Help me!30 Problems wont go away!

**Wizit** · 2007-12-22, 17:44

Service (registry key): TermDD
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 40840
Image MD5: A540A99C281D933F3D69D55E48727F47
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Display name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost -k DComLaunch
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Display name: Themes
Description: Provides user experience theme management.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): TlntSvr
Display name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\tlntsvr.exe
Image size: 73216
Image MD5: 37DB0A7D097310E8B4DE803FC3119C78
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,TCPIP,NTLMSSP

Service (registry key): TosIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): TrkWks
Display name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TSDDD
Start: 0
Type: 0
Error Control: 0

Service (registry key): Udfs
Start: 4
Type: 2
Error Control: 1

Service (registry key): ultra
Start: 4
Type: 1
Error Control: 1

Service (registry key): Update
Display name: Microcode Update Driver
Image path: system32\DRIVERS\update.sys
Image size: 364160
Image MD5: CED744117E91BDC0BEB810F7D8608183
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Display name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): UPS
Display name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\ups.exe
Image size: 18432
Image MD5: 3F5DF65B0758675F95A2D43918A740A3
Start: 3
Type: 16
Error Control: 1

Service (registry key): usbhub
Display name: USB2 Enabled Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 57600
Image MD5: C72F40947F92CEA56A8FB532EDF025F1
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 26496
Image MD5: 6CD7B22193718F1D17A47A1CD6D37E75
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 20480
Image MD5: F8FD1400092E23C8F2F31406EF06167B
Start: 3
Type: 1
Error Control: 1

Service (registry key): USB_RNDIS
Display name: TI AR7 DSL Modem Device Driver
Image path: system32\DRIVERS\usb8023.sys
Image size: 12672
Image MD5: AF090265EC388BAB320F1FF7E7A7D5EA
Start: 3
Type: 1
Error Control: 1

Service (registry key): VgaSave
Image path: \SystemRoot\System32\drivers\vga.sys
Start: 1
Type: 1
Error Control: 0

Service (registry key): ViaIde
Start: 4
Type: 1
Error Control: 1

Service (registry key): VolSnap
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Display name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %SystemRoot%\System32\vssvc.exe
Image size: 289792
Image MD5: 3EE00364AE0FD8D604F46CBAF512838A
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Display name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wanarp
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 34560
Image MD5: 984EF0B9788ABF89974CFED4BFBAACBC
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDHAALBA
Display name: WDHAALBAMiniPCI Winmodem
Image path: system32\DRIVERS\WDHAALBA.sys
Image size: 701386
Image MD5: 477ED2208E2E501987DD4A1304E92091
Start: 3
Type: 1
Error Control: 1

Service (registry key): WDICA
Start: 3
Type: 1
Error Control: 0

Service (registry key): wdmaud
Display name: Microsoft WINMM WDM Audio Compatibility Driver
Image path: system32\drivers\wdmaud.sys
Image size: 82944
Image MD5: EFD235CA22B57C81118C1AEB4798F1C1
Start: 3
Type: 1
Error Control: 1

Service (registry key): WebClient
Display name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): winmgmt
Display name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): Winsock
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinTrust
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmdmPmSN
Display name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): Wmi
Display name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1

Service (registry key): WmiApRpl
Start: 0
Type: 0
Error Control: 0

Service (registry key): WmiApSrv
Display name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Object name: LocalSystem
Image path: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Image size: 126464
Image MD5: BA8CECC3E813E1F7C441B20393D4F86C
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WMPNetworkSvc
Display name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Image size: 913408
Image MD5: F74E3D9A7FA9556C3BBB14D4E5E63D3B
Start: 2
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): WpdUsb
Display name: WpdUsb
Image path: system32\DRIVERS\wpdusb.sys
Image size: 38528
Image MD5: CF4DEF1BF66F06964DC0D91844239104
Start: 3
Type: 1
Error Control: 1

Service (registry key): WS2IFSL
Start: 1
Type: 0
Error Control: 0

Service (registry key): wscsvc
Display name: Security Center
Description: Monitors system security settings and configurations.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): wuauserv
Display name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1

Service (registry key): WudfPf
Display name: Windows Driver Foundation - User-mode Driver Framework Platform Driver
Description: Provide communciation services for UMDF components.
Image path: system32\DRIVERS\WudfPf.sys
Image size: 77568
Image MD5: F15FEAFFFBB3644CCC80C5DA584E6311
Start: 0
Type: 1
Error Control: 1

Service (registry key): WudfRd
Display name: Windows Driver Foundation - User-mode Driver Framework Reflector
Description: Reflect device requests to user-mode driver drivers
Image path: system32\DRIVERS\wudfrd.sys
Image size: 82944
Image MD5: 28B524262BCE6DE1F7EF9F510BA3985B
Start: 3
Type: 1
Error Control: 1

Service (registry key): WudfSvc
Display name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): WZCSVC
Display name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio

Service (registry key): xmlprov
Display name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 14336
Image MD5: 8F078AE4ED187AAABC0A305146DE6716
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ZuneNetworkSvc
Display name: Zune Network Sharing Service
Description: Shares Zune media libraries to Zune devices using Universal Plug and Play
Object name: NT Authority\NetworkService
Image path: "C:\Program Files\Zune\ZuneNss.exe"
Image size: 975400
Image MD5: 6BBA0510E705A6B9891FDBD9806ED78E
Start: 2
Type: 16
Error Control: 1
Depends On services: upnphost,http,HTTPFilter

Service (registry key): {53582671-EEEC-4626-BD4C-78ED9760960F}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {7C98FE09-1542-4CCB-885E-3B86F15E8860}
Start: 0
Type: 0
Error Control: 0

Service (registry key): {A6100067-7925-4862-BB2E-E242DC9DD6CF}
Start: 0
Type: 0
Error Control: 0

**Wizit** · 2007-12-22, 17:45

Sorry about the big log but that shows you how big the problem is.

**tashi** · 2007-12-22, 21:14

Please start again Wizit.

I am concerned that because of the volume of posts (12) to your own topic, helpers will think you are already being assisted.

We ask only for a HJT log and the results of an on-line anti virus scan.
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Also:

Copy and paste that information into your next post if the AV content will fit into one post only.
If the results of the anti virus scan itself will take more than one post to contain, it is best not to post it. Just make a note for our volunteers so they are aware, as it would be best to start off with no more than two posts (total) in your topic before a helper responds.

If you do not understand the information given in the sticky topics, please let us know so we can guide you.

Best wishes.

**Wizit** · 2007-12-22, 21:51

Please Help me! I dont know how to do this! I dont know how to create these logs and stuff so you can help me

. Please who ever can guide me through this please do SO! Ive had enough of this virtumonde and smitfraud-c.coreservice viruses. PLEASE HELP!

**katana** · 2007-12-22, 22:35

Don't worry, I'll take it from here

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

VundoFix
Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Click here to download HJTinstall.exe

Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
Click I accept
Close HJT

Rename HJT
Please open your Hijack This folder

Right click on Hijackthis.exe
Select Rename
Rename Hijack This to showme.exe
Double click showme
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

**Wizit** · 2007-12-23, 03:30

Ok, you put and then paste a new hijackthis log. Am i supposed to post one before i do a scan?

**Wizit** · 2007-12-23, 03:35

Ok here let me quote this better.

In the message you put "post the contents of C://Vundofix.txt and a new hijackthis log". Does this mean that i do a hijack this search, post a log ,then do a vundo and make another hijack log w/ a vundo log? Or do i just do the vundo search fix then reboot and THEN do a hijackthis log?

12/22/07 21:52

**katana** · 2007-12-23, 12:56

Run VundoFix, reboot, then run HJT and post that log

**Wizit** · 2007-12-23, 21:19

Heres the contents of the Vundo

VundoFix V6.7.7

Checking Java version...

Scan started at 8:19:57 PM 12/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\cfjoyehl.dll
version...

Scan started at 12:05:23 PM 12/23/2007

Listing files found while scanning....

C:\WINDOWS\system32\cutcyrpz.dll
C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\ygbbpvuu.dll
C:\WINDOWS\system32\cfjoyehl.dll
C:\WINDOWS\system32\cutcyrpz.dll
C:\windows\system32\cutcyrpz.dllbox
C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\ygbbpvuu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cfjoyehl.dll
C:\WINDOWS\system32\cfjoyehl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cutcyrpz.dll
C:\WINDOWS\system32\cutcyrpz.dll Has been deleted!

Attempting to delete C:\windows\system32\cutcyrpz.dllbox
C:\windows\system32\cutcyrpz.dllbox Has been deleted!

Attempting to delete C:\WINDOWS\system32\dalprhty.dll
C:\WINDOWS\system32\dalprhty.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dnikvuqv.dll
C:\WINDOWS\system32\dnikvuqv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\enqyaeft.ini
C:\WINDOWS\system32\enqyaeft.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\eouqhtkr.dll
C:\WINDOWS\system32\eouqhtkr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gijcqsqh.dll
C:\WINDOWS\system32\gijcqsqh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hqpjlkrf.dll
C:\WINDOWS\system32\hqpjlkrf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jscfmmfs.dll
C:\WINDOWS\system32\jscfmmfs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\keskugxu.dll
C:\WINDOWS\system32\keskugxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lvesbntv.dll
C:\WINDOWS\system32\lvesbntv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\npgktrlm.dll
C:\WINDOWS\system32\npgktrlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\ptorrbxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tbgsjiaa.dll
C:\WINDOWS\system32\tbgsjiaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tfeayqne.dll
C:\WINDOWS\system32\tfeayqne.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tprwdjxj.dll
C:\WINDOWS\system32\tprwdjxj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\unpdlupp.dll
C:\WINDOWS\system32\unpdlupp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vcgunrbq.dll
C:\WINDOWS\system32\vcgunrbq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdudvqob.dll
C:\WINDOWS\system32\vdudvqob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vptlfctr.dll
C:\WINDOWS\system32\vptlfctr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtnbsevl.ini
C:\WINDOWS\system32\vtnbsevl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xbsimgda.dll
C:\WINDOWS\system32\xbsimgda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygbbpvuu.dll
C:\WINDOWS\system32\ygbbpvuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

**Wizit** · 2007-12-23, 21:20

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:27 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {153da9c5-f35a-41b2-920c-d56846660c99} - C:\WINDOWS\system32\ettktlb.dll (file missing)
O2 - BHO: {fccf5eef-74a1-00ea-c6c4-cc89156cfd74} - {47dfc651-98cc-4c6c-ae00-1a47fee5fccf} - C:\WINDOWS\system32\ptorrbxj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF} - C:\WINDOWS\system32\yabxw.dll (file missing)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yayvsts.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: yayvsts - C:\WINDOWS\SYSTEM32\yayvsts.dll
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 5308 bytes

Thread: Help me!30 Problems wont go away!

Thread Tools

Display

:(========

Vundo Fix

Heres the HijackThis Log

Posting Permissions