Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Diagnose


  • This topic is locked This topic is locked
4 replies to this topic

#1 D beau

D beau

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:cape cod
  • Local time:11:12 PM

Posted 11 August 2006 - 06:22 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:07:51 PM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.costco.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/today/aimtoday.adp...79&nlogin=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {26A94BA6-3FC8-46F5-AF43-AC2F1C3F2063} - C:\WINDOWS\system32\bobkwn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D06AE849-1A5E-4614-A4C0-2B63CB6A1B2A} - (no file)
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [thvxty] C:\WINDOWS\system32\ebfojjc.exe r
O4 - HKLM\..\Run: [vfqskq] C:\WINDOWS\system32\ufipuo.exe r
O4 - HKLM\..\Run: [xykljy] C:\WINDOWS\system32\hnczowk.exe r
O4 - HKLM\..\Run: [dzfvyc] C:\WINDOWS\system32\wfnoup.exe r
O4 - HKLM\..\Run: [dspreke] C:\WINDOWS\system32\qqedof.exe r
O4 - HKLM\..\Run: [aajzeh] C:\WINDOWS\system32\fgagpur.exe r
O4 - HKLM\..\Run: [dzgvms] C:\WINDOWS\system32\locqyrh.exe r
O4 - HKLM\..\Run: [dycqhj] C:\WINDOWS\system32\kfmgmd.exe r
O4 - HKLM\..\Run: [nipxmu] C:\WINDOWS\system32\affmvgm.exe r
O4 - HKLM\..\Run: [oqovxbo] C:\WINDOWS\system32\yspdwbh.exe r
O4 - HKLM\..\Run: [tpbzor] C:\WINDOWS\system32\frgdqi.exe r
O4 - HKLM\..\Run: [aqbjnd] C:\WINDOWS\system32\idhkdlr.exe r
O4 - HKLM\..\Run: [cqdykx] C:\WINDOWS\system32\izyrwvp.exe r
O4 - HKLM\..\Run: [izuscws] C:\WINDOWS\system32\gkwlfs.exe r
O4 - HKLM\..\Run: [fpuctn] C:\WINDOWS\system32\hqkihz.exe r
O4 - HKLM\..\Run: [vpbdhsj] C:\WINDOWS\system32\kijmdr.exe r
O4 - HKLM\..\Run: [hprcwi] C:\WINDOWS\system32\xffmoeq.exe r
O4 - HKLM\..\Run: [qxxotan] C:\WINDOWS\system32\eakivh.exe r
O4 - HKLM\..\Run: [djykhq] C:\WINDOWS\system32\hdhmnz.exe r
O4 - HKLM\..\Run: [timbnm] C:\WINDOWS\system32\djjixr.exe r
O4 - HKLM\..\Run: [fcsuej] C:\WINDOWS\system32\vrlucr.exe r
O4 - HKLM\..\Run: [lybvgs] C:\WINDOWS\system32\lewkch.exe r
O4 - HKLM\..\Run: [zockey] C:\WINDOWS\system32\vxogal.exe r
O4 - HKLM\..\Run: [jqomsx] C:\WINDOWS\system32\veklvpg.exe r
O4 - HKLM\..\Run: [mddbgce] C:\WINDOWS\system32\iirchx.exe r
O4 - HKLM\..\Run: [ujkglqc] C:\WINDOWS\system32\ekrpvrm.exe r
O4 - HKLM\..\Run: [hyqjpg] C:\WINDOWS\system32\jpfoue.exe r
O4 - HKLM\..\Run: [xlhllj] C:\WINDOWS\system32\xnrxrjm.exe r
O4 - HKLM\..\Run: [evsfis] C:\WINDOWS\system32\ytkppjk.exe r
O4 - HKLM\..\Run: [dsylch] C:\WINDOWS\system32\ubtvbm.exe r
O4 - HKLM\..\Run: [hfwmwe] C:\WINDOWS\system32\abnubr.exe r
O4 - HKLM\..\Run: [lslrdc] C:\WINDOWS\system32\glfxdh.exe r
O4 - HKLM\..\Run: [csouuwj] C:\WINDOWS\system32\momnok.exe r
O4 - HKLM\..\Run: [jggeek] C:\WINDOWS\system32\ihmwym.exe r
O4 - HKLM\..\Run: [mess lies pop wait] C:\Documents and Settings\All Users\Application Data\Dog Dart Mess Lies\RefFlag.exe
O4 - HKLM\..\Run: [pkjdmqz] C:\WINDOWS\system32\wsewfit.exe r
O4 - HKLM\..\Run: [klezqtl] C:\WINDOWS\system32\wqdpfrz.exe r
O4 - HKLM\..\Run: [ctdlvgh] C:\WINDOWS\system32\ewlvepj.exe r
O4 - HKLM\..\Run: [oyhbgc] C:\WINDOWS\system32\cnjfsoa.exe r
O4 - HKLM\..\Run: [zqhuwb] C:\WINDOWS\system32\vcecskn.exe r
O4 - HKLM\..\Run: [rjubvx] C:\WINDOWS\system32\grtataj.exe r
O4 - HKLM\..\Run: [aohpxx] C:\WINDOWS\system32\vqwnqf.exe r
O4 - HKLM\..\Run: [rzmeic] C:\WINDOWS\system32\zuhncqv.exe r
O4 - HKLM\..\Run: [ccloii] C:\WINDOWS\system32\nnwdbtt.exe r
O4 - HKLM\..\Run: [wpkkga] C:\WINDOWS\system32\vuhqfpt.exe r
O4 - HKLM\..\Run: [coystwo] C:\WINDOWS\system32\gudumzq.exe r
O4 - HKLM\..\Run: [eupzbe] C:\WINDOWS\system32\jrojtx.exe r
O4 - HKLM\..\Run: [oodhhl] C:\WINDOWS\system32\ijzemd.exe r
O4 - HKLM\..\Run: [ebeqjl] C:\WINDOWS\system32\bqoyylc.exe r
O4 - HKLM\..\Run: [apeksl] C:\WINDOWS\system32\fvswbvx.exe r
O4 - HKLM\..\Run: [mvntbf] C:\WINDOWS\system32\pdpudj.exe r
O4 - HKLM\..\Run: [vzgxdb] C:\WINDOWS\system32\bteqfdj.exe r
O4 - HKLM\..\Run: [amjkbex] C:\WINDOWS\system32\gsuqrr.exe r
O4 - HKLM\..\Run: [whguvj] C:\WINDOWS\system32\hjlkqfq.exe r
O4 - HKLM\..\Run: [ptqhjwr] C:\WINDOWS\system32\gcdlwhf.exe r
O4 - HKLM\..\Run: [wtbzdc] C:\WINDOWS\system32\mvddle.exe r
O4 - HKLM\..\Run: [uqsbjtu] C:\WINDOWS\system32\cmowmda.exe r
O4 - HKLM\..\Run: [uidvlz] C:\WINDOWS\system32\vdndxf.exe r
O4 - HKLM\..\Run: [caywfn] C:\WINDOWS\system32\bsikvx.exe r
O4 - HKLM\..\Run: [qxcmka] C:\WINDOWS\system32\hxxlczm.exe r
O4 - HKLM\..\Run: [uspqmg] C:\WINDOWS\system32\bbuqgza.exe r
O4 - HKLM\..\Run: [yhgavpf] C:\WINDOWS\system32\yosusup.exe r
O4 - HKLM\..\Run: [zxfmnly] C:\WINDOWS\system32\ssqlyl.exe r
O4 - HKLM\..\Run: [zphxdqi] C:\WINDOWS\system32\kuhznf.exe r
O4 - HKLM\..\Run: [kgvirl] C:\WINDOWS\system32\bdjnjvy.exe r
O4 - HKLM\..\Run: [gkbauq] C:\WINDOWS\system32\chltpen.exe r
O4 - HKLM\..\Run: [yugdyr] C:\WINDOWS\system32\xkarqj.exe r
O4 - HKLM\..\Run: [ayaimf] C:\WINDOWS\system32\zwtthk.exe r
O4 - HKLM\..\Run: [coxdqa] C:\WINDOWS\system32\fbhasvx.exe r
O4 - HKLM\..\Run: [pqlezn] C:\WINDOWS\system32\nwkqsz.exe r
O4 - HKLM\..\Run: [irleup] C:\WINDOWS\system32\yhqzxln.exe r
O4 - HKLM\..\Run: [uftepw] C:\WINDOWS\system32\jcipyv.exe r
O4 - HKLM\..\Run: [kfjrqf] C:\WINDOWS\system32\gpiqzlc.exe r
O4 - HKLM\..\Run: [dawtvyr] C:\WINDOWS\system32\eyupllx.exe r
O4 - HKLM\..\Run: [gkexpkw] C:\WINDOWS\system32\iolqae.exe r
O4 - HKLM\..\Run: [bshcig] C:\WINDOWS\system32\ztoclj.exe r
O4 - HKLM\..\Run: [sfqrvd] C:\WINDOWS\system32\otbbaw.exe r
O4 - HKLM\..\Run: [fobnku] C:\WINDOWS\system32\ipzoyt.exe r
O4 - HKLM\..\Run: [jqbnkd] C:\WINDOWS\system32\exdynfj.exe r
O4 - HKLM\..\Run: [joqczm] C:\WINDOWS\system32\dfsczdc.exe r
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-PBVMF.exe /REG
O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: updater.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.1.28/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.1.18/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.1.18/m...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-5.9.3.29/mlsl...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.1.28...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.18/fl...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.21/popf...u-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.1.18/pop...t-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.1.18/spa...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.21/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.1.18/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jum...e-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.1.28/...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.18/w...s-ob-assets.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122995090125
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\LogMeIn.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BullGuard XComm (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 12 August 2006 - 07:04 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [thvxty] C:\WINDOWS\system32\ebfojjc.exe r
O4 - HKLM\..\Run: [vfqskq] C:\WINDOWS\system32\ufipuo.exe r
O4 - HKLM\..\Run: [xykljy] C:\WINDOWS\system32\hnczowk.exe r
O4 - HKLM\..\Run: [dzfvyc] C:\WINDOWS\system32\wfnoup.exe r
O4 - HKLM\..\Run: [dspreke] C:\WINDOWS\system32\qqedof.exe r
O4 - HKLM\..\Run: [aajzeh] C:\WINDOWS\system32\fgagpur.exe r
O4 - HKLM\..\Run: [dzgvms] C:\WINDOWS\system32\locqyrh.exe r
O4 - HKLM\..\Run: [dycqhj] C:\WINDOWS\system32\kfmgmd.exe r
O4 - HKLM\..\Run: [nipxmu] C:\WINDOWS\system32\affmvgm.exe r
O4 - HKLM\..\Run: [oqovxbo] C:\WINDOWS\system32\yspdwbh.exe r
O4 - HKLM\..\Run: [tpbzor] C:\WINDOWS\system32\frgdqi.exe r
O4 - HKLM\..\Run: [aqbjnd] C:\WINDOWS\system32\idhkdlr.exe r
O4 - HKLM\..\Run: [cqdykx] C:\WINDOWS\system32\izyrwvp.exe r
O4 - HKLM\..\Run: [izuscws] C:\WINDOWS\system32\gkwlfs.exe r
O4 - HKLM\..\Run: [fpuctn] C:\WINDOWS\system32\hqkihz.exe r
O4 - HKLM\..\Run: [vpbdhsj] C:\WINDOWS\system32\kijmdr.exe r
O4 - HKLM\..\Run: [hprcwi] C:\WINDOWS\system32\xffmoeq.exe r
O4 - HKLM\..\Run: [qxxotan] C:\WINDOWS\system32\eakivh.exe r
O4 - HKLM\..\Run: [djykhq] C:\WINDOWS\system32\hdhmnz.exe r
O4 - HKLM\..\Run: [timbnm] C:\WINDOWS\system32\djjixr.exe r
O4 - HKLM\..\Run: [fcsuej] C:\WINDOWS\system32\vrlucr.exe r
O4 - HKLM\..\Run: [lybvgs] C:\WINDOWS\system32\lewkch.exe r
O4 - HKLM\..\Run: [zockey] C:\WINDOWS\system32\vxogal.exe r
O4 - HKLM\..\Run: [jqomsx] C:\WINDOWS\system32\veklvpg.exe r
O4 - HKLM\..\Run: [mddbgce] C:\WINDOWS\system32\iirchx.exe r
O4 - HKLM\..\Run: [ujkglqc] C:\WINDOWS\system32\ekrpvrm.exe r
O4 - HKLM\..\Run: [hyqjpg] C:\WINDOWS\system32\jpfoue.exe r
O4 - HKLM\..\Run: [xlhllj] C:\WINDOWS\system32\xnrxrjm.exe r
O4 - HKLM\..\Run: [evsfis] C:\WINDOWS\system32\ytkppjk.exe r
O4 - HKLM\..\Run: [dsylch] C:\WINDOWS\system32\ubtvbm.exe r
O4 - HKLM\..\Run: [hfwmwe] C:\WINDOWS\system32\abnubr.exe r
O4 - HKLM\..\Run: [lslrdc] C:\WINDOWS\system32\glfxdh.exe r
O4 - HKLM\..\Run: [csouuwj] C:\WINDOWS\system32\momnok.exe r
O4 - HKLM\..\Run: [jggeek] C:\WINDOWS\system32\ihmwym.exe r
O4 - HKLM\..\Run: [pkjdmqz] C:\WINDOWS\system32\wsewfit.exe r
O4 - HKLM\..\Run: [klezqtl] C:\WINDOWS\system32\wqdpfrz.exe r
O4 - HKLM\..\Run: [ctdlvgh] C:\WINDOWS\system32\ewlvepj.exe r
O4 - HKLM\..\Run: [oyhbgc] C:\WINDOWS\system32\cnjfsoa.exe r
O4 - HKLM\..\Run: [zqhuwb] C:\WINDOWS\system32\vcecskn.exe r
O4 - HKLM\..\Run: [rjubvx] C:\WINDOWS\system32\grtataj.exe r
O4 - HKLM\..\Run: [aohpxx] C:\WINDOWS\system32\vqwnqf.exe r
O4 - HKLM\..\Run: [rzmeic] C:\WINDOWS\system32\zuhncqv.exe r
O4 - HKLM\..\Run: [ccloii] C:\WINDOWS\system32\nnwdbtt.exe r
O4 - HKLM\..\Run: [wpkkga] C:\WINDOWS\system32\vuhqfpt.exe r
O4 - HKLM\..\Run: [coystwo] C:\WINDOWS\system32\gudumzq.exe r
O4 - HKLM\..\Run: [eupzbe] C:\WINDOWS\system32\jrojtx.exe r
O4 - HKLM\..\Run: [oodhhl] C:\WINDOWS\system32\ijzemd.exe r
O4 - HKLM\..\Run: [ebeqjl] C:\WINDOWS\system32\bqoyylc.exe r
O4 - HKLM\..\Run: [apeksl] C:\WINDOWS\system32\fvswbvx.exe r
O4 - HKLM\..\Run: [mvntbf] C:\WINDOWS\system32\pdpudj.exe r
O4 - HKLM\..\Run: [vzgxdb] C:\WINDOWS\system32\bteqfdj.exe r
O4 - HKLM\..\Run: [amjkbex] C:\WINDOWS\system32\gsuqrr.exe r
O4 - HKLM\..\Run: [whguvj] C:\WINDOWS\system32\hjlkqfq.exe r
O4 - HKLM\..\Run: [ptqhjwr] C:\WINDOWS\system32\gcdlwhf.exe r
O4 - HKLM\..\Run: [wtbzdc] C:\WINDOWS\system32\mvddle.exe r
O4 - HKLM\..\Run: [uqsbjtu] C:\WINDOWS\system32\cmowmda.exe r
O4 - HKLM\..\Run: [uidvlz] C:\WINDOWS\system32\vdndxf.exe r
O4 - HKLM\..\Run: [caywfn] C:\WINDOWS\system32\bsikvx.exe r
O4 - HKLM\..\Run: [qxcmka] C:\WINDOWS\system32\hxxlczm.exe r
O4 - HKLM\..\Run: [uspqmg] C:\WINDOWS\system32\bbuqgza.exe r
O4 - HKLM\..\Run: [yhgavpf] C:\WINDOWS\system32\yosusup.exe r
O4 - HKLM\..\Run: [zxfmnly] C:\WINDOWS\system32\ssqlyl.exe r
O4 - HKLM\..\Run: [zphxdqi] C:\WINDOWS\system32\kuhznf.exe r
O4 - HKLM\..\Run: [kgvirl] C:\WINDOWS\system32\bdjnjvy.exe r
O4 - HKLM\..\Run: [gkbauq] C:\WINDOWS\system32\chltpen.exe r
O4 - HKLM\..\Run: [yugdyr] C:\WINDOWS\system32\xkarqj.exe r
O4 - HKLM\..\Run: [ayaimf] C:\WINDOWS\system32\zwtthk.exe r
O4 - HKLM\..\Run: [coxdqa] C:\WINDOWS\system32\fbhasvx.exe r
O4 - HKLM\..\Run: [pqlezn] C:\WINDOWS\system32\nwkqsz.exe r
O4 - HKLM\..\Run: [irleup] C:\WINDOWS\system32\yhqzxln.exe r
O4 - HKLM\..\Run: [uftepw] C:\WINDOWS\system32\jcipyv.exe r
O4 - HKLM\..\Run: [kfjrqf] C:\WINDOWS\system32\gpiqzlc.exe r
O4 - HKLM\..\Run: [dawtvyr] C:\WINDOWS\system32\eyupllx.exe r
O4 - HKLM\..\Run: [gkexpkw] C:\WINDOWS\system32\iolqae.exe r
O4 - HKLM\..\Run: [bshcig] C:\WINDOWS\system32\ztoclj.exe r
O4 - HKLM\..\Run: [sfqrvd] C:\WINDOWS\system32\otbbaw.exe r
O4 - HKLM\..\Run: [fobnku] C:\WINDOWS\system32\ipzoyt.exe r
O4 - HKLM\..\Run: [jqbnkd] C:\WINDOWS\system32\exdynfj.exe r
O4 - HKLM\..\Run: [joqczm] C:\WINDOWS\system32\dfsczdc.exe r



Reboot your computer.


==============



Open up Spysweeper.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
Please post the log from Spysweeper and a new hijackthis log into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 D beau

D beau
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:cape cod
  • Local time:11:12 PM

Posted 20 August 2006 - 12:41 AM

okay here is my second hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 1:35:13 AM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\xcommsvr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.costco.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/today/aimtoday.adp...79&nlogin=1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {26A94BA6-3FC8-46F5-AF43-AC2F1C3F2063} - C:\WINDOWS\system32\bobkwn.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D06AE849-1A5E-4614-A4C0-2B63CB6A1B2A} - (no file)
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [LWBMOUSE] "C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [mess lies pop wait] C:\Documents and Settings\All Users\Application Data\Dog Dart Mess Lies\RefFlag.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [thvxty] C:\WINDOWS\system32\ebfojjc.exe r
O4 - HKLM\..\Run: [oqovxbo] C:\WINDOWS\system32\yspdwbh.exe r
O4 - HKLM\..\Run: [tpbzor] C:\WINDOWS\system32\frgdqi.exe r
O4 - HKLM\..\Run: [aqbjnd] C:\WINDOWS\system32\idhkdlr.exe r
O4 - HKLM\..\Run: [vfqskq] C:\WINDOWS\system32\ufipuo.exe r
O4 - HKLM\..\Run: [xykljy] C:\WINDOWS\system32\hnczowk.exe r
O4 - HKLM\..\Run: [dzfvyc] C:\WINDOWS\system32\wfnoup.exe r
O4 - HKLM\..\Run: [dspreke] C:\WINDOWS\system32\qqedof.exe r
O4 - HKLM\..\Run: [aajzeh] C:\WINDOWS\system32\fgagpur.exe r
O4 - HKLM\..\Run: [cqdykx] C:\WINDOWS\system32\izyrwvp.exe r
O4 - HKLM\..\Run: [dzgvms] C:\WINDOWS\system32\locqyrh.exe r
O4 - HKLM\..\Run: [dycqhj] C:\WINDOWS\system32\kfmgmd.exe r
O4 - HKLM\..\Run: [nipxmu] C:\WINDOWS\system32\affmvgm.exe r
O4 - HKLM\..\Run: [izuscws] C:\WINDOWS\system32\gkwlfs.exe r
O4 - HKLM\..\Run: [fpuctn] C:\WINDOWS\system32\hqkihz.exe r
O4 - HKLM\..\Run: [vpbdhsj] C:\WINDOWS\system32\kijmdr.exe r
O4 - HKLM\..\Run: [hprcwi] C:\WINDOWS\system32\xffmoeq.exe r
O4 - HKLM\..\Run: [qxxotan] C:\WINDOWS\system32\eakivh.exe r
O4 - HKLM\..\Run: [djykhq] C:\WINDOWS\system32\hdhmnz.exe r
O4 - HKLM\..\Run: [timbnm] C:\WINDOWS\system32\djjixr.exe r
O4 - HKLM\..\Run: [fcsuej] C:\WINDOWS\system32\vrlucr.exe r
O4 - HKLM\..\Run: [lybvgs] C:\WINDOWS\system32\lewkch.exe r
O4 - HKLM\..\Run: [zockey] C:\WINDOWS\system32\vxogal.exe r
O4 - HKLM\..\Run: [jqomsx] C:\WINDOWS\system32\veklvpg.exe r
O4 - HKLM\..\Run: [mddbgce] C:\WINDOWS\system32\iirchx.exe r
O4 - HKLM\..\Run: [ujkglqc] C:\WINDOWS\system32\ekrpvrm.exe r
O4 - HKLM\..\Run: [hyqjpg] C:\WINDOWS\system32\jpfoue.exe r
O4 - HKLM\..\Run: [xlhllj] C:\WINDOWS\system32\xnrxrjm.exe r
O4 - HKLM\..\Run: [evsfis] C:\WINDOWS\system32\ytkppjk.exe r
O4 - HKLM\..\Run: [dsylch] C:\WINDOWS\system32\ubtvbm.exe r
O4 - HKLM\..\Run: [hfwmwe] C:\WINDOWS\system32\abnubr.exe r
O4 - HKLM\..\Run: [lslrdc] C:\WINDOWS\system32\glfxdh.exe r
O4 - HKLM\..\Run: [csouuwj] C:\WINDOWS\system32\momnok.exe r
O4 - HKLM\..\Run: [jggeek] C:\WINDOWS\system32\ihmwym.exe r
O4 - HKLM\..\Run: [pkjdmqz] C:\WINDOWS\system32\wsewfit.exe r
O4 - HKLM\..\Run: [klezqtl] C:\WINDOWS\system32\wqdpfrz.exe r
O4 - HKLM\..\Run: [ctdlvgh] C:\WINDOWS\system32\ewlvepj.exe r
O4 - HKLM\..\Run: [oyhbgc] C:\WINDOWS\system32\cnjfsoa.exe r
O4 - HKLM\..\Run: [zqhuwb] C:\WINDOWS\system32\vcecskn.exe r
O4 - HKLM\..\Run: [rjubvx] C:\WINDOWS\system32\grtataj.exe r
O4 - HKLM\..\Run: [aohpxx] C:\WINDOWS\system32\vqwnqf.exe r
O4 - HKLM\..\Run: [rzmeic] C:\WINDOWS\system32\zuhncqv.exe r
O4 - HKLM\..\Run: [ccloii] C:\WINDOWS\system32\nnwdbtt.exe r
O4 - HKLM\..\Run: [wpkkga] C:\WINDOWS\system32\vuhqfpt.exe r
O4 - HKLM\..\Run: [coystwo] C:\WINDOWS\system32\gudumzq.exe r
O4 - HKLM\..\Run: [eupzbe] C:\WINDOWS\system32\jrojtx.exe r
O4 - HKLM\..\Run: [oodhhl] C:\WINDOWS\system32\ijzemd.exe r
O4 - HKLM\..\Run: [ebeqjl] C:\WINDOWS\system32\bqoyylc.exe r
O4 - HKLM\..\Run: [apeksl] C:\WINDOWS\system32\fvswbvx.exe r
O4 - HKLM\..\Run: [mvntbf] C:\WINDOWS\system32\pdpudj.exe r
O4 - HKLM\..\Run: [vzgxdb] C:\WINDOWS\system32\bteqfdj.exe r
O4 - HKLM\..\Run: [amjkbex] C:\WINDOWS\system32\gsuqrr.exe r
O4 - HKLM\..\Run: [whguvj] C:\WINDOWS\system32\hjlkqfq.exe r
O4 - HKLM\..\Run: [ptqhjwr] C:\WINDOWS\system32\gcdlwhf.exe r
O4 - HKLM\..\Run: [wtbzdc] C:\WINDOWS\system32\mvddle.exe r
O4 - HKLM\..\Run: [uqsbjtu] C:\WINDOWS\system32\cmowmda.exe r
O4 - HKLM\..\Run: [uidvlz] C:\WINDOWS\system32\vdndxf.exe r
O4 - HKLM\..\Run: [caywfn] C:\WINDOWS\system32\bsikvx.exe r
O4 - HKLM\..\Run: [qxcmka] C:\WINDOWS\system32\hxxlczm.exe r
O4 - HKLM\..\Run: [uspqmg] C:\WINDOWS\system32\bbuqgza.exe r
O4 - HKLM\..\Run: [yhgavpf] C:\WINDOWS\system32\yosusup.exe r
O4 - HKLM\..\Run: [zxfmnly] C:\WINDOWS\system32\ssqlyl.exe r
O4 - HKLM\..\Run: [zphxdqi] C:\WINDOWS\system32\kuhznf.exe r
O4 - HKLM\..\Run: [kgvirl] C:\WINDOWS\system32\bdjnjvy.exe r
O4 - HKLM\..\Run: [gkbauq] C:\WINDOWS\system32\chltpen.exe r
O4 - HKLM\..\Run: [yugdyr] C:\WINDOWS\system32\xkarqj.exe r
O4 - HKLM\..\Run: [ayaimf] C:\WINDOWS\system32\zwtthk.exe r
O4 - HKLM\..\Run: [coxdqa] C:\WINDOWS\system32\fbhasvx.exe r
O4 - HKLM\..\Run: [pqlezn] C:\WINDOWS\system32\nwkqsz.exe r
O4 - HKLM\..\Run: [irleup] C:\WINDOWS\system32\yhqzxln.exe r
O4 - HKLM\..\Run: [uftepw] C:\WINDOWS\system32\jcipyv.exe r
O4 - HKLM\..\Run: [kfjrqf] C:\WINDOWS\system32\gpiqzlc.exe r
O4 - HKLM\..\Run: [dawtvyr] C:\WINDOWS\system32\eyupllx.exe r
O4 - HKLM\..\Run: [gkexpkw] C:\WINDOWS\system32\iolqae.exe r
O4 - HKLM\..\Run: [bshcig] C:\WINDOWS\system32\ztoclj.exe r
O4 - HKLM\..\Run: [sfqrvd] C:\WINDOWS\system32\otbbaw.exe r
O4 - HKLM\..\Run: [fobnku] C:\WINDOWS\system32\ipzoyt.exe r
O4 - HKLM\..\Run: [jqbnkd] C:\WINDOWS\system32\exdynfj.exe r
O4 - HKLM\..\Run: [joqczm] C:\WINDOWS\system32\dfsczdc.exe r
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-PBVMF.exe /REG
O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: updater.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Bet On USA Poker - {64FA9700-6A17-4bd5-A7D8-D81CF095995F} - C:\Program Files\betonusaMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.costco.com
O16 - DPF: Jokers Wild Poker by pogo - http://vpjoke.pogo.com/applet-5.9.1.28/vid...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.9.1.18/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.1.18/m...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.com/applet-5.9.3.29/mlsl...s-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.1.28...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.9.1.18/fl...r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.2.21/popf...u-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.9.1.18/pop...t-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.com/applet-5.9.1.18/spa...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.2.38...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.9.2.21/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.1.18/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.2.38/jum...e-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.9.1.28/...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.1.18/w...s-ob-assets.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122995090125
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn - Unknown owner - C:\Program Files\LogMeIn\LogMeIn.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BullGuard XComm (XCOMM) - Softwin - C:\WINDOWS\system32\xcommsvr.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 20 August 2006 - 08:12 AM

Did you run Spysweeper? Please post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 03 September 2006 - 02:12 PM

Unfortunately there has been no response. So this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users