Sponsored By

crazyJoe

Hijack Log - Needs Help

Recommended Posts

Hi there,

hope someone can offer advice on removing the Vundo virus from my PC. Spybot, ad-aware and VundoFix all have failed to remove this #@# thing. Here is the HijackThis log. Any help would really be appreciated. Thanks.

/////////////////////////////////////////////////////////////////////

Logfile of HijackThis v1.99.1

Scan saved at 10:19:05 PM, on 5/31/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\ncsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE

C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\tbgfbyeu.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Go to where you saved Hijackthis.exe (C:\HijackThis\) right click on Hijackthis.exe click rename, rename it to hjt.exe reopen it make a log then post it here in a reply...

Share this post


Link to post
Share on other sites
Go to where you saved Hijackthis.exe (C:\HijackThis\) right click on Hijackthis.exe click rename, rename it to hjt.exe reopen it make a log then post it here in a reply...

Ok, here ya go.

thanks.

Logfile of HijackThis v1.99.1

Scan saved at 10:39:49 AM, on 6/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\TEMP\1792016.exe

C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

C:\WINDOWS\smgr.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0BE77714-1DA8-4F21-B597-94B2B905790D} - C:\WINDOWS\system32\vtspq.dll

O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O4 - HKLM\..\Run: [smgr] smgr.exe

O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: efcdcab - C:\WINDOWS\SYSTEM32\efcdcab.dll

O20 - Winlogon Notify: vtspq - C:\WINDOWS\system32\vtspq.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Run Vundofix again by following these instructions...

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Share this post


Link to post
Share on other sites
Run Vundofix again by following these instructions...

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

VundoFix V6.4.1

Checking Java version...

Scan started at 9:45:09 PM 5/29/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\avkqervu.ini

C:\WINDOWS\SYSTEM32\ddcyyvw.dll

C:\WINDOWS\SYSTEM32\dirqxuhf.ini

C:\WINDOWS\SYSTEM32\dtcplriw.ini

C:\WINDOWS\SYSTEM32\fhuxqrid.dll

C:\WINDOWS\SYSTEM32\gihheywn.ini

C:\WINDOWS\SYSTEM32\iifedef.dll

C:\WINDOWS\SYSTEM32\khfccbb.dll

C:\WINDOWS\SYSTEM32\knoqr.ini

C:\WINDOWS\SYSTEM32\lstfuotn.ini

C:\WINDOWS\SYSTEM32\mmipvwqw.dll

C:\WINDOWS\SYSTEM32\nnnnmkj.dll

C:\WINDOWS\system32\ntouftsl.dll

C:\WINDOWS\SYSTEM32\nwyehhig.dll

C:\WINDOWS\SYSTEM32\olimlvas.ini

C:\WINDOWS\SYSTEM32\pmnkkhg.dll

C:\WINDOWS\SYSTEM32\qomklki.dll

C:\WINDOWS\SYSTEM32\rqonk.dll

C:\WINDOWS\SYSTEM32\rqrrsqo.dll

C:\WINDOWS\SYSTEM32\savlmilo.dll

C:\WINDOWS\SYSTEM32\ssqolki.dll

C:\WINDOWS\SYSTEM32\uvreqkva.dll

C:\WINDOWS\SYSTEM32\wirlpctd.dll

C:\WINDOWS\SYSTEM32\wvuusqq.dll

C:\WINDOWS\SYSTEM32\wvuvtqq.dll

C:\WINDOWS\system32\yabxy.dll

C:\WINDOWS\SYSTEM32\yxbay.bak1

C:\WINDOWS\SYSTEM32\yxbay.bak2

C:\WINDOWS\SYSTEM32\yxbay.ini

C:\WINDOWS\SYSTEM32\yxbay.ini2

C:\WINDOWS\SYSTEM32\yxbay.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\avkqervu.ini

C:\WINDOWS\SYSTEM32\avkqervu.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcyyvw.dll

C:\WINDOWS\SYSTEM32\ddcyyvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dirqxuhf.ini

C:\WINDOWS\SYSTEM32\dirqxuhf.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dtcplriw.ini

C:\WINDOWS\SYSTEM32\dtcplriw.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\fhuxqrid.dll

C:\WINDOWS\SYSTEM32\fhuxqrid.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\gihheywn.ini

C:\WINDOWS\SYSTEM32\gihheywn.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\iifedef.dll

C:\WINDOWS\SYSTEM32\iifedef.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\khfccbb.dll

C:\WINDOWS\SYSTEM32\khfccbb.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\knoqr.ini

C:\WINDOWS\SYSTEM32\knoqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lstfuotn.ini

C:\WINDOWS\SYSTEM32\lstfuotn.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\mmipvwqw.dll

C:\WINDOWS\SYSTEM32\mmipvwqw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nnnnmkj.dll

C:\WINDOWS\SYSTEM32\nnnnmkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ntouftsl.dll

C:\WINDOWS\system32\ntouftsl.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\nwyehhig.dll

C:\WINDOWS\SYSTEM32\nwyehhig.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\olimlvas.ini

C:\WINDOWS\SYSTEM32\olimlvas.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\pmnkkhg.dll

C:\WINDOWS\SYSTEM32\pmnkkhg.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qomklki.dll

C:\WINDOWS\SYSTEM32\qomklki.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqonk.dll

C:\WINDOWS\SYSTEM32\rqonk.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\rqrrsqo.dll

C:\WINDOWS\SYSTEM32\rqrrsqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\savlmilo.dll

C:\WINDOWS\SYSTEM32\savlmilo.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ssqolki.dll

C:\WINDOWS\SYSTEM32\ssqolki.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uvreqkva.dll

C:\WINDOWS\SYSTEM32\uvreqkva.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wirlpctd.dll

C:\WINDOWS\SYSTEM32\wirlpctd.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuusqq.dll

C:\WINDOWS\SYSTEM32\wvuusqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\wvuvtqq.dll

C:\WINDOWS\SYSTEM32\wvuvtqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yabxy.dll

C:\WINDOWS\system32\yabxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak1

C:\WINDOWS\SYSTEM32\yxbay.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.bak2

C:\WINDOWS\SYSTEM32\yxbay.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini

C:\WINDOWS\SYSTEM32\yxbay.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.ini2

C:\WINDOWS\SYSTEM32\yxbay.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\yxbay.tmp

C:\WINDOWS\SYSTEM32\yxbay.tmp Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 5:41:13 AM 5/30/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Scan started at 9:33:27 PM 5/30/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\efcdcab.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll

C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll

C:\WINDOWS\SYSTEM32\efcdcab.dll Could not be deleted.

Performing Repairs to the registry.

Done!

Beginning removal...

VundoFix V6.4.1

Checking Java version...

Scan started at 7:34:39 PM 5/31/2007

Listing files found while scanning....

VundoFix V6.4.1

Checking Java version...

Scan started at 12:17:31 PM 6/3/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\aehhxoca.dll

C:\WINDOWS\SYSTEM32\cbxuurp.dll

C:\WINDOWS\SYSTEM32\cspqhoih.dll

C:\WINDOWS\SYSTEM32\efcdcab.dll

C:\WINDOWS\SYSTEM32\onleficn.dll

C:\WINDOWS\system32\qpstv.bak1

C:\WINDOWS\system32\qpstv.bak2

C:\WINDOWS\system32\qpstv.ini

C:\WINDOWS\system32\qpstv.ini2

C:\WINDOWS\system32\vtspq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\aehhxoca.dll

C:\WINDOWS\SYSTEM32\aehhxoca.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cbxuurp.dll

C:\WINDOWS\SYSTEM32\cbxuurp.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\cspqhoih.dll

C:\WINDOWS\SYSTEM32\cspqhoih.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\efcdcab.dll

C:\WINDOWS\SYSTEM32\efcdcab.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\onleficn.dll

C:\WINDOWS\SYSTEM32\onleficn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpstv.bak1

C:\WINDOWS\system32\qpstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpstv.bak2

C:\WINDOWS\system32\qpstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpstv.ini

C:\WINDOWS\system32\qpstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpstv.ini2

C:\WINDOWS\system32\qpstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtspq.dll

C:\WINDOWS\system32\vtspq.dll Has been deleted!

Performing Repairs to the registry.

Done!

//////////////////////////////

Logfile of HijackThis v1.99.1

Scan saved at 2:19:58 PM, on 6/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

C:\WINDOWS\smgr.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0F545CCB-B856-4AFC-841F-FA0C265508F5} - C:\WINDOWS\system32\oyhfpdoy.dll

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {500946D2-A5FC-4BC4-A4FD-D29128AAC1A7} - C:\WINDOWS\system32\oyhfpdoy.dll

O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {B2030C9A-DE59-457D-A042-D827AD69C8F3} - C:\WINDOWS\system32\efcdcab.dll (file missing)

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\xiakyxib.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sManager] smanager.7.exe

O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\1792016.exe

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvsus.dll,startup

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O4 - HKLM\..\Run: [smgr] smgr.exe

O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\qhyfhewr.dll",realset

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winvvh32 - C:\WINDOWS\SYSTEM32\winvvh32.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Download ComboFix from Here or Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Share this post


Link to post
Share on other sites
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

"default" - 2007-06-04 20:38:30 Service Pack 2

ComboFix 07-06-3 - Running from: "C:\A1VirusTools\"

((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))

2007-06-01 20:06 2,580 --a------ C:\WINDOWS\SYSTEM32\wpfigkui.exe

2007-06-01 19:45 2,580 --a------ C:\WINDOWS\SYSTEM32\fdknxack.exe

2007-06-01 19:32 131,124 --a------ C:\WINDOWS\SYSTEM32\qhyfhewr.dll

2007-06-01 19:25 43,602 --a------ C:\WINDOWS\SYSTEM32\xvid-uninstall.exe

2007-06-01 16:07 28,160 --a------ C:\WINDOWS\SYSTEM32\sysmon32.exe

2007-06-01 16:05 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypwfkzup.exe

2007-06-01 16:04 28,160 --a------ C:\WINDOWS\SYSTEM32\winsys64.exe

2007-06-01 15:29 5,600 --a------ C:\WINDOWS\SYSTEM\WINASPI.DLL

2007-06-01 15:29 45,056 --a------ C:\WINDOWS\SYSTEM32\WNASPI32.DLL

2007-06-01 15:29 4,672 --a------ C:\WINDOWS\SYSTEM\WOWPOST.EXE

2007-06-01 15:29 25,244 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.SYS

2007-05-31 16:54 <DIR> d-------- C:\Program Files\Common Files\Download Manager

2007-05-30 22:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Share-to-Web Upload Folder

2007-05-30 21:16 <DIR> d-------- C:\HijackThis

2007-05-30 19:38 <DIR> d-------- C:\DOCUME~1\default\.housecall6.6

2007-05-30 19:23 1,060,864 --a------ C:\WINDOWS\SYSTEM32\MFC71.dll

2007-05-29 21:45 <DIR> d-------- C:\VundoFix Backups

2007-05-29 21:41 <DIR> d-------- C:\A1VirusTools

2007-05-25 19:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft

2007-05-25 16:42 60,928 --a------ C:\WINDOWS\SYSTEM32\xjs.dll

2007-05-25 15:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-25 14:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback

2007-05-25 13:19 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat

2007-05-25 09:39 121,194 --a------ C:\WINDOWS\SYSTEM32\gsaiijkj.exe

2007-05-24 16:26 131,604 --a------ C:\WINDOWS\SYSTEM32\avjdrupo.dll

2007-05-19 15:53 <DIR> d-------- C:\Program Files\Windows Live Safety Center

2007-05-15 11:31 <DIR> d-------- C:\Program Files\iPod

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 20:04:38 777 --sha-w C:\WINDOWS\system32\mmf.sys

2007-05-14 19:57:24 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll

2007-05-14 19:57:24 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll

2007-05-14 19:57:22 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll

2007-04-28 19:54:08 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2007-04-28 18:36:02 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-04-20 21:53:04 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys

2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-01 17:21:16 19,884 ----a-w C:\WINDOWS\mozver.dat

2007-03-31 16:28:32 2,421 ----a-w C:\WINDOWS\eReg.dat

2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{13F42AE3-5DB0-4D06-92BC-80E527371E37}=C:\WINDOWS\system32\nkfqldcl.dll []

{6826CC2B-8872-4FD8-AB86-5EB29702AE66}=C:\WINDOWS\system32\vtspq.dll []

{955C3849-D3A9-BD2B-D909-89ADABCC7797}=C:\WINDOWS\system32\xjs.dll [2007-05-21 09:59]

{BEA4543D-E96F-475B-8F30-C29924A74973}=C:\WINDOWS\system32\yabxy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SystemTray"="SysTray.Exe" [2004-08-04 12:00 C:\WINDOWS\SYSTEM32\systray.exe]

"Rp0uI.exe"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" []

"Rp0uI"="C:\documents and settings\collin\local settings\temp\Rp0uI.exe" []

"HostManager"="C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe" [2005-11-02 22:01]

"nwiz"="nwiz.exe" []

"FLMK08KB"="E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [2006-08-04 18:04]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]

"ypwfkzup.exe"="C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe" [2007-06-01 16:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

"PhotoShow Deluxe Media Manager"="E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 21:50]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"Btn_Back"=0 (0x0)

"Btn_Forward"=0 (0x0)

"Btn_Stop"=0 (0x0)

"Btn_Refresh"=0 (0x0)

"Btn_Home"=0 (0x0)

"Btn_Search"=0 (0x0)

"Btn_History"=0 (0x0)

"Btn_Favorites"=0 (0x0)

"Btn_Folders"=0 (0x0)

"Btn_Fullscreen"=0 (0x0)

"Btn_Tools"=0 (0x0)

"Btn_MailNews"=0 (0x0)

"Btn_Size"=0 (0x0)

"Btn_Print"=0 (0x0)

"Btn_Edit"=0 (0x0)

"Btn_Discussions"=0 (0x0)

"Btn_Cut"=0 (0x0)

"Btn_Copy"=0 (0x0)

"Btn_Paste"=0 (0x0)

"Btn_Encoding"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"Btn_Back"=0 (0x0)

"Btn_Forward"=0 (0x0)

"Btn_Stop"=0 (0x0)

"Btn_Refresh"=0 (0x0)

"Btn_Home"=0 (0x0)

"Btn_Search"=0 (0x0)

"Btn_History"=0 (0x0)

"Btn_Favorites"=0 (0x0)

"Btn_Folders"=0 (0x0)

"Btn_Fullscreen"=0 (0x0)

"Btn_Tools"=0 (0x0)

"Btn_MailNews"=0 (0x0)

"Btn_Size"=0 (0x0)

"Btn_Print"=0 (0x0)

"Btn_Edit"=0 (0x0)

"Btn_Discussions"=0 (0x0)

"Btn_Cut"=0 (0x0)

"Btn_Copy"=0 (0x0)

"Btn_Paste"=0 (0x0)

"Btn_Encoding"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Norton eMail Protect"=C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe

"Norton Auto-Protect"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"RxMon"=C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe

"MadExe"=C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

"HPDJ Taskbar Utility"=C:\WINDOWS\SYSTEM32\hpztsb05.exe

"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r

"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

"kdx"=C:\WINDOWS\KDX\KHOST.EXE

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Contents of the 'Scheduled Tasks' folder

2007-06-02 23:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job

2007-06-05 00:08:02 C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job

2007-06-02 00:00:02 C:\WINDOWS\tasks\Scan for Viruses.job

2003-06-26 17:16:10 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#Deskjet#3420.job

2007-06-02 05:00:02 C:\WINDOWS\tasks\Maintenance-Defragment programs.job

2007-06-02 17:35:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

2007-01-01 04:30:02 C:\WINDOWS\tasks\Maintenance-Disk cleanup.job

2007-04-14 17:05:02 C:\WINDOWS\tasks\Run LiveUpdate (for Norton AntiVirus).job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-04 20:42:20

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Files hidden from API:

C:\WINDOWS\.yohoho

C:\WINDOWS\.file_store_32

C:\WINDOWS\.javaws

C:\WINDOWS\.java

C:\WINDOWS\.plugin141_02.trace

C:\WINDOWS\.jpi_cache

Completion time: 2007-06-04 20:45:50

C:\ComboFix-quarantined-files1.txt ... 2007-06-04 20:28

C:\ComboFix-quarantined-files.txt ... 2007-06-04 20:43

--- E O F ---

////////////////////

Logfile of HijackThis v1.99.1

Scan saved at 8:48:48 PM, on 6/4/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ComboFix\29860.cfexe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

E:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Open Hijackthis and click scan. Then check mark the following entries

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Share this post


Link to post
Share on other sites
Open Hijackthis and click scan. Then check mark the following entries

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Logfile of HijackThis v1.99.1

Scan saved at 3:06:36 PM, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {13F42AE3-5DB0-4D06-92BC-80E527371E37} - C:\WINDOWS\system32\nkfqldcl.dll (file missing)

O2 - BHO: (no name) - {6826CC2B-8872-4FD8-AB86-5EB29702AE66} - C:\WINDOWS\system32\vtspq.dll (file missing)

O2 - BHO: (no name) - {955C3849-D3A9-BD2B-D909-89ADABCC7797} - C:\WINDOWS\system32\xjs.dll

O2 - BHO: (no name) - {BEA4543D-E96F-475B-8F30-C29924A74973} - C:\WINDOWS\system32\yabxy.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [Rp0uI.exe] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [Rp0uI] C:\documents and settings\collin\local settings\temp\Rp0uI.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ypwfkzup.exe] C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Share this post


Link to post
Share on other sites

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Share this post


Link to post
Share on other sites
Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

WinPFind logfile created on: 6/9/2007 6:28:03 PM

WinPFind by OldTimer - v2.0.3 Folder = C:\Documents and Settings\default\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600

Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

319.30 Mb Total Physical Memory | 192.35 Mb Available Physical Memory | 60.24% Memory free

774.13 Mb Paging File | 712.59 Mb Available in Paging File | 92.05% Paging File free

Paging file location(s): C:\pagefile.sys 480 960;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.00 Gb Total Space | 3.46 Gb Free Space | 18.22% Space Free

Drive D: | 588.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free

Drive E: | 38.28 Gb Total Space | 1.50 Gb Free Space | 3.92% Space Free

F: Drive not present or media not loaded

Computer Name: BASEMENTDELL

Current User Name: Administrator

Logged in as Administrator.

Cannot determine boot mode.

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\default\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]

= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]

= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]

= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]

= C:\WINDOWS\SYSTEM32\dmadmin.exe (Microsoft Corp., Veritas Software)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]

= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped]

= C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped]

= C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

(LicCtrlService) LicCtrl Service [Win32_Own | Auto | Stopped]

= C:\WINDOWS\runservice.exe (File not found)

(neoNcSvc) Virtual Com Port Service [Win32_Own | Auto | Stopped]

= C:\WINDOWS\system32\ncsvc.exe (File not found)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]

= C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)

FLMK08KB = E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE ()

HostManager = C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe (America Online, Inc.)

iTunesHelper = E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

NvCplDaemon = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation)

nwiz = nwiz.exe (File not found)

QuickTime Task = C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

AVG7_Run = C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

= C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

= E:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Resolution Assistant.lnk

= C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe (Motive Communications, Inc.)

< User Startup Folder = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup >

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

system.ini = 0

win.ini = 0

bootini = 0

services = 0

startup = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]

Norton eMail Protect = C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe (File not found)

Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE (File not found)

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

>>>>> Winlogon Keys <<<<<

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 27 bytes | Modified Date: 6/4/2007 8:27:02 PM)

127.0.0.1 localhost

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

FriendlyName = My Current Home Page

Source = About:Home

SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

Local Page = %SystemRoot%\system32\blank.htm

Search Bar =

Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Start Page = about:blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

Default_Search_URL = http://www.google.com/ie

SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

Local Page = C:\WINDOWS\SYSTEM\blank.htm

Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

Start Page = about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

SearchAssistant = about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

ProxyEnable = 0

ProxyOverride = ;127.0.0.1

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}]

- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKLM Internet Explorer ToolBars <<<<<

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]

{07B18EA9-A523-4961-B6BB-170DE4475CCA} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]

{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} = 8196 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

{EE117DAA-A30B-40FC-945C-38AE1B80C1FA} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

NextId = 8199

>>>>> HKLM Internet Explorer Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]

MenuText = Sun Java Console

ClsidExtension = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Web Browser Applet Control ( HKLM C:\WINDOWS\SYSTEM32\MSJAVA.DLL (Microsoft Corporation) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]

ButtonText = Research

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}]

ButtonText = AIM

Exec = C:\PROGRAM FILES\Netscape\COMMUNICATOR\Program\AIM\aim.exe (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}]

ButtonText = Real.com

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Viewpoint Search]

@ = C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL\CXTSEARCH.HTM (File not found)

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.htm]

Location = E:\Program Files\Netscape\plugins\npTrident.dll (Netscape Communications Corp.)

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )

{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )

{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )

{32020A01-506E-484D-A2A8-BE3CF17601C3} = AlcoholShellEx ( HKLM = E:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (File not found) )

{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )

{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )

{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\SYSTEM32\hticons.dll (Hilgraeve, Inc.) )

{950FF917-7A57-46BC-8017-59D9BF474000} = Shell Extension for CDRW ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) )

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = E:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Inc.) )

{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} = eLicense Control ( HKLM = C:\WINDOWS\lcmmfu.cpl () )

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )

>>>>> HKCU Approved Shell Extensions <<<<<

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]

@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]

@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]

@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlersnView]

@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\SYSTEM32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\InCDMenu]

@ = {950FF917-7A57-46BC-8017-59D9BF474000} ( HKLM = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]

@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\SYSTEM32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]

@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]

@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]

- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]

{17492023-C23A-453E-A040-C7C580BBF700} = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857

{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

dontdisplaylastusername = 0

legalnoticecaption =

legalnoticetext =

shutdownwithoutlogon = 1

undockwithoutlogon = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp]

NoRealMode = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

NoDriveTypeAutoRun = ( 149 0 0 0 ) - •

CDRAutoRun = ( 0 0 0 0 ) -

Btn_Back = 0

Btn_Forward = 0

Btn_Stop = 0

Btn_Refresh = 0

Btn_Home = 0

Btn_Search = 0

Btn_History = 0

Btn_Favorites = 0

Btn_Folders = 0

Btn_Fullscreen = 0

Btn_Tools = 0

Btn_MailNews = 0

Btn_Size = 0

Btn_Print = 0

Btn_Edit = 0

Btn_Discussions = 0

Btn_Cut = 0

Btn_Copy = 0

Btn_Paste = 0

Btn_Encoding = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]

BootExecute = autocheck autochk *;

ExcludeFromKnownDlls =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]

ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\SYSTEM32\cmd.exe (Microsoft Corporation) )

TEMP = C:\WINDOWS\TEMP

TMP = C:\WINDOWS\TEMP

windir = C:\WINDOWS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]

%SYSTEMROOT%\system32

%SYSTEMROOT%

%SYSTEMROOT%\COMMAND

C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN

C:\ProgramFiles\CommonFiles\RoxioShared\DLLShared

%SYSTEMROOT%\system32\WBEM

C:\Program Files\QuickTime\QTSystem\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]

.COM

.EXE

.BAT

.CMD

.VBS

.VBE

.JS

.JSE

.WSF

.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]

cmdline = %SystemRoot%\system32\ntvdm.exe

wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> SafeBoot Option Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

iebar =

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]

.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}

.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}

.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}

.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found

.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}

.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found

.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found

.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found

.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found

.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}

.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found

.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -> "%1" %* (File not found)

batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -> "%1" %* (File not found)

cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)

htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)

htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -requestPending (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL "%l" (Microsoft Corporation)

InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

regfile [open] -> regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -> Reg Data - Key not found

regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)

scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found

txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)

wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" (File not found)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\^RNA]

StubPath = rundll rnasetup.dll,installoptionalcomponent rna

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]

StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]

StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395}]

StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}]

StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE47131A-0FFC-442D-8ED0-7593B1305921}] ( CNet PRO200 PCI Fast Ethernet Adapter )

DefaultGateway =

DhcpDefaultGateway = 192.168.1.1;

DhcpIPAddress = 192.168.1.100

DhcpNameServer = 24.140.1.3 24.140.1.2

DhcpServer = 192.168.1.1

DhcpSubnetMask = 255.255.255.0

Domain =

EnableDHCP = 1

IPAddress = 0.0.0.0;

IPAutoconfigurationAddress = 0.0.0.0

NameServer =

SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]

@ivt - 1 = Local intranet

file - 3 = Internet

ftp - 3 = Internet

http - 3 = Internet

https - 3 = Internet

shell - 0 = Computer

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio]

CLSID = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - ( HKLM = C:\WINDOWS\SYSTEM32\msdxm.ocx () )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation]

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

INF = C:\WINDOWS\Downloaded Program Files\QTPlugin.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09C6CAC0-936E-40A0-BC26-707480103DC3}\DownloadInformation]

CODEBASE = http://www.uproar.com/applets/activex/shiz...pside_web18.cab

INF = C:\WINDOWS\Downloaded Program Files\flipside_webmoo.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]

CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204

INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}\DownloadInformation]

CODEBASE = http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{215B8138-A3CF-44C5-803F-8226143CFC0A}\DownloadInformation]

CODEBASE = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

INF = C:\WINDOWS\Downloaded Program Files\hcImpl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}\DownloadInformation]

CODEBASE = http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\DownloadInformation]

CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

INF = C:\WINDOWS\Downloaded Program Files\yinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33288993-5664-11D4-8B5B-00D0B73B3518}\DownloadInformation]

CODEBASE = http://aol.ea.com/downloads/games/common/ieell.cab

INF = C:\WINDOWS\Downloaded Program Files\ieell.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}\DownloadInformation]

CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

INF = C:\WINDOWS\Downloaded Program Files\opuc.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06}\DownloadInformation]

CODEBASE = https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

INF = C:\WINDOWS\Downloaded Program Files\NeoterisSetup.INF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{525A15D0-4938-11D4-94C7-0050DA20189B}\DownloadInformation]

CODEBASE = http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

INF = C:\WINDOWS\Downloaded Program Files\iesnoopy.INF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\DownloadInformation]

CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

INF = C:\WINDOWS\Downloaded Program Files\wlscBase.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation]

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{72770C4F-967D-4517-982B-92D6B9015649}\DownloadInformation]

CODEBASE = http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

INF = C:\WINDOWS\Downloaded Program Files\DigWebX.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\DownloadInformation]

CODEBASE = http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

INF = C:\WINDOWS\Downloaded Program Files\xscan.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation]

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7908.7810648148

INF = C:\WINDOWS\Downloaded Program Files\iuctl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9A296D4-38AC-4566-8168-F7ACAF7D35E6}\DownloadInformation]

CODEBASE = http://imlive.com/ChatSource/gVideoContol.cab

INF = C:\WINDOWS\Downloaded Program Files\gVideoContol.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\DownloadInformation]

CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}\DownloadInformation]

CODEBASE = http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

INF = C:\WINDOWS\Downloaded Program Files\ITDetector.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}\DownloadInformation]

CODEBASE = http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

INF = C:\WINDOWS\Downloaded Program Files\mcfscan.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]

CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab

OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»

C:\$VAULT$.AVG [Folder | Created Date = 6/7/2007 7:52:38 PM | Attr = RH ]

C:\A1VirusTools [Folder | Created Date = 5/29/2007 8:41:50 PM | Attr = ]

C:\VundoFix Backups [Folder | Created Date = 5/29/2007 8:45:08 PM | Attr = ]

C:\HijackThis [Folder | Created Date = 5/30/2007 8:16:16 PM | Attr = ]

C:\QooBox [Folder | Created Date = 6/4/2007 7:22:56 PM | Attr = ]

C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Created Date = 6/1/2007 3:05:01 PM | Attr = ]

C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ]

C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 6/7/2007 6:46:28 PM | Attr = ]

C:\Documents and Settings\Administrator\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = S]

C:\Documents and Settings\Administrator\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS]

C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Created Date = 5/25/2007 6:07:08 PM | Attr = ]

C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Created Date = 5/30/2007 9:10:26 PM | Attr = ]

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [Folder | Created Date = 5/25/2007 12:19:34 PM | Attr = ]

C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 122928 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Created Date = 5/15/2007 10:31:55 AM | Attr = ]

C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Created Date = 5/15/2007 10:26:54 AM | Attr = ]

C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Created Date = 6/6/2007 11:59:37 AM | Attr = ]

C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Created Date = 6/7/2007 6:46:47 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Created Date = 5/25/2007 2:58:36 PM | Attr = ]

C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk [Ver = | Size = 700 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = ]

C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Created Date = 5/30/2007 9:15:29 PM | Attr = ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk [Ver = | Size = 714 bytes | Created Date = 5/30/2007 6:18:58 PM | Attr = ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 5/25/2007 12:19:35 PM | Attr = HS]

C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 5/25/2007 2:53:51 PM | Attr = ]

C:\Program Files\Common Files\Download Manager [Folder | Created Date = 5/31/2007 3:54:48 PM | Attr = ]

C:\WINDOWS\temp [Folder | Created Date = 6/8/2007 8:39:43 AM | Attr = ]

C:\WINDOWS\erdnt [Folder | Created Date = 6/4/2007 7:24:29 PM | Attr = ]

C:\WINDOWS\nircmd.exe NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = H ]

C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 6/3/2007 11:07:44 AM | Attr = ]

C:\WINDOWS\$NtUninstallKB927891$ [Folder | Created Date = 5/23/2007 3:02:53 PM | Attr = H ]

C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Created Date = 5/19/2007 2:17:06 PM | Attr = HS]

C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Created Date = 6/1/2007 6:32:07 PM | Attr = HS]

C:\WINDOWS\System32\swxcacls.exe SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Created Date = 6/1/2007 8:57:18 AM | Attr = HS]

C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\System32\moveex.exe [Ver = | Size = 38400 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Created Date = 5/20/2007 8:49:55 PM | Attr = ]

C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Created Date = 5/30/2007 8:54:24 PM | Attr = HS]

C:\WINDOWS\System32\vfind.exe [Ver = | Size = 49152 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 6/4/2007 7:45:50 PM | Attr = ]

C:\WINDOWS\System32\WNASPI32.DLL Adaptec [Ver = 4.60 (1021) | Size = 45056 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ]

C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Created Date = 5/21/2007 3:29:39 PM | Attr = HS]

C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Created Date = 5/24/2007 3:26:13 PM | Attr = ]

C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Created Date = 5/23/2007 6:16:09 AM | Attr = HS]

C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Created Date = 5/24/2007 2:12:01 PM | Attr = HS]

C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Created Date = 5/25/2007 8:39:26 AM | Attr = ]

C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Created Date = 5/24/2007 10:00:29 PM | Attr = HS]

C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Created Date = 6/1/2007 6:32:06 PM | Attr = ]

C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Created Date = 5/25/2007 3:42:38 PM | Attr = ]

C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Created Date = 5/25/2007 3:46:09 PM | Attr = ]

C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Created Date = 6/1/2007 6:25:22 PM | Attr = ]

C:\WINDOWS\System32\drivers\ASPI32.SYS Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Created Date = 6/1/2007 2:29:38 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Created Date = 6/7/2007 6:46:39 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 6/7/2007 6:46:42 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 6/7/2007 6:46:43 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/7/2007 6:46:45 PM | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»

C:\$VAULT$.AVG [Folder | Modified Date = 6/7/2007 8:52:40 PM | Attr = RH ]

C:\A1VirusTools [Folder | Modified Date = 5/29/2007 9:41:52 PM | Attr = ]

C:\VundoFix Backups [Folder | Modified Date = 5/29/2007 9:45:10 PM | Attr = ]

C:\HijackThis [Folder | Modified Date = 5/30/2007 9:16:18 PM | Attr = ]

C:\QooBox [Folder | Modified Date = 6/4/2007 8:22:58 PM | Attr = ]

C:\boot.ini [Ver = | Size = 217 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = HS]

C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe [Ver = | Size = 57344 bytes | Modified Date = 6/1/2007 4:05:02 PM | Attr = ]

C:\Documents and Settings\All Users\Application Data\avg7 [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ]

C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 6/7/2007 7:46:30 PM | Attr = ]

C:\Documents and Settings\Administrator\Application Data\Lavasoft [Folder | Modified Date = 5/25/2007 7:07:10 PM | Attr = ]

C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder [Folder | Modified Date = 5/30/2007 10:10:28 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\iTunes.lnk [Ver = | Size = 2055 bytes | Modified Date = 5/17/2007 8:19:24 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [Ver = | Size = 1518 bytes | Modified Date = 5/15/2007 11:26:56 AM | Attr = ]

C:\Documents and Settings\All Users\Desktop\Age of Mythology - The Titans Expansion.lnk [Ver = | Size = 848 bytes | Modified Date = 6/6/2007 12:59:40 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1446 bytes | Modified Date = 6/7/2007 7:46:48 PM | Attr = ]

C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk [Ver = | Size = 1735 bytes | Modified Date = 5/25/2007 3:58:38 PM | Attr = ]

C:\Documents and Settings\Administrator\Desktop\New Microsoft Word Document.doc [Ver = | Size = 10752 bytes | Modified Date = 5/30/2007 10:15:30 PM | Attr = ]

C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 5/25/2007 3:53:52 PM | Attr = ]

C:\Program Files\Common Files\Download Manager [Folder | Modified Date = 5/31/2007 4:54:50 PM | Attr = ]

C:\WINDOWS\SIERRA.INI [Ver = | Size = 936 bytes | Modified Date = 5/11/2007 4:57:36 PM | Attr = ]

C:\WINDOWS\encore_launcher.ini [Ver = | Size = 174 bytes | Modified Date = 5/12/2007 9:25:50 AM | Attr = ]

C:\WINDOWS\HPQCOPY.INI [Ver = | Size = 286 bytes | Modified Date = 6/4/2007 11:48:50 AM | Attr = ]

C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 6/9/2007 6:26:10 PM | Attr = S]

C:\WINDOWS\temp [Folder | Modified Date = 6/8/2007 9:39:44 AM | Attr = ]

C:\WINDOWS\EReg072.dat [Ver = | Size = 2498 bytes | Modified Date = 6/8/2007 12:05:02 PM | Attr = ]

C:\WINDOWS\erdnt [Folder | Modified Date = 6/4/2007 8:24:30 PM | Attr = ]

C:\WINDOWS\catchme.exe [Ver = | Size = 87040 bytes | Modified Date = 5/28/2007 4:23:12 AM | Attr = ]

C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = H ]

C:\WINDOWS\system.ini [Ver = | Size = 716 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ]

C:\WINDOWS\win.ini [Ver = | Size = 2707 bytes | Modified Date = 5/30/2007 7:19:18 PM | Attr = ]

C:\WINDOWS\NeroDigital.ini [Ver = | Size = 229 bytes | Modified Date = 6/6/2007 12:44:30 PM | Attr = ]

C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 6/3/2007 12:07:46 PM | Attr = ]

C:\WINDOWS\DUMP35c9.tmp [Ver = | Size = 98304 bytes | Modified Date = 5/30/2007 7:57:52 PM | Attr = ]

C:\WINDOWS\$NtUninstallKB927891$ [Folder | Modified Date = 5/23/2007 4:02:54 PM | Attr = H ]

C:\WINDOWS\System32\gjwkcjpk.ini [Ver = | Size = 833461 bytes | Modified Date = 5/20/2007 7:32:18 PM | Attr = HS]

C:\WINDOWS\System32\rwehfyhq.ini [Ver = | Size = 1102487 bytes | Modified Date = 6/4/2007 12:22:50 PM | Attr = HS]

C:\WINDOWS\System32\kfigpqty.ini [Ver = | Size = 1101969 bytes | Modified Date = 6/1/2007 7:23:36 PM | Attr = HS]

C:\WINDOWS\System32\SIntf32.dll [Ver = | Size = 17212 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ]

C:\WINDOWS\System32\mcrh.tmp [Ver = | Size = 0 bytes | Modified Date = 6/2/2007 7:33:58 PM | Attr = ]

C:\WINDOWS\System32\SIntfNT.dll [Ver = | Size = 21840 bytes | Modified Date = 5/14/2007 3:57:24 PM | Attr = ]

C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 43094 bytes | Modified Date = 6/9/2007 6:23:54 PM | Attr = ]

C:\WINDOWS\System32\ueybfgbt.ini [Ver = | Size = 1067647 bytes | Modified Date = 6/1/2007 9:56:24 AM | Attr = HS]

C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 13646 bytes | Modified Date = 6/9/2007 6:23:40 PM | Attr = ]

C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 38604 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]

C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 308222 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]

C:\WINDOWS\System32\tkvogcyj.ini [Ver = | Size = 828142 bytes | Modified Date = 5/22/2007 3:04:00 PM | Attr = HS]

C:\WINDOWS\System32\avjdrupo.dll [Ver = | Size = 131604 bytes | Modified Date = 5/24/2007 4:26:18 PM | Attr = ]

C:\WINDOWS\System32\owqstluj.ini [Ver = | Size = 591923 bytes | Modified Date = 5/24/2007 12:10:50 PM | Attr = HS]

C:\WINDOWS\System32\wshfhgxl.ini [Ver = | Size = 1010895 bytes | Modified Date = 5/24/2007 11:00:40 PM | Attr = HS]

C:\WINDOWS\System32\gsaiijkj.exe [Ver = | Size = 121194 bytes | Modified Date = 5/25/2007 9:39:28 AM | Attr = ]

C:\WINDOWS\System32\ivqaqpvx.ini [Ver = | Size = 1011255 bytes | Modified Date = 5/25/2007 12:44:56 PM | Attr = HS]

C:\WINDOWS\System32\qhyfhewr.dll [Ver = | Size = 131124 bytes | Modified Date = 6/1/2007 7:32:08 PM | Attr = ]

C:\WINDOWS\System32\xjs.dll [Ver = | Size = 60928 bytes | Modified Date = 5/21/2007 9:59:50 AM | Attr = ]

C:\WINDOWS\System32\mmf.sys [Ver = | Size = 777 bytes | Modified Date = 6/1/2007 4:04:38 PM | Attr = HS]

C:\WINDOWS\System32\SIntf16.dll [Ver = | Size = 12067 bytes | Modified Date = 5/14/2007 3:57:22 PM | Attr = ]

C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 347886 bytes | Modified Date = 5/18/2007 9:09:14 AM | Attr = ]

C:\WINDOWS\System32\ClickToFindandFixErrors_US.ico [Ver = | Size = 2238 bytes | Modified Date = 5/25/2007 4:46:10 PM | Attr = ]

C:\WINDOWS\System32\xvid-uninstall.exe [Ver = | Size = 43602 bytes | Modified Date = 6/1/2007 7:30:00 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.467 | Size = 777984 bytes | Modified Date = 6/7/2007 7:46:40 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ]

C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 6/7/2007 7:46:44 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]

C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 6/7/2007 7:46:46 PM | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»

[Thawte Consulting , ]C:\iaplayer_2.05.10.0325.exe ()

[uPX! , UPX0 , ]C:\FxMydoom.exe (Symantec Corporation)

[Thawte Consulting , ]C:\GoogleEarth.exe (InstallShield Software Corporation)

[uPX! , UPX0 , ]C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe ()

[Thawte Consulting , USERTRUST , ]C:\WINDOWS\SYSTEM.NAV ()

[uPX! , UPX0 , ]C:\WINDOWS\System32\UC3D.scr ()

[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()

[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()

[uPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)

[uPX! , ]C:\WINDOWS\System32\qhyfhewr.dll ()

[PEC2 , PECompact2 , ]C:\WINDOWS\System32\xjs.dll ()

[uPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()

[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)

< End of report >

Share this post


Link to post
Share on other sites

Please go here to upload a suspicious file for analysis.

  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Do the same for the following...

C:\WINDOWS\System32\mcrh.tmp

C:\WINDOWS\System32\gsaiijkj.exe

C:\WINDOWS\System32\avjdrupo.dll

C:\WINDOWS\System32\qhyfhewr.dll

C:\WINDOWS\System32\xjs.dll

C:\WINDOWS\System32\dllcache\hwxjpn.dll

Share this post


Link to post
Share on other sites
Please go here to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: C:\Documents and Settings\All Users\Application Data\ypwfkzup.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

Do the same for the following...

C:\WINDOWS\System32\mcrh.tmp

C:\WINDOWS\System32\gsaiijkj.exe

C:\WINDOWS\System32\avjdrupo.dll

C:\WINDOWS\System32\qhyfhewr.dll

C:\WINDOWS\System32\xjs.dll

C:\WINDOWS\System32\dllcache\hwxjpn.dll

From the UploadMalware.com site :

Your file (ypwfkzup.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

The file you tried to upload was 0 Bytes or something prevented it from being uploaded. If someone requested you upload the file please let them know.Your file (gsaiijkj.exe) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (avjdrupo.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (qhyfhewr.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Your file (xjs.dll) was successfully submitted. If someone requested you submit this file please let them know that you have submitted the file.

Could not locate:

C:\WINDOWS\System32\dllcache\hwxjpn.dll

Share this post


Link to post
Share on other sites

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Share this post


Link to post
Share on other sites
First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Did all suggestions including -> Select "Automatically generate report after every scan". After the scan was completed, selected "

Apply all actions", selected "Reports", but the reports page showed "none available."

Looks like the AVG scan reported several items including tracking cookies, etc. Any suggestions at this point ?

By the way, The AVG version shows "7.5.1.43 trial"

Thanks

Edited by crazyJoe

Share this post


Link to post
Share on other sites
Can you please try in normal mode?

OK, finally got the report from Safe Mode. Would it help to see the Normal Mode scan at this time ?

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 7:56:28 AM 6/19/2007

+ Scan result:

:mozilla.33:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.34:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.52:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.54:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.55:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.56:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.57:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.85:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.69:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.70:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.71:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.72:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.73:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.74:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.75:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.76:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.77:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.31:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Collin\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.79:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.80:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.81:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.82:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.83:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.84:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.98:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.99:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.115:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.43:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.48:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.49:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.50:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.22:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.26:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

C:\Documents and Settings\Collin\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.6:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.86:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.87:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.88:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.89:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.90:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.91:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.92:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.93:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.94:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.

:mozilla.124:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.100:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.101:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.102:C:\Documents and Settings\Collin\Application Data\Mozilla\Firefox\Profiles\gepqo14o.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Share this post


Link to post
Share on other sites

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Share this post


Link to post
Share on other sites
Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf

Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\SMDAT32M.SYS

Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat

Adware:adware/winad Not disinfected c:\program files\Winad Client

Adware:adware/elitebar Not disinfected C:\Documents and Settings\default\Favorites\Finances & Business

Adware:adware/wupd Not disinfected Windows Registry

Potentially unwanted tool:application/need2find Not disinfected hkey_current_user\software\Need2Find

Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM

Adware:adware/dyfuca Not disinfected Windows Registry

Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware:adware/comet Not disinfected Windows Registry

Adware:adware/statblaster Not disinfected Windows Registry

Virus:Trj/Downloader.OZB Not disinfected C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE[DDC.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE

Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131

Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041

Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\System.dll.088

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066

Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044

Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\A1VirusTools\ComboFix.exe[ComboFixT\nircmd.exe]

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fhuxqrid.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ntouftsl.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nwyehhig.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\savlmilo.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uvreqkva.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wirlpctd.dll.bad

Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cbxuurp.dll.bad

Spyware:Spyware/New.net Not disinfected C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_84.exe.vir

Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\csycqfyp.dll.vir

Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gdefgmjm.dll.vir

Virus:Trj/Downloader.ORT Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\oyhfpdoy.dll.vir

Spyware:Cookie/Go Not disinfected C:\FOUND.010\FILE0000.CHK

Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0000.CHK

Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0001.CHK

Spyware:Cookie/Go Not disinfected C:\FOUND.012\FILE0000.CHK

Virus:Trj/Agent.FOX Disinfected C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\CLANSZ\TITSHPRY.SLT\COOKIES.TXT[.xiti.com/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Profiles\Default User\RAC5RH9Z.SLT\COOKIES.TXT[.target.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.statcounter.com/]

Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[www.winantiviruspro.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.apmebf.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.go.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.atwola.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\ytpk9ubd.default\COOKIES.TXT[.bravenet.com/]

Virus:Trj/Downloader.OJF Disinfected C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Collin\Start Menu\Programs\Startup\PowerReg Scheduler.exe

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Rachel\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.terra.com.br/]

Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Rachel\Application Data\Netscape\NSB\Profiles\ygvctc98.default\COOKIES.TXT[.i.screensavers.com/]

Share this post


Link to post
Share on other sites

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Delete the folders. (if present)

c:\program files\Winad Client

C:\Documents and Settings\default\Favorites\Finances & Business

C:\VundoFix Backups

C:\QooBox\Quarantine

Delete the files. (if present)

c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf

c:\windows\msbb.exe.temp

c:\windows\SMDAT32M.SYS

c:\windows\kwv2.dat

C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE

C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131

C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048

C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066

C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041

C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023

C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062

C:\Program Files\Common Files\Totem Shared\Update\System.dll.088

C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066

C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074

C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044

C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL

C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE

C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe

Reboot and post a new Hijackthis log here in a reply.

Share this post


Link to post
Share on other sites
Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Delete the folders. (if present)

c:\program files\Winad Client

C:\Documents and Settings\default\Favorites\Finances & Business

C:\VundoFix Backups

C:\QooBox\Quarantine

Delete the files. (if present)

c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf

c:\windows\msbb.exe.temp

c:\windows\SMDAT32M.SYS

c:\windows\kwv2.dat

C:\WINDOWS\SYSTEM32\GSAIIJKJ.EXE

C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131

C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048

C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066

C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041

C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023

C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062

C:\Program Files\Common Files\Totem Shared\Update\System.dll.088

C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066

C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074

C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044

C:\Program Files\Mozilla Firefox\PLUGINS\NPCLNTAX.DLL

C:\Documents and Settings\All Users\Application Data\YPWFKZUP.EXE

C:\Documents and Settings\Collin\Local Settings\Temp\win1C.tmp.exe

Reboot and post a new Hijackthis log here in a reply.

Logfile of HijackThis v1.99.1

Scan saved at 11:21:57 AM, on 6/30/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\QuickTime\qttask.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

E:\Program Files\iTunes\iTunesHelper.exe

C:\Documents and Settings\All Users\Application Data\xiladgte.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\scchk32.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {15121244-9A9B-415A-8902-559BF75BC4D9} - C:\WINDOWS\system32\awtss.dll

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [xiladgte.exe] C:\Documents and Settings\All Users\Application Data\xiladgte.exe

O4 - HKLM\..\Run: [sC2] C:\WINDOWS\system32\scchk32.exe

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\lcoyajfo.dll",forkonce

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll

O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Share this post


Link to post
Share on other sites

Lets try this agian...

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Share this post


Link to post
Share on other sites
Lets try this agian...

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Logfile of HijackThis v1.99.1

Scan saved at 7:21:45 PM, on 7/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\Messenger\msmsgs.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\HPGS2WNF.EXE

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

///////////////

VundoFix V6.4.1

Checking Java version...

Scan started at 1:40:11 PM 6/3/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Scan started at 8:53:28 PM 6/4/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Scan started at 9:24:05 AM 6/8/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Scan started at 1:49:16 PM 6/8/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.4.1

Checking Java version...

Scan started at 4:57:55 PM 6/30/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll

C:\WINDOWS\system32\sstwa.bak1

C:\WINDOWS\system32\sstwa.bak2

C:\WINDOWS\system32\sstwa.ini

C:\WINDOWS\system32\sstwa.ini2

VundoFix V6.4.1

Checking Java version...

Scan started at 6:55:46 PM 7/11/2007

Listing files found while scanning....

No infected files were found.

Share this post


Link to post
Share on other sites

Open Hijackthis and click scan. Then check mark the following entries

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)

O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Share this post


Link to post
Share on other sites
Open Hijackthis and click scan. Then check mark the following entries

O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\gfpxsmnh.dll (file missing)

O2 - BHO: (no name) - {A6807262-1D7A-44AB-947B-23B71E97915C} - C:\WINDOWS\system32\ssqolkj.dll (file missing)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O20 - Winlogon Notify: ssqolkj - ssqolkj.dll (file missing)

O20 - Winlogon Notify: wingvd32 - wingvd32.dll (file missing)

Now close all open windows except Hijackthis and click fix checked

Then post a new Hijackthis log here in a reply.

Logfile of HijackThis v1.99.1

Scan saved at 10:18:57 PM, on 7/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hometownohio.com/"); (C:\Program Files\Netscape\Users\clansz\prefs.js)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133148926\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] E:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe

O4 - Global Startup: PowerReg Scheduler.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Viewpoint Search - res://C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL/CXTSEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .htm: E:\Program Files\Netscape\PLUGINS\npTrident.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab

O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://vpn.diebold.com/dana-cached/setup/NeoterisSetup.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {72770C4F-967D-4517-982B-92D6B9015649} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/co...X.cab?9,0,712,0

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...042/mcfscan.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)

O23 - Service: Virtual Com Port Service (neoNcSvc) - Unknown owner - C:\WINDOWS\system32\ncsvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...