-07-23 06:57    6,471   --ahs----   C:\WINDOWS\system32\ppqss.bak1
2007-07-23 05:48    6,489   --ahs----   C:\WINDOWS\system32\wycdd.bak1
2007-07-23 02:39    6,489   --ahs----   C:\WINDOWS\system32\egjlm.bak1
2007-07-23 01:06    6,488   --ahs----   C:\WINDOWS\system32\ijllm.bak1
2007-07-22 23:35    6,529   --ahs----   C:\WINDOWS\system32\hhhkj.bak1
2007-07-22 22:30    6,489   --ahs----   C:\WINDOWS\system32\rrqss.bak1
2007-07-22 20:14    6,528   --ahs----   C:\WINDOWS\system32\tstwa.bak1
2007-07-22 17:37    6,488   --ahs----   C:\WINDOWS\system32\nqtss.bak1
2007-07-22 16:35    6,488   --ahs----   C:\WINDOWS\system32\cccdd.bak1
2007-07-22 07:32    6,489   --ahs----   C:\WINDOWS\system32\bcbeg.bak1
2007-07-22 04:50    6,528   --ahs----   C:\WINDOWS\system32\bbadd.bak1
2007-07-20 23:32    6,529   --ahs----   C:\WINDOWS\system32\rqtwa.bak1
2007-07-20 16:21    6,529   --ahs----   C:\WINDOWS\system32\sttss.bak1
2007-07-20 12:40    6,405   --ahs----   C:\WINDOWS\system32\rrutv.bak1
2007-07-20 11:30    6,365   --ahs----   C:\WINDOWS\system32\jlkkj.bak1
2007-07-16 16:10    <DIR>    d--------   C:\Program Files\Trend Micro
2007-07-16 02:58    <DIR>    d--------   C:\Program Files\Windows Defender
2007-07-11 11:56    <DIR>    d--------   C:\Program Files\Panicware
2007-07-10 17:24    546 --a------   C:\WINDOWS\system32\V0503365.dat
2007-07-10 17:03    86,016  --a------   C:\WINDOWS\unvise32.exe
2007-07-10 17:03    <DIR>    d--------   C:\Program Files\Spyware Sweeper
2007-07-09 08:54    <DIR>    d--------   C:\Program Files\DAEMON Tools
2007-07-09 08:50    682,232 --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-07-09 02:30    <DIR>    d--------   C:\DOCUME~1\Admin\APPLIC~1\Help
2007-07-09 01:39    <DIR>    d--------   C:\Program Files\ElcomSoft
2007-07-09 01:04    <DIR>    d--------   C:\Program Files\Intelore
2007-07-08 06:36    <DIR>    d--------   C:\NeverwinterNights
2007-07-08 03:46    <DIR>    d--------   C:\X
2007-07-08 03:36    <DIR>    d--------   C:\Program Files\WarRock
2007-07-08 02:30    <DIR>    d--------   C:\DOCUME~1\Admin\APPLIC~1\Viewpoint
2007-07-08 02:01    200,704 --a------   C:\WINDOWS\system32\teulKit.dll
2007-07-08 01:59    <DIR>    d--------   C:\Program Files\CRS
2007-07-08 01:46    942,080 --a------   C:\cg.dll
2007-07-08 01:46    823,296 --a------   C:\BDAdClient.dll
2007-07-08 01:46    794 --a------   C:\wwiiol_netcheck.bat
2007-07-08 01:46    651,264 --a------   C:\libeay32.dll
2007-07-08 01:46    536,576 --a------   C:\SETTINGS.exe
2007-07-08 01:46    502,272 --a------   C:\granny2.dll
2007-07-08 01:46    28,672  --a------   C:\ExtTools.dll
2007-07-08 01:46    176,128 --a------   C:\cgGL.dll
2007-07-08 01:46    147,456 --a------   C:\ssleay32.dll
2007-07-08 01:46    118,784 --a------   C:\OpenThreadsWin32.dll
2007-07-08 01:46    <DIR>    d--------   C:\Data
2007-07-03 23:02    <DIR>    d--------   C:\SFX
2007-07-03 23:02    <DIR>    d--------   C:\Music
2007-07-03 23:01    <DIR>    d--------   C:\Program Files\Dvondrake Studios
2007-06-27 02:26    <DIR>    d--------   C:\DOCUME~1\Admin\APPLIC~1\BitTorrent



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-07-26 15:38:27 --------    d-----w C:\Program Files\MAIET
2007-07-25 23:29:03 --------    d-----w C:\Program Files\Trillian
2007-07-23 12:57:18 --------    d-----w C:\Program Files\NCH Swift Sound
2007-07-23 11:42:51 --------    d--h--w C:\Program Files\InstallShield Installation Information
2007-07-22 07:31:03 --------    d-----w C:\Program Files\Audiolib CD Ripper
2007-07-18 21:46:20 3,649   ----a-w C:\WINDOWS\viassary-hp.reg
2007-07-16 09:37:03 --------    d-----w C:\Program Files\MyWay
2007-07-15 06:00:21 --------    d-----w C:\Program Files\World of Warcraft
2007-07-14 09:17:18 --------    d-----w C:\Program Files\FreeRIP2
2007-07-11 01:11:25 --------    d-----w C:\Program Files\Intel
2007-07-10 20:26:12 562,688 --sh--r C:\WINDOWS\Intel.DLL
2007-07-03 17:14:59 --------    d-----w C:\Program Files\M3 GAME Manager
2007-07-02 01:21:31 --------    d-----w C:\Program Files\CaveStory
2007-06-04 20:50:15 --------    d-----w C:\Program Files\QuickTime
2007-06-04 20:48:16 --------    d-----w C:\Program Files\Bonjour
2007-06-04 20:38:25 --------    d-----w C:\Program Files\Common Files\Macrovision Shared
2007-05-29 16:54:16 --------    d-----w C:\Program Files\Warcraft III
2007-05-23 11:41:45 23,123  ----a-w C:\WINDOWS\War3Unin.dat
2007-05-23 05:08:57 2,829   ----a-w C:\WINDOWS\War3Unin.pif
2007-05-23 05:08:57 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-04-15 02:17:19 204 ----a-w C:\Program Files\27N7KRTJ.bat
2006-06-28 17:19:17 56  --sh--r C:\WINDOWS\system32\9C08340B19.sys
2006-06-28 17:19:17 1,890   --sha-w C:\WINDOWS\system32\KGyGaAvL.sys



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BB54790-BC1E-41F0-907D-E5FD3183A024}]
2007-07-24 16:04    228960  --a------   C:\WINDOWS\system32\mlljh.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266D83FB-4B1D-1AEB-6B2C-1FE4C7B0B2C8}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BD182B2-06C0-4C58-96BD-DD32DCEBE8B5}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A95F53E-6B84-3D21-AB40-69E337E4FA98}]
C:\WINDOWS\system32\vqe.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AB512D2-8A3A-8FC9-1B7B-DA581C7AF1CC}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A389EEE9-4702-4269-B360-42602056CAB0}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD6DC212-54AD-5F5D-D947-599090D33A98}]
C:\WINDOWS\system32\yhwpg.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C883552B-CB9D-CE3C-BF41-996C2F1F539A}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC138C13-53D7-4184-99A3-504066C43FBE}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F60604AA-9816-C6E8-694B-C929AA8168C0}]
C:\WINDOWS\system32\mpz.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8889485-0F3E-0E90-4108-58F077CD6D92}]


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 05:56 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-27 22:57]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"DXDllRegExe"="dxdllreg.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-27 23:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 18:13]
"vxdman"="WTFCTF.exe" []
"sbin"="panel_its.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-09 17:06]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 06:03]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" []
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2007-01-04 17:38]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2005-10-31 11:45]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"xwiz"="cnftips.exe" []
"ftbar"="NopeZ.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-31 18:11]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-03-01 19:11]
"Pop up Blocker"="C:\Program Files\Pop up Blocker\pd.exe" [2007-01-12 17:43]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t


C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
dxva_sig.txt [2007-04-27 17:05:01]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx]
C:\WINDOWS\system32\ddcyx.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcc]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
C:\WINDOWS\system32\mlljh.dll 2007-07-24 16:04 228960 C:\WINDOWS\system32\mlljh.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuurq]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32]
wintuh32.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=arpa.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^360Share Pro On Startup.lnk]
path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\360Share Pro On Startup.lnk
backup=C:\WINDOWS\pss\360Share Pro On Startup.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PlugPlay"=2 (0x2)
"iPodService"=3 (0x3)
"EventSystem"=3 (0x3)


R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
R0 srescan;srescan;C:\WINDOWS\system32\ZoneLabs\srescan.sys
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys
R2 NIOC;NIOC Service;\??\C:\WINDOWS\system32\NIOC.SYS
R2 WZCBDLService;WZCBDL Service;"C:\Program Files\WZCBDL Service\WZCBDLS.exe"
R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;C:\WINDOWS\system32\DRIVERS\NETR33X.SYS
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\system32\npptNT2.sys
S2 RPCSE;Remote Procedure Call (RPC) MO;C:\Program Files\Intel\Intel
S3 asbp2poa;asbp2poa;\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\asbp2poa.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys
S3 npkcusb;npkcusb;\??\C:\Program Files\Lineage II\system\npkcusb.sys
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
S3 PSSdk21;PSSdk21;\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv
S3 swanarp;swanarp;\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\swanarp.sys
S3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
S3 XDva016;XDva016;\??\C:\WINDOWS\system32\XDva016.sys
S3 XDva019;XDva019;\??\C:\WINDOWS\system32\XDva019.sys
S3 xnacc;Microsoft Common Controller For Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xnacc.sys
S3 XTrapD12;XTrapD12;\??\C:\WINDOWS\system32\XTrapD12.sys



Contents of the 'Scheduled Tasks' folder
2006-03-22 21:49:00  C:\WINDOWS\tasks\Easy Internet Sign-up.job
2007-07-27 13:37:45  C:\WINDOWS\tasks\MP Scheduled Scan.job


**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 09:36:56
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden registry entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************


Completion time: 2007-07-27  9:43:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 09:43


--- E O F ---



------
And here is another Highjackthis log (after I ran combofix).


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:37 AM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gamefaqs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [vxdman] WTFCTF.exe
O4 - HKLM\..\Run: [sbin] panel_its.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xwiz] cnftips.exe
O4 - HKCU\..\Run: [ftbar] NopeZ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: dxva_sig.txt
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Register\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PD - {4D80582B-A041-4CDC-BF41-1AE8CB5E5423} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154795972937
O20 - AppInit_DLLs: arpa.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe


--
End of file - 11771 bytes

Xcyper33 0 Newbie Poster · Answer 2 · 2007-07-28T06:56:43+00:00

Alrighty! I've done what you requested and here are the logs. Thanks in advance!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 8:39:16 PM 7/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\mlljh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\hjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!

Performing Repairs to the registry.
Done!

------
Here is updated Highjackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:42 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\VTTimer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gamefaqs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BB54790-BC1E-41F0-907D-E5FD3183A024} - (no file)
O2 - BHO: (no name) - {266D83FB-4B1D-1AEB-6B2C-1FE4C7B0B2C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BD182B2-06C0-4C58-96BD-DD32DCEBE8B5} - (no file)
O2 - BHO: (no name) - {6A95F53E-6B84-3D21-AB40-69E337E4FA98} - C:\WINDOWS\system32\vqe.dll (file missing)
O2 - BHO: (no name) - {6AB512D2-8A3A-8FC9-1B7B-DA581C7AF1CC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A389EEE9-4702-4269-B360-42602056CAB0} - (no file)
O2 - BHO: (no name) - {A87F6225-55DE-4468-8AED-2FA87CEC1AEA} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {AD6DC212-54AD-5F5D-D947-599090D33A98} - C:\WINDOWS\system32\yhwpg.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {C33C8B9F-6750-4155-94F6-5AACE81038EA} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {C883552B-CB9D-CE3C-BF41-996C2F1F539A} - (no file)
O2 - BHO: (no name) - {EC138C13-53D7-4184-99A3-504066C43FBE} - (no file)
O2 - BHO: (no name) - {F60604AA-9816-C6E8-694B-C929AA8168C0} - C:\WINDOWS\system32\mpz.dll (file missing)
O2 - BHO: (no name) - {F8889485-0F3E-0E90-4108-58F077CD6D92} - (no file)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [vxdman] WTFCTF.exe
O4 - HKLM\..\Run: [sbin] panel_its.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xwiz] cnftips.exe
O4 - HKCU\..\Run: [ftbar] NopeZ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: dxva_sig.txt
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Register\RegistrationReminder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PD - {4D80582B-A041-4CDC-BF41-1AE8CB5E5423} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154795972937
O20 - AppInit_DLLs: arpa.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: gebcc - C:\WINDOWS\
O20 - Winlogon Notify: mlljh - C:\WINDOWS\
O20 - Winlogon Notify: tuvuurq - C:\WINDOWS\
O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 14336 bytes

Xcyper33 0 Newbie Poster · Answer 3 · 2007-07-28T18:31:09+00:00

Alrighty, I followed your instructions as ordered. Here is the Avenger log and fresh Highjack log.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qphyhuqu

*******************

Script file located at: \??\C:\WINDOWS\ssvfbrwr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\cvmbbaun.dll not found!
Deletion of file C:\WINDOWS\system32\cvmbbaun.dll failed!

Could not process line:
C:\WINDOWS\system32\cvmbbaun.dll
Status: 0xc0000034

File C:\WINDOWS\system32\tncjdadr.dll not found!
Deletion of file C:\WINDOWS\system32\tncjdadr.dll failed!

Could not process line:
C:\WINDOWS\system32\tncjdadr.dll
Status: 0xc0000034

File C:\WINDOWS\system32\yorcrxcs.dll not found!
Deletion of file C:\WINDOWS\system32\yorcrxcs.dll failed!

Could not process line:
C:\WINDOWS\system32\yorcrxcs.dll
Status: 0xc0000034

File C:\WINDOWS\system32\xycdd.bak1 not found!
Deletion of file C:\WINDOWS\system32\xycdd.bak1 failed!

Could not process line:
C:\WINDOWS\system32\xycdd.bak1
Status: 0xc0000034

File C:\WINDOWS\system32\xycdd.bak2 not found!
Deletion of file C:\WINDOWS\system32\xycdd.bak2 failed!

Could not process line:
C:\WINDOWS\system32\xycdd.bak2
Status: 0xc0000034

File C:\WINDOWS\system32\xycdd.ini not found!
Deletion of file C:\WINDOWS\system32\xycdd.ini failed!

Could not process line:
C:\WINDOWS\system32\xycdd.ini
Status: 0xc0000034

File C:\WINDOWS\system32\tuvuurq.dll not found!
Deletion of file C:\WINDOWS\system32\tuvuurq.dll failed!

Could not process line:
C:\WINDOWS\system32\tuvuurq.dll
Status: 0xc0000034

File C:\WINDOWS\system32\kxftbynw.dll deleted successfully.

File C:\WINDOWS\system32\hjllm.bak2 not found!
Deletion of file C:\WINDOWS\system32\hjllm.bak2 failed!

Could not process line:
C:\WINDOWS\system32\hjllm.bak2
Status: 0xc0000034

File C:\WINDOWS\system32\hjllm.bak1 not found!
Deletion of file C:\WINDOWS\system32\hjllm.bak1 failed!

Could not process line:
C:\WINDOWS\system32\hjllm.bak1
Status: 0xc0000034

File C:\WINDOWS\system32\mlljh.dll not found!
Deletion of file C:\WINDOWS\system32\mlljh.dll failed!

Could not process line:
C:\WINDOWS\system32\mlljh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\ybeeg.bak1 deleted successfully.
File C:\WINDOWS\system32\nqtss.bak2 deleted successfully.
File C:\WINDOWS\system32\ccbeg.bak1 deleted successfully.
File C:\WINDOWS\system32\rqstv.bak1 deleted successfully.
File C:\WINDOWS\system32\mmllm.bak1 deleted successfully.
File C:\WINDOWS\system32\xyadd.bak1 deleted successfully.
File C:\WINDOWS\system32\hgjlm.bak1 deleted successfully.
File C:\WINDOWS\system32\ppqss.bak1 deleted successfully.
File C:\WINDOWS\system32\wycdd.bak1 deleted successfully.
File C:\WINDOWS\system32\egjlm.bak1 deleted successfully.
File C:\WINDOWS\system32\ijllm.bak1 deleted successfully.
File C:\WINDOWS\system32\hhhkj.bak1 deleted successfully.
File C:\WINDOWS\system32\rrqss.bak1 deleted successfully.
File C:\WINDOWS\system32\tstwa.bak1 deleted successfully.
File C:\WINDOWS\system32\nqtss.bak1 deleted successfully.
File C:\WINDOWS\system32\cccdd.bak1 deleted successfully.
File C:\WINDOWS\system32\bcbeg.bak1 deleted successfully.
File C:\WINDOWS\system32\bbadd.bak1 deleted successfully.
File C:\WINDOWS\system32\rqtwa.bak1 deleted successfully.
File C:\WINDOWS\system32\sttss.bak1 deleted successfully.
File C:\WINDOWS\system32\rrutv.bak1 deleted successfully.
File C:\WINDOWS\system32\jlkkj.bak1 deleted successfully.

File C:\WINDOWS\system32\ddcyx.dll not found!
Deletion of file C:\WINDOWS\system32\ddcyx.dll failed!

Could not process line:
C:\WINDOWS\system32\ddcyx.dll
Status: 0xc0000034

Folder C:\Program Files\Block Checker not found!
Deletion of folder C:\Program Files\Block Checker failed!

Could not process line:
C:\Program Files\Block Checker
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

And Highjack this..

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:48 AM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrayIconsOK\TrayIconsOK.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\VTTimer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = gamefaqs.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [vxdman] WTFCTF.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xwiz] cnftips.exe
O4 - HKCU\..\Run: [ftbar] NopeZ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: dxva_sig.txt
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Chaos Theory\Register\RegistrationReminder.exe
O4 - Startup: TrayIconsOK.lnk = C:\Program Files\TrayIconsOK\TrayIconsOK.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PD - {4D80582B-A041-4CDC-BF41-1AE8CB5E5423} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154795972937
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 11491 bytes

I'd like to add that for some reason my Sound & LAN icons have dissapeared and there isn't any sound on my computer o.O

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2007-07-28T18:47:35+00:00

I do not know why your sound has gone. You will probably need to reinstall your drivers :).

==

I need you to do a search for these files on your pc;

WTFCTF.exe
cnftips.exe
NopeZ.exe

and when you have found them, upload them for a scan.

http://virusscan.jotti.org http://www.virustotal.com/en/virustotalf.html

Post the results back here.

==

You can use the following to find the files;

Please download FileFind from Atribune:
http://www.atribune.org/downloads/FileFind.zip

Unzip the file and save it to your desktop.

To run FileFind, please do the following:

* Click on FileFind.exe
* In the box labeled "Enter the directory to search"
o Enter Drive eg.. C:\
* In the box labeled "Enter the file to search"
o Enter the file or use *.(file extention) to search for the file(s)
* Now click on the "Find" button
* Once the utility has found the files click on "Export"
* This will save a text file to your C:\ drive as "Export.txt"
* Double click on Export.txt, copy and paste this information in your next post

Xcyper33 0 Newbie Poster · Answer 5 · 2007-07-28T19:03:02+00:00

I couldn't find any of these files. Am I doing something wrong?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2007-07-28T20:11:52+00:00

Am I doing something wrong?

I do not know :). Did you use FileFind to try and locate them? If so, they probably do not exist and hijackthis is showing the orphaned registry entries.
That being the case, please do the following;

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O4 - HKLM\..\Run: [vxdman] WTFCTF.exe
O4 - HKCU\..\Run: [xwiz] cnftips.exe
O4 - HKCU\..\Run: [ftbar] NopeZ.exe

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

==

How are things going now?

Xcyper33 0 Newbie Poster · Answer 7 · 2007-07-28T22:18:26+00:00

Alrighty ^_^ I checked all of the above mentioned and all of those were deleted. Noticed a difference? Well nothing bad is happening now :P (besides the fact that I can't find my Sound/LAN icons)

Xcyper33 0 Newbie Poster · Answer 8 · 2007-07-28T23:38:42+00:00

Omg AWESOME. Everything is working even BETTER then it originally was. Thanks Crunch, you're AWESOME! I'll bump this topic if something comes up, THANKS ALL!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 9 · 2007-07-29T09:11:38+00:00

crunchie 990 Most Valuable Poster

16 Years Ago

No worries :).

Hello! I'm Xcyper33 and I need serious help please :) Virtuamonde, taskbar disappears

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers