Hello
I am new to this site, my daughter downloaded some virus a few days ago. Since then, system is slow, keep getting heaps of pop ups (includ.
nasty porn sites!) and also wants me to download XP Antivirus 2008, among other things. I also am unable to turn on my auto updates. I have
read the pre post notes, and have done as I have been asked. Here are the files I believe you need to see. Please forgive me if I have given you the wrong or too much info. I am so new to this. Thanks!
Deckard's System Scanner v20071014.68
Run by angela on 2008-07-22 17:15:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-07-23 00:15:09 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
System Drive C: has 3.37 GiB (less than 15%) free.

-- HijackThis (run as angela.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:59 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\angela\winlogon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\angela\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\angela.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: {b9e53123-408c-f009-6c34-7efb9218c8f2} - {2f8c8129-bfe7-43c6-900f-c80432135e9b} - C:\WINDOWS\system32\pcrwat.dll
O2 - BHO: (no name) - {403A3765-C163-46B1-AD81-51C3E4D53A6B} - C:\WINDOWS\system32\xxywVlLD.dll (file missing)
O2 - BHO: (no name) - {543C3B8A-F475-4CE3-A93B-59B42C5EAE84} - C:\WINDOWS\system32\rqRKCtqr.dll
O2 - BHO: (no name) - {59AAD935-DB8D-4289-A0A3-67E2B3B55BAB} - C:\WINDOWS\system32\efcYPjij.dll
O2 - BHO: (no name) - {6083c490-3697-4dd8-b8f6-877578401b82} - (no file)
O2 - BHO: (no name) - {68A850EE-195B-4564-A4AE-1D9B4501D9DF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {826104AC-742F-4BF1-8133-D34C36954CC1} - C:\WINDOWS\system32\tuvVMffc.dll (file missing)
O2 - BHO: (no name) - {86CF5770-6A10-4A56-816A-4ADF6497772B} - C:\WINDOWS\system32\efcCuTJB.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96F11316-0379-4CED-9352-DDB6C3DC3B89} - C:\WINDOWS\system32\xxywxxxv.dll (file missing)
O2 - BHO: (no name) - {A1376D25-2E3F-40B3-B70F-BE3EDD6E3274} - (no file)
O2 - BHO: (no name) - {B4977567-6B39-4AFA-9CD2-47A20209F5FE} - C:\WINDOWS\system32\xxyaXpOH.dll (file missing)
O2 - BHO: (no name) - {B915237E-280A-46EE-95FD-B08EDAD7C2AA} - C:\WINDOWS\system32\hgGvUkjk.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0} - C:\WINDOWS\system32\qoMcyYsP.dll (file missing)
O2 - BHO: (no name) - {D38DB21E-3DD4-43DF-A748-C8842753473D} - C:\WINDOWS\system32\nnnmlMcb.dll (file missing)
O2 - BHO: targetedbanner browser optimizer - {d9048156-fae4-3079-ada3-427130051f13} - C:\WINDOWS\system32\gsepeflhuia.dll
O2 - BHO: (no name) - {EA4D0568-BCAB-4D79-9AB9-76A5917B83A6} - C:\WINDOWS\system32\wvUKEuSl.dll (file missing)
O2 - BHO: (no name) - {EBB926B7-31D5-4333-AC96-27FEEDAD01C6} - C:\WINDOWS\system32\byXOhfEW.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\angela\winlogon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{d6f0f0cd-a82a-36aa-f88c-d27c974fa121}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gsepeflhuia.dll" DllStart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092C BD44BD8689220221DD3257
O4 - HKLM\..\Run: [a89728b9] rundll32.exe "C:\WINDOWS\system32\ymvmugvf.dll",b
O4 - HKLM\..\Run: [BMaba41b25] Rundll32.exe "C:\WINDOWS\system32\riythduf.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/acti...CamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: cbXRJATK - cbXRJATK.dll (file missing)
O20 - Winlogon Notify: efcYPjij - C:\WINDOWS\SYSTEM32\efcYPjij.dll
O20 - Winlogon Notify: qoMcyYsP - qoMcyYsP.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 9212 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 NTIDrvr - c:\program files\muvee technologies\muvee autoproducer 6.1\mvburnerdll\ntidrvr.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-07-22 17:11:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-22 16:57:43 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-19 14:49:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------
2008-07-22 01:42:17 102912 --a------ C:\WINDOWS\system32\pcrwat.dll
2008-07-22 01:42:11 102912 --a------ C:\WINDOWS\system32\eglcfjgs.dll
2008-07-22 01:40:08 81408 --a------ C:\WINDOWS\system32\ymvmugvf.dll
2008-07-22 01:39:53 93184 --a------ C:\WINDOWS\system32\riythduf.dll
2008-07-22 01:39:02 558886 --ahs---- C:\WINDOWS\system32\rqtCKRqr.ini2
2008-07-22 01:38:50 283136 --a------ C:\WINDOWS\system32\rqRKCtqr.dll
2008-07-21 12:56:28 0 d-------- C:\Documents and Settings\angela\.housecall6.6
2008-07-21 12:49:27 0 d-------- C:\Program Files\Trend Micro
2008-07-21 11:17:25 0 d-------- C:\Program Files\SpywareBlaster
2008-07-21 09:33:43 102400 --a------ C:\WINDOWS\system32\pvxwuh.dll
2008-07-21 09:33:37 102400 --a------ C:\WINDOWS\system32\tuwebcau.dll
2008-07-21 09:27:52 93184 --a------ C:\WINDOWS\system32\oxxgqywl.dll
2008-07-21 09:27:01 570436 --ahs---- C:\WINDOWS\system32\lSuEKUvw.ini2
2008-07-21 08:27:51 102912 --a------ C:\WINDOWS\system32\jzxsvz.dll
2008-07-21 08:27:45 102912 --a------ C:\WINDOWS\system32\isfelwav.dll
2008-07-21 08:24:45 81408 -----n--- C:\WINDOWS\system32\wvulyfit.dll
2008-07-21 08:22:58 94208 --a------ C:\WINDOWS\system32\hbytagbx.dll
2008-07-20 15:41:34 0 d-------- C:\Documents and Settings\angela\Application Data\Ahead
2008-07-20 15:01:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-20 14:34:09 0 d-------- C:\Program Files\Nero
2008-07-20 14:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-20 14:34:07 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-20 01:29:44 102400 --a------ C:\WINDOWS\system32\cmrlrq.dll
2008-07-20 01:29:39 102400 --a------ C:\WINDOWS\system32\rbilikmg.dll
2008-07-20 01:26:38 553566 --ahs---- C:\WINDOWS\system32\eMpsCfhk.ini2
2008-07-19 11:08:25 0 d-------- C:\Documents and Settings\angela\Application Data\muvee Technologies
2008-07-19 08:22:56 0 d-------- C:\WINDOWS\system32\carH18
2008-07-19 01:19:34 102400 --a------ C:\WINDOWS\system32\ucdoax.dll
2008-07-19 01:19:28 102400 --a------ C:\WINDOWS\system32\ktdypoep.dll
2008-07-19 01:17:57 93696 --a------ C:\WINDOWS\system32\uobabxje.dll
2008-07-19 01:14:40 554409 --ahs---- C:\WINDOWS\system32\bcMlmnnn.ini2
2008-07-18 13:11:42 81920 --a------ C:\WINDOWS\system32\atuxyixv.dll
2008-07-18 13:08:47 102912 --a------ C:\WINDOWS\system32\uztnym.dll
2008-07-18 13:08:42 102912 --a------ C:\WINDOWS\system32\dabvfrlp.dll
2008-07-18 13:07:24 93696 --a------ C:\WINDOWS\system32\nxqstjbl.dll
2008-07-18 13:05:41 550055 --ahs---- C:\WINDOWS\system32\BJTuCcfe.ini2
2008-07-18 10:14:42 0 d--h----- C:\$AVG8.VAULT$
2008-07-18 09:56:45 102912 --a------ C:\WINDOWS\system32\gguhza.dll
2008-07-18 09:56:37 102912 --a------ C:\WINDOWS\system32\uggwqlah.dll
2008-07-18 09:52:33 93696 --a------ C:\WINDOWS\system32\udrmmyld.dll
2008-07-18 08:12:02 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 08:11:41 0 d-------- C:\Program Files\AVG
2008-07-18 08:11:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-18 07:51:02 355 --a------ C:\874.bat
2008-07-18 00:10:27 102912 --a------ C:\WINDOWS\system32\gdixqc.dll
2008-07-18 00:10:24 102912 --a------ C:\WINDOWS\system32\rbcotakd.dll
2008-07-18 00:09:48 93696 --a------ C:\WINDOWS\system32\nxdrwjqx.dll
2008-07-18 00:08:30 549797 --ahs---- C:\WINDOWS\system32\vxxxwyxx.ini2
2008-07-17 21:05:01 0 d--hs---- C:\WINDOWS\ZGF5
2008-07-17 09:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-17 08:45:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-17 08:45:08 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-17 08:45:08 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-07-17 08:41:38 0 d-------- C:\WINDOWS\pss
2008-07-17 07:17:04 6553600 --a------ C:\Documents and Settings\angela\ntuser.dat
2008-07-17 07:17:00 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-16 22:47:59 450 --ahs---- C:\WINDOWS\system32\YFijQqru.ini2
2008-07-16 09:41:56 102400 --a------ C:\WINDOWS\system32\vcapam.dll
2008-07-16 09:41:53 102400 --a------ C:\WINDOWS\system32\tftjdwke.dll
2008-07-16 09:38:52 692073 --ahs---- C:\WINDOWS\system32\WEfhOXyb.ini2
2008-07-16 09:33:55 64841 --a------ C:\WINDOWS\system32\zizzypxkzblarlyxs.exe
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\xys7
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\tsoc
2008-07-16 09:33:50 0 d-------- C:\WINDOWS\system32\pv2
2008-07-16 09:33:43 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-16 09:33:39 32256 --a------ C:\WINDOWS\system32\efcYPjij.dll
2008-07-16 06:47:35 54116 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-15 05:32:48 537 --ahs---- C:\WINDOWS\system32\kjkUvGgh.ini2
2008-07-14 22:17:34 551761 --ahs---- C:\WINDOWS\system32\DLlVwyxx.ini2
2008-07-14 17:24:25 0 d-------- C:\Documents and Settings\angela\Application Data\gtk-2.0
2008-07-14 17:23:06 0 d-------- C:\Documents and Settings\angela\.gimp-2.4
2008-07-14 14:36:04 0 d-------- C:\Program Files\Aurora Digital Imaging
2008-07-14 14:34:49 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-14 14:22:04 0 d-------- C:\Documents and Settings\angela\Application Data\Help
2008-07-14 09:10:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 07:32:44 0 d-------- C:\Program Files\Windows Defender
2008-07-14 06:27:29 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-07-14 06:18:09 2582 --ahs---- C:\WINDOWS\system32\cffMVvut.ini2
2008-07-14 06:13:00 0 d-------- C:\WINDOWS\system32\olixds18
2008-07-14 06:13:00 0 d-------- C:\Temp
2008-07-13 14:18:20 0 d-------- C:\Documents and Settings\angela\Application Data\FastStone
2008-07-10 22:12:05 0 d-------- C:\Program Files\iPod
2008-07-10 21:54:32 0 d-------- C:\Program Files\Safari
2008-07-08 08:10:44 158208 --a------ C:\WINDOWS\system32\gsepeflhuia.dll
2008-07-03 22:52:38 0 d-------- C:\Documents and Settings\Jen\Application Data\Sun
2008-07-02 12:28:54 0 d-------- C:\DVDVideoSoft
2008-07-02 12:28:24 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-02 12:28:23 0 d-------- C:\Program Files\DVDVideoSoft
2008-07-01 17:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
2008-07-01 17:31:15 0 d-------- C:\Program Files\Flypaper Beta
2008-07-01 17:24:04 0 d-------- C:\Program Files\MSBuild
2008-07-01 17:23:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-01 17:23:42 0 d-------- C:\Program Files\Reference Assemblies
2008-07-01 17:17:12 0 d-------- C:\Program Files\MSXML 6.0
2008-06-27 18:38:32 53248 ---hs---- C:\Documents and Settings\Jen\winlogon.exe
2008-06-27 18:38:32 53248 ---hs---- C:\Documents and Settings\angela\winlogon.exe

-- Find3M Report ---------------------------------------------------------------
2008-07-22 16:56:29 0 d-------- C:\Documents and Settings\angela\Application Data\Skype
2008-07-21 16:45:08 0 d-------- C:\Program Files\Picasa2
2008-07-20 14:34:07 0 d-------- C:\Program Files\Common Files
2008-07-20 13:50:08 0 d-------- C:\Program Files\Ahead
2008-07-20 10:02:14 0 d-------- C:\Documents and Settings\angela\Application Data\LimeWire
2008-07-20 06:53:01 0 d-------- C:\Program Files\LimeWire
2008-07-20 06:33:28 0 d-------- C:\Program Files\Incomplete
2008-07-16 09:42:56 0 d-------- C:\Documents and Settings\angela\Application Data\Adobe
2008-07-16 09:42:54 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-14 13:36:28 0 d-------- C:\Program Files\Java
2008-07-13 07:03:00 0 d-------- C:\Documents and Settings\angela\Application Data\Apple Computer
2008-07-10 22:12:39 0 d-------- C:\Program Files\iTunes
2008-07-10 22:08:19 0 d-------- C:\Program Files\QuickTime
2008-06-10 03:04:20 0 d-------- C:\Program Files\Microsoft Works
2008-06-08 10:38:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 09:12:06 33280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL <Not Verified; Disappearing Inc.; Huffyuv>
2008-05-10 17:13:59 50 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2f8c8129-bfe7-43c6-900f-c80432135e9b}]
07/22/2008 01:42 AM 102912 --a------ C:\WINDOWS\system32\pcrwat.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{403A3765-C163-46B1-AD81-51C3E4D53A6B}]
C:\WINDOWS\system32\xxywVlLD.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{543C3B8A-F475-4CE3-A93B-59B42C5EAE84}]
07/22/2008 01:38 AM 283136 --a------ C:\WINDOWS\system32\rqRKCtqr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59AAD935-DB8D-4289-A0A3-67E2B3B55BAB}]
07/16/2008 09:33 AM 32256 --a------ C:\WINDOWS\system32\efcYPjij.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6083c490-3697-4dd8-b8f6-877578401b82}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68A850EE-195B-4564-A4AE-1D9B4501D9DF}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{826104AC-742F-4BF1-8133-D34C36954CC1}]
C:\WINDOWS\system32\tuvVMffc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86CF5770-6A10-4A56-816A-4ADF6497772B}]
C:\WINDOWS\system32\efcCuTJB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96F11316-0379-4CED-9352-DDB6C3DC3B89}]
C:\WINDOWS\system32\xxywxxxv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1376D25-2E3F-40B3-B70F-BE3EDD6E3274}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4977567-6B39-4AFA-9CD2-47A20209F5FE}]
C:\WINDOWS\system32\xxyaXpOH.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B915237E-280A-46EE-95FD-B08EDAD7C2AA}]
C:\WINDOWS\system32\hgGvUkjk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0}]
C:\WINDOWS\system32\qoMcyYsP.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D38DB21E-3DD4-43DF-A748-C8842753473D}]
C:\WINDOWS\system32\nnnmlMcb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9048156-fae4-3079-ada3-427130051f13}]
07/08/2008 08:10 AM 158208 --a------ C:\WINDOWS\system32\gsepeflhuia.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA4D0568-BCAB-4D79-9AB9-76A5917B83A6}]
C:\WINDOWS\system32\wvUKEuSl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBB926B7-31D5-4333-AC96-27FEEDAD01C6}]
C:\WINDOWS\system32\byXOhfEW.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\Alcxmntr.exe]
"zzzHPSETUP"="E:\Setup.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Windows Logon Applicationedc"="C:\Documents and Settings\angela\winlogon.exe" [06/27/2008 06:38 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"{d6f0f0cd-a82a-36aa-f88c-d27c974fa121}"="C:\WINDOWS\system32\gsepeflhuia.dl l" [07/08/2008 08:10 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/18/2008 10:01 AM]
"runner1"="C:\WINDOWS\mrofinu1188.exe" []
"a89728b9"="C:\WINDOWS\system32\ymvmugvf.dll" [07/22/2008 01:40 AM]
"BMaba41b25"="C:\WINDOWS\system32\riythduf.dll " [07/22/2008 01:39 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/29/2006 05:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/25/2008 06:23 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" -t
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C9B6FE04-B0F0-4D24-842C-243F3AA6F2E0}"= C:\WINDOWS\system32\qoMcyYsP.dll [ ]
"{B4977567-6B39-4AFA-9CD2-47A20209F5FE}"= C:\WINDOWS\system32\xxyaXpOH.dll [ ]
"{59AAD935-DB8D-4289-A0A3-67E2B3B55BAB}"= C:\WINDOWS\system32\efcYPjij.dll [07/16/2008 09:33 AM 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXRJATK]
cbXRJATK.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYPjij]
efcYPjij.dll 07/16/2008 09:33 AM 32256 C:\WINDOWS\system32\efcYPjij.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMcyYsP]
qoMcyYsP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRKCtqr

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9ef3de30-ff49-11dc-9a4a-806d6172696f}]
AutoRun\command- E:\Info.exe folder.htt 480 480


-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8828 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-22 17:22:12 ------------
I also attached a file called "extra.txt" from the Deckard's Scan. hope it's the right thing!
Thanks again! looking forward to hearing from someone!

Wow...what a heck of a mess...its a wonder its still working..

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Thank you for your reply, Pancake. Unfortunately, despite all my efforts, I am unable to download the link to support.microsoft.co/kb/31994. I have tried various ways to download the link but it will NOT open. I am so frusterated. What would you advise me to do? Thanks!

Let me clarify, I WAS able to download Combofix, however as I am unable to download the Windows XP Recovery Console from http://support.microsoft.com/k/310994 I cannot proceed any further with your instructions. Any advice would be appreciated!

Could you use another computer to download this file and save it?


http://support.microsoft.com/kb/310994/en-us

Go with the Combofix for the time being.We will get to the RC later.

If you have your Windows cd then try installing Recovery Console as per the link below which is listed in the Combofix Instructions.

How to install and use the Windows XP Recovery Console

Sorry Pancake - ignore my post daysofoz