Hi beynac.
Thanks for your help. I've run VundoFix (log below).
One of my twin niece's has managed to click on a link sent to them via MSN and got a virus on this machine. It kept locking things up, bringing up new advert web pages when you clicked on hyperlinks etc. I ran a full AVGscan and let it heal what it found, also ran Spybot and Adaware the same, but it's still bringing up new web windows with adverts in and the occational virus is still being picked up by AVG resident shield, usually things like a.exe or p.exe in the temp folder. After VundoFix finished I had a system popup saying: Error loading C:\WINDOWS\system32\xtahpdbk.dll Specified module could not be found. So someting is still there trying to envoke this driver, no?
Anyway hear's the log files, Cheers.
VundoFix V6.3.21
Checking Java version...
Sun Java not detected
Scan started at 22:00:13 01/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtttrq.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\byxvutr.dll
C:\WINDOWS\system32\byxvwur.dll
C:\WINDOWS\system32\byxxxwv.dll
C:\WINDOWS\system32\byxxxww.dll
C:\WINDOWS\system32\byxxxyx.dll
C:\WINDOWS\system32\cbxuvst.dll
C:\WINDOWS\system32\cbxwuss.dll
C:\WINDOWS\system32\cbxwxyx.dll
C:\WINDOWS\system32\efcyyyv.dll
C:\WINDOWS\system32\ekdtorur.dll
C:\WINDOWS\system32\gebxxyy.dll
C:\WINDOWS\system32\hggddec.dll
C:\WINDOWS\system32\hggfedc.dll
C:\WINDOWS\system32\ihmrhnch.dll
C:\WINDOWS\system32\iifcdee.dll
C:\WINDOWS\system32\iifebbb.dll
C:\WINDOWS\system32\jkkighg.dll
C:\WINDOWS\system32\jkkjkkk.dll
C:\WINDOWS\system32\jkkklml.dll
C:\WINDOWS\system32\kbdphatx.ini
C:\WINDOWS\system32\khfddda.dll
C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\ljjhede.dll
C:\WINDOWS\system32\ljjigff.dll
C:\WINDOWS\system32\ljjiggg.dll
C:\WINDOWS\system32\ljjiifg.dll
C:\WINDOWS\system32\ljjkihh.dll
C:\WINDOWS\system32\nnnlmji.dll
C:\WINDOWS\system32\nnnmjjj.dll
C:\WINDOWS\system32\nnnoopq.dll
C:\WINDOWS\system32\oktgjceo.dll
C:\WINDOWS\system32\opnkigd.dll
C:\WINDOWS\system32\opnolkl.dll
C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\pmnlljk.dll
C:\WINDOWS\system32\pmnlmnl.dll
C:\WINDOWS\system32\rgknuuqu.dll
C:\WINDOWS\system32\rmhygruv.dll
C:\WINDOWS\system32\rqrpmkj.dll
C:\WINDOWS\system32\rqrspom.dll
C:\WINDOWS\system32\ssqnoll.dll
C:\WINDOWS\system32\ssqqnmm.dll
C:\WINDOWS\system32\ssqronn.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\tuvwtur.dll
C:\WINDOWS\system32\tuvwtus.dll
C:\WINDOWS\system32\tuvwutt.dll
C:\WINDOWS\system32\urqolji.dll
C:\WINDOWS\system32\urqpomm.dll
C:\WINDOWS\system32\urqqrqp.dll
C:\WINDOWS\system32\vtuspqo.dll
C:\WINDOWS\system32\vtuutqn.dll
C:\WINDOWS\system32\vwxtgwud.dll
C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\xtahpdbk.dll
C:\WINDOWS\system32\xxdsbgdy.ini
C:\WINDOWS\system32\xxyxyvs.dll
C:\WINDOWS\system32\yayaaxy.dll
C:\WINDOWS\system32\yaywwus.dll
C:\WINDOWS\system32\yayyayv.dll
C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\system32\ydgbsdxx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtttrq.dll
C:\WINDOWS\system32\awtttrq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvts.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvutr.dll
C:\WINDOWS\system32\byxvutr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxvwur.dll
C:\WINDOWS\system32\byxvwur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxxwv.dll
C:\WINDOWS\system32\byxxxwv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxxww.dll
C:\WINDOWS\system32\byxxxww.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\byxxxyx.dll
C:\WINDOWS\system32\byxxxyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxuvst.dll
C:\WINDOWS\system32\cbxuvst.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxwuss.dll
C:\WINDOWS\system32\cbxwuss.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbxwxyx.dll
C:\WINDOWS\system32\cbxwxyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\efcyyyv.dll
C:\WINDOWS\system32\efcyyyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ekdtorur.dll
C:\WINDOWS\system32\ekdtorur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebxxyy.dll
C:\WINDOWS\system32\gebxxyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggddec.dll
C:\WINDOWS\system32\hggddec.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hggfedc.dll
C:\WINDOWS\system32\hggfedc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ihmrhnch.dll
C:\WINDOWS\system32\ihmrhnch.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifcdee.dll
C:\WINDOWS\system32\iifcdee.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iifebbb.dll
C:\WINDOWS\system32\iifebbb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkighg.dll
C:\WINDOWS\system32\jkkighg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjkkk.dll
C:\WINDOWS\system32\jkkjkkk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkklml.dll
C:\WINDOWS\system32\jkkklml.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kbdphatx.ini
C:\WINDOWS\system32\kbdphatx.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfddda.dll
C:\WINDOWS\system32\khfddda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\khfghhe.dll
C:\WINDOWS\system32\khfghhe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjhede.dll
C:\WINDOWS\system32\ljjhede.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ljjigff.dll
C:\WINDOWS\system32\ljjigff.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjiggg.dll
C:\WINDOWS\system32\ljjiggg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjiifg.dll
C:\WINDOWS\system32\ljjiifg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkihh.dll
C:\WINDOWS\system32\ljjkihh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnlmji.dll
C:\WINDOWS\system32\nnnlmji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnmjjj.dll
C:\WINDOWS\system32\nnnmjjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nnnoopq.dll
C:\WINDOWS\system32\nnnoopq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oktgjceo.dll
C:\WINDOWS\system32\oktgjceo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnkigd.dll
C:\WINDOWS\system32\opnkigd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnolkl.dll
C:\WINDOWS\system32\opnolkl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoomk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlljk.dll
C:\WINDOWS\system32\pmnlljk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlmnl.dll
C:\WINDOWS\system32\pmnlmnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rgknuuqu.dll
C:\WINDOWS\system32\rgknuuqu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rmhygruv.dll
C:\WINDOWS\system32\rmhygruv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrpmkj.dll
C:\WINDOWS\system32\rqrpmkj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrspom.dll
C:\WINDOWS\system32\rqrspom.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqnoll.dll
C:\WINDOWS\system32\ssqnoll.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqqnmm.dll
C:\WINDOWS\system32\ssqqnmm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqronn.dll
C:\WINDOWS\system32\ssqronn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\stvwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvwtur.dll
C:\WINDOWS\system32\tuvwtur.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvwtus.dll
C:\WINDOWS\system32\tuvwtus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuvwutt.dll
C:\WINDOWS\system32\tuvwutt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqolji.dll
C:\WINDOWS\system32\urqolji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqpomm.dll
C:\WINDOWS\system32\urqpomm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqqrqp.dll
C:\WINDOWS\system32\urqqrqp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuspqo.dll
C:\WINDOWS\system32\vtuspqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtuutqn.dll
C:\WINDOWS\system32\vtuutqn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vwxtgwud.dll
C:\WINDOWS\system32\vwxtgwud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvusqrs.dll
C:\WINDOWS\system32\wvusqrs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xtahpdbk.dll
C:\WINDOWS\system32\xtahpdbk.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxdsbgdy.ini
C:\WINDOWS\system32\xxdsbgdy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyxyvs.dll
C:\WINDOWS\system32\xxyxyvs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayaaxy.dll
C:\WINDOWS\system32\yayaaxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yaywwus.dll
C:\WINDOWS\system32\yaywwus.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayyayv.dll
C:\WINDOWS\system32\yayyayv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\system32\yayyxyy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ydgbsdxx.dll
C:\WINDOWS\system32\ydgbsdxx.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.21
Checking Java version...
Sun Java not detected
Scan started at 22:29:37 01/05/2007
Listing files found while scanning....
C:\WINDOWS\system32\ljjhede.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ljjhede.dll
C:\WINDOWS\system32\ljjhede.dll Has been deleted!
Performing Repairs to the registry.
Done!
--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:03:26, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\System32\khooker.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\etMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.wanadoo.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F3ECFEAD-AED0-47AA-8243-0EA5FBB88170} - C:\WINDOWS\system32\awvts.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\xtahpdbk.dll",realset
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Janet\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: Yahoo! Bingo -
http://download.games.yahoo.com/games/c ... /xt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe