kotaguy can you help againm:)

ozsurfie · Mar 28, 2007

gee everything was going ok and then i started getting adverts for a antivirus system supposedly! opening up windows in IE and firefox - not pop ups.
I have read all your replies and others and checked startup and found jusched,exe which is listed as an offending item - is that correct.
Is there anything else lurking there you can see. Many thanks again
oh i don't know if it is of any coincidence but since these star popping up a low disk space warning also pops up - there is over 50gb free on the disc!

Logfile of HijackThis v1.99.1
Scan saved at 10:46:53 AM, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\ca pestcontrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Maximizer\MxAlarm.exe
C:\Program Files\Maximizer\MxFinder.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\Stuart\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F0388F6-7635-4CD6-8B10-82DF3379386D} - C:\WINDOWS\system32\byxxwut.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\vyhlbpdo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9D7C71E5-507D-463F-AD2F-84E0D1FFE752} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: iiBar - {8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "D:\Program Files\ca pestcontrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byxxwut - byxxwut.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

KotaGuy · Mar 28, 2007

jusched.exe is legit... its part of Java.

But... you did get hit again.

Do me a favor please... rename HijackThis_v1.99.1.exe to kota.exe.

Rescan and post a new log.

ozsurfie · Mar 28, 2007

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:24:31 AM, on 29/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\ca pestcontrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Maximizer\MxAlarm.exe
C:\Program Files\Maximizer\MxFinder.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Stuart\Desktop\kota.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4F0388F6-7635-4CD6-8B10-82DF3379386D} - C:\WINDOWS\system32\byxxwut.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\vyhlbpdo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9D7C71E5-507D-463F-AD2F-84E0D1FFE752} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: iiBar - {8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "D:\Program Files\ca pestcontrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: byxxwut - byxxwut.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

KotaGuy · Mar 28, 2007

Thank you.

Please download VundoFix.exe to your desktop.

[*]Double-click VundoFix.exe to run it.
[*]Click the Scan for Vundo button.
[*]Once it's done scanning, click the Remove Vundo button.
[*]You will receive a prompt asking if you want to remove the files, click YES
[*]Once you click yes, your desktop will go blank as it starts removing Vundo.
[*]When completed, it will prompt that it will reboot your computer, click OK.
[*]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

ozsurfie · Mar 28, 2007

HI
The link only goes as far as asking me if i want to save it then nothing happens - i went to the website and tried it form there - smae thing happens

ozsurfie · Mar 28, 2007

the pages that keep coming up are for winfixer - i heard that there are a lot of people infected with it

KotaGuy · Mar 29, 2007

OK... thanks for the info. I'll pass that on to Attribune... may be something new that Vundo is doing to hinder the effectiveness of VundoFix.

For now please download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

ozsurfie · Mar 29, 2007

WinPFind3 logfile created on: 29/03/2007 11:47:22 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Stuart\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022 Mb Total Physical Memory | 454 Mb Available Physical Memory | 44.45% Memory free
1 Gb Paging File | 1 Gb Available in Paging File | 76.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37 Gb Total Space | 7 Gb Free Space | 21.46% Space Free
Drive D: | 111 Gb Total Space | 0 Gb Free Space | 0.01% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ARMANI
Current User Name: Stuart
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 25/03/2007 11:26:30 PM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.44.0.0 | Size = 81920 bytes | Modified Date = 27/12/2003 8:43:26 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
hotsync.exe -> %SystemDrive%\Palm\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 22/04/2003 3:46:44 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 8/11/2006 1:27:54 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> File not found
msgplus.exe -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
mxalarm.exe -> %ProgramFiles%\Maximizer\MxAlarm.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 147456 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
mxfinder.exe -> %ProgramFiles%\Maximizer\MxFinder.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 274432 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
netmeter.exe -> %ProgramFiles%\NetMeter\NetMeter.exe -> [Ver = | Size = 266240 bytes | Modified Date = 4/03/2004 2:47:30 PM | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
ppactivedetection.exe -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 3:47:18 PM | Attr = ]
w3dbsmgr.exe -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 26/03/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 7/12/2005 10:08:28 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 25/03/2007 11:26:30 PM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.44.0.0 | Size = 81920 bytes | Modified Date = 27/12/2003 8:43:26 PM | Attr = ]
DVD43 -> D:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe -> Fengtao Software Inc. [Ver = 5, 9, 6, 85 | Size = 267264 bytes | Modified Date = 1/05/2006 11:54:00 AM | Attr = ]
eTrust PestPatrol Active Protection -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 10:50:42 AM | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
Ptipbmf -> %System32%\ptipbmf.dll [rundll32.exe ptipbmf.dll,SetWriteCacheMode] -> [Ver = 1, 0, 0, 2 | Size = 118784 bytes | Modified Date = 5/06/2003 4:49:36 PM | Attr = R ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 3:47:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Flags -> -> File not found
Title -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C:\Program Files\NetMeter\NetMeter.exe -> %ProgramFiles%\NetMeter\NetMeter.exe -> [Ver = | Size = 266240 bytes | Modified Date = 4/03/2004 2:47:30 PM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Phoenix Labs [Ver = 1, 0, 6, 5 | Size = 1432064 bytes | Modified Date = 30/01/2007 12:39:34 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 4:45:08 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 4/11/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 24/09/2005 4:05:26 PM | Attr = ]
%AllUsersStartup%\MaxAlarm.lnk -> %ProgramFiles%\Maximizer\MxAlarm.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 147456 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
%AllUsersStartup%\MaxFinder.lnk -> %ProgramFiles%\Maximizer\MxFinder.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 274432 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
%AllUsersStartup%\Pervasive.SQL Workgroup Engine.lnk -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Stuart\Start Menu\Programs\Startup
%UserStartup%\HotSync Manager.lnk -> %SystemDrive%\Palm\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 22/04/2003 3:46:44 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{4F0388F6-7635-4CD6-8B10-82DF3379386D} [HKLM] -> %System32%\byxxwut.dll [] -> File not found
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 29/09/2006 12:13:28 AM | Attr = ]
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> D:\Program Files\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 9/10/2004 2:18:02 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
byxxwut -> byxxwut.dll -> File not found
pmkhf -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://ninemsn.com.au/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 8:38:22 PM | Attr = ]
{4F0388F6-7635-4CD6-8B10-82DF3379386D} [HKLM] -> %System32%\byxxwut.dll [Reg Data - Value does not exist] -> File not found
{57E218E6-5A80-4f0c-AB25-83598F25D7E9} [HKLM] -> %System32%\vyhlbpdo.dll [Reg Data - Value does not exist] -> [Ver = | Size = 48708 bytes | Modified Date = 27/03/2007 7:52:22 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{9D7C71E5-507D-463F-AD2F-84E0D1FFE752} [HKLM] -> %System32%\pmkhf.dll [Reg Data - Value does not exist] -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{508E4915-A314-4CB7-A874-7DE57659CAAE} -> 203.0.178.191 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->

[Files/Folders - Created Within 30 days]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 15/03/2007 11:26:43 PM | Attr = H ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 29/03/2007 10:31:56 AM | Attr = ]
PPv5Scan_Daily as Stuart at 7 50 AM.job -> %SystemRoot%\tasks\PPv5Scan_Daily as Stuart at 7 50 AM.job -> [Ver = | Size = 348 bytes | Created Date = 5/03/2007 9:50:47 AM | Attr = ]
fhkmp.bak1 -> %System32%\fhkmp.bak1 -> [Ver = | Size = 486434 bytes | Created Date = 25/03/2007 11:10:57 PM | Attr = HS]
fhkmp.bak2 -> %System32%\fhkmp.bak2 -> [Ver = | Size = 509064 bytes | Created Date = 27/03/2007 7:51:44 AM | Attr = HS]
fhkmp.ini -> %System32%\fhkmp.ini -> [Ver = | Size = 541227 bytes | Created Date = 27/03/2007 7:48:28 AM | Attr = HS]
fhkmp.ini2 -> %System32%\fhkmp.ini2 -> [Ver = | Size = 526194 bytes | Created Date = 26/03/2007 10:41:26 PM | Attr = HS]
fhkmp.tmp -> %System32%\fhkmp.tmp -> [Ver = | Size = 541227 bytes | Created Date = 26/03/2007 10:17:53 PM | Attr = HS]
noval3.ctm -> %System32%\noval3.ctm -> [Ver = | Size = 4693 bytes | Created Date = 27/03/2007 1:18:21 PM | Attr = ]
novamil3.dll -> %System32%\novamil3.dll -> Softland [Ver = 3.3.171 | Size = 9728 bytes | Created Date = 27/03/2007 1:18:20 PM | Attr = ]
novamnl3.dll -> %System32%\novamnl3.dll -> Softland [Ver = 3.3.170 | Size = 421888 bytes | Created Date = 27/03/2007 1:18:20 PM | Attr = ]
npqss.ini -> %System32%\npqss.ini -> [Ver = | Size = 353 bytes | Created Date = 25/03/2007 10:06:38 PM | Attr = HS]
Partizan.RRI -> %System32%\Partizan.RRI -> [Ver = | Size = 17 bytes | Created Date = 17/03/2007 6:52:10 PM | Attr = ]
pmkhf.dll -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Created Date = 25/03/2007 10:06:31 PM | Attr = HS]
ssqpn.dll -> %System32%\ssqpn.dll -> [Ver = | Size = 280676 bytes | Created Date = 25/03/2007 10:06:31 PM | Attr = HS]
vyhlbpdo.dll -> %System32%\vyhlbpdo.dll -> [Ver = | Size = 48708 bytes | Created Date = 27/03/2007 7:52:18 AM | Attr = ]
nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 3/03/2007 11:14:35 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 29/03/2007 10:43:12 AM | Attr = HS]
Palm -> %SystemDrive%\Palm -> [Folder | Modified Date = 6/03/2007 10:06:12 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 29/03/2007 1:30:16 PM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 29/03/2007 10:31:58 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/03/2007 11:21:38 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 15/03/2007 11:26:46 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 29/03/2007 9:20:26 AM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15/03/2007 11:27:16 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 101 bytes | Modified Date = 27/03/2007 2:17:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 15/03/2007 11:26:58 PM | Attr = H ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 16/03/2007 12:30:06 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 29/03/2007 1:16:40 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 29/03/2007 11:34:22 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29/03/2007 10:41:36 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 277 bytes | Modified Date = 29/03/2007 10:43:12 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 29/03/2007 11:47:18 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/03/2007 9:50:48 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 29/03/2007 11:22:30 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 631 bytes | Modified Date = 29/03/2007 10:43:12 AM | Attr = ]
PPv5Scan_Daily as Stuart at 7 50 AM.job -> %SystemRoot%\tasks\PPv5Scan_Daily as Stuart at 7 50 AM.job -> [Ver = | Size = 348 bytes | Modified Date = 28/03/2007 7:50:36 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 29/03/2007 9:20:34 AM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 330 bytes | Modified Date = 27/03/2007 10:00:02 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28/03/2007 1:17:16 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/03/2007 11:26:50 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 17/03/2007 7:35:50 PM | Attr = ]
fhkmp.bak1 -> %System32%\fhkmp.bak1 -> [Ver = | Size = 486434 bytes | Modified Date = 25/03/2007 11:10:58 PM | Attr = HS]
fhkmp.bak2 -> %System32%\fhkmp.bak2 -> [Ver = | Size = 509064 bytes | Modified Date = 29/03/2007 1:17:18 PM | Attr = HS]
fhkmp.ini -> %System32%\fhkmp.ini -> [Ver = | Size = 541227 bytes | Modified Date = 26/03/2007 10:43:44 PM | Attr = HS]
fhkmp.ini2 -> %System32%\fhkmp.ini2 -> [Ver = | Size = 526194 bytes | Modified Date = 29/03/2007 11:47:18 PM | Attr = HS]
fhkmp.tmp -> %System32%\fhkmp.tmp -> [Ver = | Size = 541227 bytes | Modified Date = 26/03/2007 10:41:14 PM | Attr = HS]
imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 3/03/2007 11:14:36 PM | Attr = ]
npqss.ini -> %System32%\npqss.ini -> [Ver = | Size = 353 bytes | Modified Date = 25/03/2007 10:06:42 PM | Attr = HS]
Partizan.RRI -> %System32%\Partizan.RRI -> [Ver = | Size = 17 bytes | Modified Date = 17/03/2007 7:35:50 PM | Attr = ]
pmkhf.dll -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
ssqpn.dll -> %System32%\ssqpn.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
vyhlbpdo.dll -> %System32%\vyhlbpdo.dll -> [Ver = | Size = 48708 bytes | Modified Date = 27/03/2007 7:52:22 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 25/03/2007 4:04:22 PM | Attr = ]
amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 32 | Size = 512096 bytes | Modified Date = 3/03/2007 11:14:36 PM | Attr = ]
Dvd43.sys -> %System32%\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Modified Date = 27/03/2007 2:17:14 PM | Attr = ]
nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.44.0.0 | Size = 68608 bytes | Modified Date = 27/12/2003 8:43:24 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.26 | Size = 14268928 bytes | Modified Date = 14/05/2004 5:26:34 PM | Attr = ]
aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 1/08/2005 7:46:08 PM | Attr = ]
aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 1/08/2005 7:46:48 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 0, 7, 0 | Size = 123904 bytes | Modified Date = 23/11/2002 1:21:28 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 3 | Size = 331776 bytes | Modified Date = 28/04/1999 3:01:12 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 12/07/2005 6:04:22 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ssqpn.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\UninstXviDDec.exe -> [Ver = | Size = 22782 bytes | Modified Date = 21/11/2005 3:38:26 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 3/08/2004 10:41:38 PM | Attr = ]

< End of report >

ozsurfie · Mar 29, 2007

also my scheduled avg has just come back with the usual list of tracking cookies and also one that it is saying isnt a threat its called not-a-virus.downloader.w32.winfixer.q - if anything had a suspicious label this does !! do i delete it or ..........................

KotaGuy · Mar 29, 2007

WinFixer is another name for Vundo. Once we got your PC cleaned up you shouldn't get that warning from AVG anymore.

Download CCleaner and install it but do not run it yet.

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {4F0388F6-7635-4CD6-8B10-82DF3379386D} [HKLM] -> %System32%\byxxwut.dll []
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> byxxwut -> byxxwut.dll
YY -> pmkhf -> %System32%\pmkhf.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {4F0388F6-7635-4CD6-8B10-82DF3379386D} [HKLM] -> %System32%\byxxwut.dll [Reg Data - Value does not exist]
YY -> {57E218E6-5A80-4f0c-AB25-83598F25D7E9} [HKLM] -> %System32%\vyhlbpdo.dll [Reg Data - Value does not exist]
YY -> {9D7C71E5-507D-463F-AD2F-84E0D1FFE752} [HKLM] -> %System32%\pmkhf.dll [Reg Data - Value does not exist]
[Files/Folders - Created Within 30 days]
NY -> fhkmp.bak1 -> %System32%\fhkmp.bak1
NY -> fhkmp.bak2 -> %System32%\fhkmp.bak2
NY -> fhkmp.ini -> %System32%\fhkmp.ini
NY -> fhkmp.ini2 -> %System32%\fhkmp.ini2
NY -> fhkmp.tmp -> %System32%\fhkmp.tmp
NY -> npqss.ini -> %System32%\npqss.ini
NY -> pmkhf.dll -> %System32%\pmkhf.dll
NY -> ssqpn.dll -> %System32%\ssqpn.dll
NY -> vyhlbpdo.dll -> %System32%\vyhlbpdo.dll
[Files/Folders - Modified Within 30 days]
NY -> fhkmp.bak1 -> %System32%\fhkmp.bak1
NY -> fhkmp.bak2 -> %System32%\fhkmp.bak2
NY -> fhkmp.ini -> %System32%\fhkmp.ini
NY -> fhkmp.ini2 -> %System32%\fhkmp.ini2
NY -> fhkmp.tmp -> %System32%\fhkmp.tmp
NY -> npqss.ini -> %System32%\npqss.ini
NY -> pmkhf.dll -> %System32%\pmkhf.dll
NY -> ssqpn.dll -> %System32%\ssqpn.dll
NY -> vyhlbpdo.dll -> %System32%\vyhlbpdo.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , UPX0 , -> %System32%\ssqpn.dll
Click to expand...

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:

[*]As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
[*]Use the arrow keys to select the Safe Mode menu item.
[*]Press the Enter key.

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT:Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

[*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
[*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.

Once the scan is complete do the following:

[*]Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
[*]At the bottom of the window click on the "Apply all actions" button

Note: Don't save the report before you hit the Apply action button.

[*]Next select the "Reports" icon at the top.
[*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
[*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Post the following back here:

[*] a new WinPFind3U report
[*] the AVG Anti-Spyware report
[*] the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log)

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

ozsurfie · Mar 29, 2007

the link wouldnt down load the cccleaner - could this virus? be learning what to interfere with ?? I just realised i could have d/l that other file using laptop which i have only just got so i have used that to d/l cc cleaner and about to start process you have described
thanks for you help back soon

KotaGuy · Mar 29, 2007

Could be the infection. Might be redirecting all links to what it wants you to go to.

Don't worry about CCleaner then.

Just follow the rest of the instructions for now.

ozsurfie · Mar 29, 2007

ok this is interesting - i am using laptop to get this too you - i put cccleaner on the desk top by d/l using the lap top then transfer via usb key drive. Booted into safe mode which doesnt bring up half the icons on the desk top and of course cccleaner is one of the missing ones. nothing happens when i go to my computer and try clicking on the c drive - can i try starting cc cleaner in safe mode from the usb drive or should i just reboot the computer into normal mode and post the log - i might be able to get the virtuo fix onto the desktop by usb as well??

ozsurfie · Mar 29, 2007

apologies for running commentary - now have avg running on system will post log when finished thanks

ozsurfie · Mar 29, 2007

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:27:16 PM 30/03/2007

+ Scan result:

C:\Documents and Settings\Stuart\Cookies\stuart@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Stuart\Cookies\stuart@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.80:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Stuart\Cookies\stuart@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Stuart\Cookies\stuart@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.72:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.74:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.76:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.77:C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\03qekyzp.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

::Report end

WinPFind3 logfile created on: 30/03/2007 1:30:43 PM
WinPFind3U by OldTimer - Version 1.0.31 Folder = C:\Documents and Settings\Stuart\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1022 Mb Total Physical Memory | 559 Mb Available Physical Memory | 54.71% Memory free
1 Gb Paging File | 1 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37 Gb Total Space | 7 Gb Free Space | 21.46% Space Free
Drive D: | 111 Gb Total Space | 0 Gb Free Space | 0.01% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ARMANI
Current User Name: Stuart
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/06/2005 11:46:24 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 25/03/2007 11:26:30 PM | Attr = ]
cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
cpf.exe -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.44.0.0 | Size = 81920 bytes | Modified Date = 27/12/2003 8:43:26 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.3: 2007030919 | Size = 7633008 bytes | Modified Date = 24/03/2007 9:49:52 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
hotsync.exe -> %SystemDrive%\Palm\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 22/04/2003 3:46:44 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 8/11/2006 1:27:54 PM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
msgplus.exe -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
mxalarm.exe -> %ProgramFiles%\Maximizer\MxAlarm.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 147456 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
mxfinder.exe -> %ProgramFiles%\Maximizer\MxFinder.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 274432 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
netmeter.exe -> %ProgramFiles%\NetMeter\NetMeter.exe -> [Ver = | Size = 266240 bytes | Modified Date = 4/03/2004 2:47:30 PM | Attr = ]
nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
ppactivedetection.exe -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 3:47:18 PM | Attr = ]
w3dbsmgr.exe -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.31.0 | Size = 318464 bytes | Modified Date = 26/03/2007 8:04:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 7/12/2005 10:08:28 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 12:13:20 AM | Attr = ]
(CmdAgent) Comodo Application Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.20 | Size = 361040 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 12:41:10 AM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 23/02/2006 4:45:06 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 7.4 | Size = 299008 bytes | Modified Date = 15/08/2002 8:26:26 PM | Attr = ]
(NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 32 | Size = 552064 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 6/11/2006 2:21:10 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 25/03/2007 11:26:30 PM | Attr = ]
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/06/2005 11:46:24 PM | Attr = ]
COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cpf.exe -> COMODO [Ver = 2.4.0.58 | Size = 1115728 bytes | Modified Date = 22/02/2007 2:23:12 PM | Attr = ]
DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.44.0.0 | Size = 81920 bytes | Modified Date = 27/12/2003 8:43:26 PM | Attr = ]
DVD43 -> D:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe -> Fengtao Software Inc. [Ver = 5, 9, 6, 85 | Size = 267264 bytes | Modified Date = 1/05/2006 11:54:00 AM | Attr = ]
eTrust PestPatrol Active Protection -> D:\Program Files\ca pestcontrol\PPActiveDetection.exe -> Computer Associates [Ver = 5, 0, 0, 0 | Size = 106496 bytes | Modified Date = 27/09/2004 7:09:06 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 23/02/2006 4:45:20 PM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 10:50:42 AM | Attr = ]
nod32kui -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 32 | Size = 949376 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 6/10/2003 2:16:00 PM | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 1 | Size = 222208 bytes | Modified Date = 8/11/2006 1:27:54 PM | Attr = ]
Ptipbmf -> %System32%\ptipbmf.dll [rundll32.exe ptipbmf.dll,SetWriteCacheMode] -> [Ver = 1, 0, 0, 2 | Size = 118784 bytes | Modified Date = 5/06/2003 4:49:36 PM | Attr = R ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 21/05/2006 12:59:50 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 3:47:18 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Flags -> -> File not found
Title -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
C:\Program Files\NetMeter\NetMeter.exe -> %ProgramFiles%\NetMeter\NetMeter.exe -> [Ver = | Size = 266240 bytes | Modified Date = 4/03/2004 2:47:30 PM | Attr = ]
MessengerPlus3 -> %ProgramFiles%\Messenger Plus! 3\MsgPlus.exe -> Patchou [Ver = 3, 62, 0, 146 | Size = 190024 bytes | Modified Date = 7/02/2006 10:31:50 PM | Attr = ]
PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Phoenix Labs [Ver = 1, 0, 6, 5 | Size = 1432064 bytes | Modified Date = 30/01/2007 12:39:34 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 4:45:08 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 4/11/1999 3:06:48 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 24/09/2005 4:05:26 PM | Attr = ]
%AllUsersStartup%\MaxAlarm.lnk -> %ProgramFiles%\Maximizer\MxAlarm.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 147456 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
%AllUsersStartup%\MaxFinder.lnk -> %ProgramFiles%\Maximizer\MxFinder.exe -> Maximizer Software Inc. [Ver = 9.0.1604.620 | Size = 274432 bytes | Modified Date = 6/02/2006 4:04:00 PM | Attr = ]
%AllUsersStartup%\Pervasive.SQL Workgroup Engine.lnk -> %SystemDrive%\PVSW\Bin\w3dbsmgr.exe -> [Ver = | Size = 106546 bytes | Modified Date = 9/06/2005 10:16:34 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Stuart\Start Menu\Programs\Startup
%UserStartup%\HotSync Manager.lnk -> %SystemDrive%\Palm\HOTSYNC.EXE -> Palm, Inc. [Ver = 4.0.4 | Size = 299008 bytes | Modified Date = 22/04/2003 3:46:44 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 29/09/2006 12:13:28 AM | Attr = ]
{93994DE8-8239-4655-B1D1-5F4E91300429} [HKLM] -> D:\Program Files\DVD Region+CSS Free\DVDShell.dll [] -> Fengtao Software Inc. [Ver = 5, 5, 0, 8 | Size = 49152 bytes | Modified Date = 9/10/2004 2:18:02 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
pmkhf -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://ninemsn.com.au/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 8:38:22 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{815630ED-D61D-49D4-B3D1-F3C6C610B188} [HKLM] -> %System32%\pmkhf.dll [Reg Data - Value does not exist] -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{8AA99D86-978D-4963-A845-24AF39FB0CF2} [HKLM] -> %ProgramFiles%\iiBar\iiBar.dll [iiBar] -> Polymorpheus [Ver = 2.0.15.21 | Size = 240128 bytes | Modified Date = 5/09/2006 9:26:42 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 4/08/2005 9:54:42 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{508E4915-A314-4CB7-A874-7DE57659CAAE} -> 203.0.178.191 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{9D190AE6-C81E-4039-8061-978EBAD10073} -> F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->

[Files/Folders - Created Within 30 days]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 15/03/2007 11:26:43 PM | Attr = H ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 29/03/2007 10:31:56 AM | Attr = ]
PPv5Scan_Daily as Stuart at 7 50 AM.job -> %SystemRoot%\tasks\PPv5Scan_Daily as Stuart at 7 50 AM.job -> [Ver = | Size = 348 bytes | Created Date = 5/03/2007 9:50:47 AM | Attr = ]
fhkmp.ini -> %System32%\fhkmp.ini -> [Ver = | Size = 521869 bytes | Created Date = 30/03/2007 11:42:31 AM | Attr = HS]
fhkmp.ini2 -> %System32%\fhkmp.ini2 -> [Ver = | Size = 517946 bytes | Created Date = 26/03/2007 10:41:26 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 30/03/2007 11:43:38 AM | Attr = ]
noval3.ctm -> %System32%\noval3.ctm -> [Ver = | Size = 4693 bytes | Created Date = 27/03/2007 1:18:21 PM | Attr = ]
novamil3.dll -> %System32%\novamil3.dll -> Softland [Ver = 3.3.171 | Size = 9728 bytes | Created Date = 27/03/2007 1:18:20 PM | Attr = ]
novamnl3.dll -> %System32%\novamnl3.dll -> Softland [Ver = 3.3.170 | Size = 421888 bytes | Created Date = 27/03/2007 1:18:20 PM | Attr = ]
Partizan.RRI -> %System32%\Partizan.RRI -> [Ver = | Size = 17 bytes | Created Date = 17/03/2007 6:52:10 PM | Attr = ]
pmkhf.dll -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Created Date = 25/03/2007 10:06:31 PM | Attr = HS]
nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 3/03/2007 11:14:35 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 212 bytes | Modified Date = 30/03/2007 11:02:40 AM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 30/03/2007 11:42:22 AM | Attr = ]
Palm -> %SystemDrive%\Palm -> [Folder | Modified Date = 6/03/2007 10:06:12 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 30/03/2007 11:10:58 AM | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 30/03/2007 11:40:14 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/03/2007 11:21:38 PM | Attr = H ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 15/03/2007 11:26:46 PM | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 30/03/2007 12:01:28 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15/03/2007 11:27:16 PM | Attr = ]
DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 101 bytes | Modified Date = 27/03/2007 2:17:22 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 15/03/2007 11:26:58 PM | Attr = H ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 0 bytes | Modified Date = 16/03/2007 12:30:06 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 29/03/2007 1:16:40 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 30/03/2007 12:05:34 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 29/03/2007 10:41:36 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 277 bytes | Modified Date = 30/03/2007 11:02:40 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 30/03/2007 1:30:42 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/03/2007 9:50:48 AM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 30/03/2007 1:24:54 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 631 bytes | Modified Date = 30/03/2007 11:02:40 AM | Attr = ]
PPv5Scan_Daily as Stuart at 7 50 AM.job -> %SystemRoot%\tasks\PPv5Scan_Daily as Stuart at 7 50 AM.job -> [Ver = | Size = 348 bytes | Modified Date = 30/03/2007 7:50:48 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 30/03/2007 12:01:36 PM | Attr = H ]
Spybot - Search & Destroy - Scheduled Task.job -> %SystemRoot%\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [Ver = | Size = 330 bytes | Modified Date = 27/03/2007 10:00:02 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28/03/2007 1:17:16 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/03/2007 11:26:50 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 17/03/2007 7:35:50 PM | Attr = ]
fhkmp.ini -> %System32%\fhkmp.ini -> [Ver = | Size = 521869 bytes | Modified Date = 30/03/2007 1:30:42 PM | Attr = HS]
fhkmp.ini2 -> %System32%\fhkmp.ini2 -> [Ver = | Size = 517946 bytes | Modified Date = 30/03/2007 11:37:24 AM | Attr = HS]
imon.dll -> %System32%\imon.dll -> Eset [Ver = 2, 70, 32 | Size = 298104 bytes | Modified Date = 3/03/2007 11:14:36 PM | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 30/03/2007 11:56:44 AM | Attr = ]
Partizan.RRI -> %System32%\Partizan.RRI -> [Ver = | Size = 17 bytes | Modified Date = 17/03/2007 7:35:50 PM | Attr = ]
pmkhf.dll -> %System32%\pmkhf.dll -> [Ver = | Size = 280676 bytes | Modified Date = 25/03/2007 10:06:38 PM | Attr = HS]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 30/03/2007 10:37:54 AM | Attr = ]
amon.sys -> %System32%\drivers\amon.sys -> Eset [Ver = 2, 70, 32 | Size = 512096 bytes | Modified Date = 3/03/2007 11:14:36 PM | Attr = ]
Dvd43.sys -> %System32%\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Modified Date = 27/03/2007 2:17:14 PM | Attr = ]
nod32drv.sys -> %System32%\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 3/03/2007 11:14:34 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemRoot%\daemon.dll -> [Ver = 3.44.0.0 | Size = 68608 bytes | Modified Date = 27/12/2003 8:43:24 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.26 | Size = 14268928 bytes | Modified Date = 14/05/2004 5:26:34 PM | Attr = ]
aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 1/08/2005 7:46:08 PM | Attr = ]
aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 1/08/2005 7:46:48 PM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 0, 7, 0 | Size = 123904 bytes | Modified Date = 23/11/2002 1:21:28 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 3 | Size = 331776 bytes | Modified Date = 28/04/1999 3:01:12 PM | Attr = ]
PTech , -> %System32%\LegitCheckControl.dll -> Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Modified Date = 12/07/2005 6:04:22 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\UninstXviDDec.exe -> [Ver = | Size = 22782 bytes | Modified Date = 21/11/2005 3:38:26 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 10:00:00 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 3/08/2004 10:41:38 PM | Attr = ]

< End of report >

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{4F0388F6-7635-4CD6-8B10-82DF3379386D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F0388F6-7635-4CD6-8B10-82DF3379386D} deleted successfully.
File C:\WINDOWS\SYSTEM32\byxxwut.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxwut deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhf deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\pmkhf.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F0388F6-7635-4CD6-8B10-82DF3379386D} deleted successfully.
File C:\WINDOWS\SYSTEM32\byxxwut.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57E218E6-5A80-4f0c-AB25-83598F25D7E9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57E218E6-5A80-4f0c-AB25-83598F25D7E9} deleted successfully.
File C:\WINDOWS\SYSTEM32\vyhlbpdo.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D7C71E5-507D-463F-AD2F-84E0D1FFE752} not found.
File move failed. C:\WINDOWS\SYSTEM32\pmkhf.dll scheduled to be moved on reboot.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\SYSTEM32\fhkmp.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\fhkmp.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\fhkmp.ini moved successfully.
C:\WINDOWS\SYSTEM32\fhkmp.ini2 moved successfully.
C:\WINDOWS\SYSTEM32\fhkmp.tmp moved successfully.
C:\WINDOWS\SYSTEM32\npqss.ini moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\pmkhf.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\ssqpn.dll moved successfully.
File C:\WINDOWS\SYSTEM32\vyhlbpdo.dll not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\SYSTEM32\fhkmp.bak1 not found!
File C:\WINDOWS\SYSTEM32\fhkmp.bak2 not found!
File C:\WINDOWS\SYSTEM32\fhkmp.ini not found!
File C:\WINDOWS\SYSTEM32\fhkmp.ini2 not found!
File C:\WINDOWS\SYSTEM32\fhkmp.tmp not found!
File C:\WINDOWS\SYSTEM32\npqss.ini not found!
File move failed. C:\WINDOWS\SYSTEM32\pmkhf.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\ssqpn.dll not found!
File C:\WINDOWS\SYSTEM32\vyhlbpdo.dll not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\SYSTEM32\ssqpn.dll not found!
< End of log >
Created on 03/30/2007 11:37:14

the above log file seems to be form several hours ago before i ran the fix and avg tho

KotaGuy · Mar 29, 2007

OK... post a new HijackThis log for me please.

ozsurfie · Mar 29, 2007

you mean a kota.exe file

ok here it is and i also managed to get ccleaner onto the desktop via usb and ran that too

Logfile of HijackThis v1.99.1
Scan saved at 2:21:39 PM, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\ca pestcontrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Maximizer\MxAlarm.exe
C:\Program Files\Maximizer\MxFinder.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stuart\Desktop\kota.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {815630ED-D61D-49D4-B3D1-F3C6C610B188} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: iiBar - {8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "D:\Program Files\ca pestcontrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\system32\pmkhf.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

KotaGuy · Mar 29, 2007

Can I get you to try grabbing VundoFix with your Laptop and putting it on the USB drive.

Then transfer it over to the Desktop of your PC.

Then run VundoFix using my previous instructions for it.

Once done post the VundoFix log and a new HijackTHis log please.

ozsurfie · Mar 30, 2007

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 2:40:48 PM 30/03/2007

Listing files found while scanning....

C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\pmkhf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 11:01:31 PM, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\ca pestcontrol\PPActiveDetection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Maximizer\MxAlarm.exe
C:\Program Files\Maximizer\MxFinder.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stuart\Desktop\kota.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {815630ED-D61D-49D4-B3D1-F3C6C610B188} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: iiBar - {8AA99D86-978D-4963-A845-24AF39FB0CF2} - C:\Program Files\iiBar\iiBar.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] "D:\Program Files\ca pestcontrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [DVD43] D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MaxAlarm.lnk = C:\Program Files\Maximizer\MxAlarm.exe
O4 - Global Startup: MaxFinder.lnk = C:\Program Files\Maximizer\MxFinder.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{508E4915-A314-4CB7-A874-7DE57659CAAE}: NameServer = 203.0.178.191
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

KotaGuy · Mar 30, 2007

Run and scan with HijackThis and place checks beside the following:

O2 - BHO: (no name) - {815630ED-D61D-49D4-B3D1-F3C6C610B188} - C:\WINDOWS\system32\pmkhf.dll (file missing)

Close all open broswers/windows and click the [bFix[/b] button.

Reboot. and post a new HijackThis log please.

Log in or Sign up

kotaguy can you help againm:)

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

Share This Page

Log in or Sign up

kotaguy can you help againm:)

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

ozsurfie Guest

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

ozsurfie Guest

KotaGuy Regular member

Share This Page

Useful Searches