Free Malware Removal Forum

[keyvexed]

This is reopened from 2 weeks ago (10/12) from posting:

http://forum.malwareremoval.com/viewtopic.php?p=226145

Sorry for the delay in getting back. I followed the instructions to the letter. No Vundofix log due to nothing found.
Computer running much better. No indication of infection other than in scans. The "vtuutst" still appears in HJT log.

Here are my scans from today:
-------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:18:01 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul\Desktop\Utilities\HJT\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: SnagIt 8.lnk.disabled
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) - http://install.homestead.com/~site/Inst ... S_live.cab
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx ... ,0,0831,02
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/ins ... _v01_6.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8617141609
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3503.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{0703F95A-7E05-4585-83F8-48511813BBD9}: NameServer = 216.89.226.2,216.89.226.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0703F95A-7E05-4585-83F8-48511813BBD9}: NameServer = 216.89.226.2,216.89.226.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{0703F95A-7E05-4585-83F8-48511813BBD9}: NameServer = 216.89.226.2,216.89.226.3
O20 - Winlogon Notify: vtuutst - C:\WINDOWS\
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe

--
End of file - 7660 bytes

---------------------------------------------------------------------------------

ComboFix 07-10-26.4 - Paul 2007-10-26 13:35:11.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.481 [GMT -4:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Desktop\cfscript_used_2007-10-11@20.05_used_2007-10-14@16.36.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Temporary

.
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.

2007-10-25 10:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Winamp
2007-10-21 16:21 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-21 16:18 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-10-16 11:30 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-16 11:30 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-16 11:23 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-10-16 11:16 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-10-16 11:16 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-10-16 11:16 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-10-16 11:16 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-10-16 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-10-10 18:35 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-10-10 18:04 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-10-10 11:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 20:14 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-10-09 20:14 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-10-09 20:14 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-10-09 20:14 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-10-09 20:14 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-10-09 20:14 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-10-09 20:14 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
2007-10-09 20:12 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
2007-10-09 20:05 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-10-09 20:04 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-09 18:12 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-10-09 18:12 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-10-09 18:12 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-10-09 18:12 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-10-09 18:12 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-10-09 18:12 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-10-09 10:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2007-10-08 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 15:06 <DIR> d-------- C:\Documents and Settings\Joyce\Application Data\Share-to-Web Upload Folder
2007-10-07 16:22 717 --a------ C:\WINDOWS\EReg206.dat
2007-10-07 16:12 <DIR> d-------- C:\WINDOWS\EReg206
2007-09-29 16:00 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-09-28 23:21 9,854,976 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-09-28 22:47 172,032 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-09-28 22:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-09-28 22:36 972,072 --a------ C:\WINDOWS\system32\ativva6x.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 03:12 --------- d-----w C:\Documents and Settings\Paul\Application Data\uTorrent
2007-10-25 19:18 --------- d-----w C:\Program Files\Quicken
2007-10-25 18:04 --------- d-----w C:\Documents and Settings\Paul\Application Data\RipIt4Me
2007-10-25 18:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-25 14:54 --------- d-----w C:\Program Files\Winamp
2007-10-21 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-16 18:40 --------- d-----w C:\Documents and Settings\Paul\Application Data\Nokia
2007-10-16 15:30 --------- d-----w C:\Program Files\Nokia
2007-10-16 15:23 --------- d-----w C:\Program Files\DIFX
2007-10-13 15:43 --------- d-----w C:\Program Files\uTorrent
2007-10-12 13:47 --------- d-----w C:\Documents and Settings\Paul\Application Data\dvdcss
2007-10-11 23:49 --------- d-----w C:\Program Files\Trend Micro
2007-10-10 22:37 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-10 22:37 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-10-10 22:35 19,424 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-10-10 00:15 --------- d-----w C:\Program Files\Ahead
2007-10-10 00:04 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-09 21:00 --------- d-----w C:\Program Files\ItsDeductible2005
2007-10-09 20:58 --------- d-----w C:\Program Files\TurboTax
2007-10-09 19:58 --------- d-----w C:\Program Files\Opera75
2007-10-09 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-09 16:08 --------- d-----w C:\Program Files\Ulead Systems
2007-10-09 16:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-09 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-08 22:11 --------- d-----w C:\Program Files\Creative
2007-10-07 21:06 --------- d-----w C:\Program Files\Java
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-27 20:46 2,754 ----a-w C:\Documents and Settings\Paul\Application Data\SAS7_000.DAT
2007-09-25 02:12 --------- d-----w C:\Documents and Settings\Paul\Application Data\Ahead
2007-09-24 13:03 --------- d-----w C:\Program Files\Belkin Bulldog Plus
2007-09-23 22:09 --------- d-----w C:\Documents and Settings\Paul\Application Data\Nero
2007-09-14 13:48 --------- d-----w C:\Documents and Settings\Paul\Application Data\Image Zone Express
2007-09-13 19:28 --------- d-----w C:\Documents and Settings\Paul\Application Data\Printer Info Cache
2007-09-13 19:26 --------- d-----w C:\Program Files\HP
2007-09-13 19:26 --------- d-----w C:\Program Files\Common Files\HP
2007-09-09 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-07 19:19 --------- d-----w C:\Program Files\PowerISO
2007-09-07 18:22 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-07 18:22 --------- d-----w C:\Program Files\Microsoft Works
2007-09-06 21:04 --------- d-----w C:\Program Files\QuickZip4
2007-08-29 18:43 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 13:50 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-28 19:25 81,920 ----a-w C:\Documents and Settings\Paul\Application Data\ezpinst.exe
2007-04-28 19:25 47,360 ----a-w C:\Documents and Settings\Paul\Application Data\pcouffin.sys
2003-03-31 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2007-01-23 02:26]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe" [2005-03-17 12:10]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\Paul\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [2004-02-14 12:52:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk.disabled [2007-08-11 15:17:49]
MUPS.lnk - C:\Program Files\Belkin Bulldog Plus\MUPS.exe [2003-12-31 19:24:27]
SnagIt 8.lnk.disabled [2007-05-21 13:33:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 si3112r;Silicon Image SiI 3512 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys
R3 sbext;Sound Blaster Extigy Audio Driver;C:\WINDOWS\system32\DRIVERS\sbext.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys
S3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys
S3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2004-11-14 02:28:01 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1080782758.job"
- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2007-10-26 13:38:37
.
--- E O F ---

[beynac]

Hi.

I'm looking through your logs and will post back shortly.

[beynac]

You've used the beta version of HijackThis again (C:\Documents and Settings\Paul\Desktop\Utilities\HJT\HJT.exe ). Please delete this and use the latest version in future (C:\Program Files\Trend Micro\HijackThis\HijackThis.exe).

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - Winlogon Notify: vtuutst - C:\WINDOWS\

Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

------------------------------------------

Reboot the computer.

------------------------------------------

Please run HijackThis (latest version - see above) and post a new log.

[Gary R]

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R