[ Inactive ] Can someone please help me out?

Unknown · December 2006

Can someone help me clean up my computer? I have trojans starting up programs that cause my computer to freeze up and heat up :Pwned: . Here is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:50:14 AM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Ludd\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\tbwfnfdq.dll
O2 - BHO: (no name) - {401E47B8-DD56-4299-9417-0CCB5146ACEe} - C:\WINDOWS\System32\bkgdxldl.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - C:\WINDOWS\system32\durvilx.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {5821B865-CF7B-A581-4940-09C838AE62FC} - C:\WINDOWS\System32\hhphzje.dll
O2 - BHO: (no name) - {83B2ADA8-717B-4EC2-921E-4B5A74C72F59} - C:\WINDOWS\system\tfpca.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\flcaocmw.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151336308\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ueobhkd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ueobhkd.dll,miwre
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\David Ludd\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.exe
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab?577d0a33efcde0691c644a97d2d3cfb5bcf0dd24fa78b1444efd7b06010744e2af1177332d8ae69b0e22b83f6833f0ccfb2c2ec9d907cb16c5449d0909ff:e9f80757f2e419fb40d34af26c7c6dd9
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O20 - Winlogon Notify: tfpca - C:\WINDOWS\system\tfpca.dll (file missing)
O20 - Winlogon Notify: winjpf32 - C:\WINDOWS\SYSTEM32\winjpf32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

zami · December 2006

Hi There!
I am currently working on your log.
I will get back to you as soon as possible.
~zami~

JayLenoJr685 · December 2006

Thanks alot for your help. It's already starting to run good. Here is my logfiles:

David Ludd - 06-12-03 15:12:54.88 Service Pack 1
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\David Ludd\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\ToolBar888
C:\Program Files\winupdates
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{40D71E7A-0958-1033-1018-040305130001}

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

2006-12-03 14:53 <DIR> d

C:\VundoFix Backups
2006-12-02 00:50 <DIR> d

C:\Program Files\HiJackThis
2006-12-01 16:14 <DIR> dr-h

C:\$VAULT$.AVG
2006-12-01 15:55 <DIR> d

C:\Documents and Settings\David Ludd\Application Data\AVG7
2006-12-01 15:55 <DIR> d

C:\Documents and Settings\All Users\Application Data\avg7
2006-11-28 18:39 132,116 --a

C:\WINDOWS\system32\bkgdxldl.dll
2006-11-27 19:45 132,116 --a

C:\WINDOWS\system32\jqnnompw.dll
2006-11-27 19:44 88,340 --a

C:\WINDOWS\system32\ldvrdeos.exe
2006-11-27 19:44 42,516 --a

C:\WINDOWS\system32\tbwfnfdq.dll
2006-11-27 19:44 126,996 --a

C:\WINDOWS\system32\kqigdpbr.dll
2006-11-26 20:05 126,996 --a

C:\WINDOWS\system32\bsflbkql.dll
2006-11-24 15:10 38,420 --a

C:\WINDOWS\system32\oqkdwqyx.dll
2006-11-22 00:54 132,116 --a

C:\WINDOWS\system32\pxueenej.dll
2006-11-22 00:54 126,996 --a

C:\WINDOWS\system32\ygdwtmkw.dll
2006-11-20 17:14 126,996 --a

C:\WINDOWS\system32\keosdjrx.dll
2006-11-20 08:23 126,996 --a

C:\WINDOWS\system32\nxtlmasj.dll
2006-11-19 13:03 126,996 --a

C:\WINDOWS\system32\tofafhjc.dll
2006-11-19 01:51 126,996 --a

C:\WINDOWS\system32\eirkatbl.dll
2006-11-18 11:58 126,996 --a

C:\WINDOWS\system32\aookjiuu.dll
2006-11-17 14:56 126,996 --a

C:\WINDOWS\system32\boqrutwo.dll
2006-11-15 15:25 96,256 --a

C:\WINDOWS\system32\durvilx.exe
2006-11-15 15:24 96,256 --a

C:\WINDOWS\system32\druid_cchoice.exe
2006-11-15 15:23 126,996 --a

C:\WINDOWS\system32\hlfcdcjm.dll
2006-11-12 13:47 96,256 --a-s---- C:\WINDOWS\system32\druid1.exe
2006-11-12 13:47 96,256 --a

C:\WINDOWS\system32\durvil1.exe
2006-11-12 13:47 151,040 --a

C:\WINDOWS\system32\durvil1.dll
2006-11-11 22:56 <DIR> d

C:\Program Files\QualityCodec
2006-11-11 20:37 45,056 --a

C:\WINDOWS\system32\regapi.exe
2006-11-11 16:40 <DIR> d

C:\Remote Programs
2006-11-11 16:40 <DIR> d

C:\Documents and Settings\All Users\Application Data\Exetender
2006-11-11 16:39 53,314

C:\WINDOWS\ExentInfo.exe
2006-11-11 16:39 <DIR> d

C:\Program Files\Verizon Games on Demand Player
2006-11-03 19:52 1,060,864 --a

C:\WINDOWS\system32\mfc71.dll
2006-11-03 19:52 <DIR> d

C:\Program Files\Common Files\DriveCleaner 2006 Free

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-03 15:19

d

C:\Program Files\Common Files
2006-12-02 13:37

d---s---- C:\Documents and Settings\David Ludd\Application Data\Microsoft
2006-12-01 16:36

d

C:\Program Files\Windows Media Player
2006-11-29 07:20

d

C:\Program Files\Hewlett-Packard
2006-11-11 16:39

d--h

C:\Program Files\InstallShield Installation Information
2006-11-02 18:29 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-11-02 18:29 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-11-02 18:29 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-11-01 22:28

d

C:\Program Files\VideoKeyCodec
2006-10-31 18:01 60436 --a

C:\WINDOWS\system32\lndxedlx.dll
2006-10-30 18:01 110612 --a

C:\WINDOWS\system32\pyqixtry.exe
2006-10-22 09:04 88272 --a

C:\Documents and Settings\David Ludd\Application Data\winantispyware2006freeinstall[1].exe
2006-10-21 14:17

d-a

C:\Program Files\MyWebSearch
2006-10-21 14:17

d

C:\Program Files\WinRAR
2006-10-21 09:20

d

C:\Program Files\PConPoint
2006-10-21 09:19

d

C:\Program Files\RegistryFix
2006-10-21 09:13

d

C:\Program Files\Common Files\Adaptec Shared
2006-10-21 09:11

d

C:\Program Files\Common Files\AOL
2006-10-19 17:05 67604 --a

C:\WINDOWS\system32\uobuburo.exe
2006-10-19 17:05

d

C:\Program Files\VSToolbar
2006-10-19 17:05

d

C:\Documents and Settings\David Ludd\Application Data\SearchToolbarCorp
2006-10-19 16:23 34308 --a

C:\WINDOWS\system32\BASSMOD.dll
2006-10-19 16:17

d

C:\Program Files\VideoCompressionCodec
2006-10-19 16:11

d

C:\Program Files\PCPitstop
2006-10-05 20:03

d

C:\Program Files\Ultimate Defender
2006-10-05 18:28

d

C:\Program Files\Ultimate Cleaner
2006-10-05 17:52

d

C:\Program Files\Diskeeper Corporation
2006-10-05 17:39

d

C:\Program Files\iTunes
2006-10-05 17:37

d

C:\Program Files\QuickTime
2006-10-05 17:37

d

C:\Program Files\Apple Software Update
2006-10-05 17:17

d

C:\Program Files\Viewpoint
2006-10-05 17:17

d

C:\Program Files\LimeWire
2006-10-05 17:17

d

C:\Program Files\Common Files\Microsoft Shared
2006-10-05 17:16

d

C:\Program Files\AOD
2006-10-05 17:16

d

C:\Program Files\AIM
2006-10-05 17:16

d

C:\Documents and Settings\David Ludd\Application Data\Aim(2)
2006-10-05 17:15

d

C:\Program Files\Messenger
2006-10-05 17:15

d

C:\Program Files\LimeWire(2)
2006-10-05 17:15

d

C:\Program Files\Java
2006-10-05 17:15

d

C:\Program Files\IMVU
2006-10-05 17:15

d

C:\Program Files\FunWebProducts(2)
2006-10-05 17:15

d

C:\Program Files\CONEXANT
2006-10-05 17:15

d

C:\Program Files\ComPlus Applications
2006-10-05 17:15

d

C:\Program Files\Cain
2006-10-05 17:15

d

C:\Program Files\AviSynth 2.5
2006-10-05 17:13

d

C:\Program Files\PestTrap
2006-10-05 17:11

d

C:\Program Files\FunWebProducts(3)
2006-10-05 17:09

d

C:\Program Files\Diablo II
2006-09-25 13:52 1561 --a

C:\Documents and Settings\David Ludd\Application Data\AdobeDLM.log

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"Regscan"="C:\\WINDOWS\\System32\\regscan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CARPService"="carpserv.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1151336308\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ueobhkd.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ueobhkd.dll,miwre"
"SDR6_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"PAS_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpca

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1138489156.job

Completion time: 06-12-03 15:19:25.39
C:\ComboFix.txt ... 06-12-03 15:19

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.3

Scan started at 2:53:53 PM 12/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\hhphzje.dll
C:\WINDOWS\system32\qommmji.dll
C:\WINDOWS\system32\ueobhkd.dll
C:\WINDOWS\system32\winjpf32.dll
C:\WINDOWS\system\tfpca.dll
C:\WINDOWS\system\acpft.ini
C:\WINDOWS\system\acpft.bak1
C:\WINDOWS\system\acpft.bak2
C:\WINDOWS\system\acpft.ini2

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhphzje.dll
C:\WINDOWS\system32\hhphzje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommmji.dll
C:\WINDOWS\system32\qommmji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ueobhkd.dll
C:\WINDOWS\system32\ueobhkd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\winjpf32.dll
C:\WINDOWS\system32\winjpf32.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system\acpft.ini
C:\WINDOWS\system\acpft.ini Has been deleted!

Attempting to delete C:\WINDOWS\system\acpft.bak1
C:\WINDOWS\system\acpft.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system\acpft.bak2
C:\WINDOWS\system\acpft.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system\acpft.ini2
C:\WINDOWS\system\acpft.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\winjpf32.dll
C:\WINDOWS\system32\winjpf32.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.13

Checking Java version...

Java version is 1.5.0.3

Scan started at 3:06:46 PM 12/3/2006

Listing files found while scanning....

C:\WINDOWS\system\tfpca.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 4:54:27 PM, on 12/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Common Files\AOL\1151336308\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\regscan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151336308\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\David Ludd\Start Menu\Programs\IMVU\Run IMVU.lnk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

zami · December 2006

test

zami · December 2006

testing

zami · December 2006

Download KillBox from here:
KillBox

Unzip the folder to your desktop.

* Start Killbox.exe
* Select the Delete on Reboot option.
* Click on the All Files button.
* Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\bkgdxldl.dll
C:\WINDOWS\system32\jqnnompw.dll
C:\WINDOWS\system32\ldvrdeos.exe
C:\WINDOWS\system32\tbwfnfdq.dll
C:\WINDOWS\system32\kqigdpbr.dll
C:\WINDOWS\system32\bsflbkql.dll
C:\WINDOWS\system32\oqkdwqyx.dll
C:\WINDOWS\system32\pxueenej.dll
C:\WINDOWS\system32\ygdwtmkw.dll
C:\WINDOWS\system32\keosdjrx.dll
C:\WINDOWS\system32\nxtlmasj.dll
C:\WINDOWS\system32\tofafhjc.dll
C:\WINDOWS\system32\eirkatbl.dll
C:\WINDOWS\system32\aookjiuu.dll
C:\WINDOWS\system32\boqrutwo.dll
C:\WINDOWS\system32\durvilx.exe
C:\WINDOWS\system32\druid_cchoice.exe
C:\WINDOWS\system32\hlfcdcjm.dll
C:\WINDOWS\system32\druid1.exe
C:\WINDOWS\system32\durvil1.exe
C:\WINDOWS\system32\durvil1.dll
C:\WINDOWS\system32\lndxedlx.dll
C:\WINDOWS\system32\pyqixtry.exe
C:\Documents and Settings\David Ludd\Application Data\winantispyware2006freeinstall[1].exe
C:\WINDOWS\system32\uobuburo.exe

Go to the File menu of Killbox, and choose Paste from Clipboard.
NOTE: You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Click the Delete File button that is a red-and-white X. Click Yes at the Delete on Reboot prompt.
Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log

Post this log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is good way to clean up Temp files:

Start > Run

then: cleanmgr

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. Reboot Your System in Safe Mode
How to use the F8 method to Start Your Computer in Safe Mode
Restart the computer.
As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
Use the arrow keys to select the Safe mode menu item
Press Enter.
2. Using Windows Explorer (Windows Key + E), locate the following folders, and DELETE them (if still present):

C:\Program Files\QualityCodec
C:\Program Files\VideoKeyCodec
C:\Program Files\MyWebSearch
C:\Program Files\VSToolbar
C:\Documents and Settings\David Ludd\Application Data\SearchToolbarCorp
C:\Program Files\VideoCompressionCodec
C:\Program Files\Ultimate Defender
C:\Program Files\Ultimate Cleaner
C:\Program Files\FunWebProducts(2)
C:\Program Files\ComPlus Applications
C:\Program Files\FunWebProducts(3)

STAY IN SAFEMODE!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
[*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
[*]If you have any infections you will prompted, then select "Apply all actions"
[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

3. Exit Explorer, and REBOOT BACK INTO NORMAL MODE
4. Finally, attach a fresh HJT log, avg antispyware log and killbox report to your next reply.

zami · January 2007

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[ Inactive ] Can someone please help me out?

Comments