Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
31 replies to this topic

#1 rainbow_warrior

rainbow_warrior

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 30 October 2006 - 01:43 AM

Spybot detects virtumonde, cannot fix root class items. Ran HouseCall and Panda. Fixed all Housecall except ASP.NET path validation vuln. needs Aug 8 bulletin fix from Microsoft. During BitDefender scan, AVG detects C:\WINDOWS\system32\wdmpd.dll but AVG cannot fix. File now resides in recycle bin after safe boot. Is it a legitimate needed file? AdAware now scans clean. Spybot used to run in about ten minutes. Suddenly it takes two hours. It detected CoolWWWSeach SmallM and Pipas.A, now in Spybot vault, I think, even after I reinstalled and uninstalled it. Saved Panda log but did not buy Panda fix. Below is latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:29 AM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1103768917\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1103768917\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\cidaemon.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Owner\My Documents\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0574C016-5C5F-4B1D-92E0-2864095B2CA9} - C:\WINDOWS\Microsoft.NET\migbd.dll (file missing)
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hocvsubb.dll (file missing)
O2 - BHO: (no name) - {256EB13B-A59A-4735-9EED-8B398C3125CF} - C:\WINDOWS\Registration\yssc.dll (file missing)
O2 - BHO: (no name) - {27F232A4-A0E9-4C56-B5A3-55BA8EB2C8A8} - (no file)
O2 - BHO: (no name) - {2CBB8D24-8F7B-454E-BB18-11E8CB176E2B} - C:\WINDOWS\inf\atskpi.dll (file missing)
O2 - BHO: (no name) - {4FB0E3AB-303C-499E-9C23-CADD967EA7B8} - C:\WINDOWS\vddrsv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {721A9CCF-2C6B-42B0-B8F8-DFF7B7050352} - (no file)
O2 - BHO: (no name) - {76F9CB85-0949-4220-9ECF-86E897B82E73} - C:\WINDOWS\ServicePackFiles\picac.dll (file missing)
O2 - BHO: (no name) - {794212FE-1C3F-4FB4-994E-46DFB213F777} - C:\WINDOWS\repair\gvaca.dll (file missing)
O2 - BHO: (no name) - {8134B517-3308-4510-BD41-7E378A7DBFB8} - C:\WINDOWS\system32\hryinnka.dll
O2 - BHO: (no name) - {99943216-B0C8-4A49-91C5-08D28A37E3B5} - (no file)
O2 - BHO: (no name) - {B885B7F4-15CE-43CB-9F25-AE5392C173DF} - (no file)
O2 - BHO: (no name) - {C0850BC0-244B-4E3F-8F18-D57B5A91BA54} - C:\WINDOWS\inf\nuc.dll (file missing)
O2 - BHO: (no name) - {C2977D8A-BBEF-4E5E-A9FD-424930ED2377} - (no file)
O2 - BHO: (no name) - {C42ADBF0-A425-470B-A080-7C062D3BC548} - C:\WINDOWS\system\pamcd.dll (file missing)
O2 - BHO: (no name) - {D849BF2D-0356-4BAA-B54F-056D50CF1756} - (no file)
O2 - BHO: (no name) - {DCDE8338-AEE5-4F39-A9B9-D1FBA19E45FC} - (no file)
O2 - BHO: (no name) - {F136AF6F-AADB-4887-9C74-AAEC93829C7A} - C:\WINDOWS\assembly\temp\ualaars.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [fctud2a9] C:\WINDOWS\system32\fctud2a9.exe
O4 - HKLM\..\Run: [pfaivuvm] C:\WINDOWS\system32\pfaivuvm.exe
O4 - HKLM\..\Run: [q683oogi] C:\WINDOWS\system32\q683oogi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [2umqmo0i] C:\WINDOWS\system32\2umqmo0i.exe
O4 - HKLM\..\Run: [Gram save corn 4] C:\Documents and Settings\All Users\Application Data\drivebirdgramsave\closespam.exe
O4 - HKLM\..\Run: [ghfben] C:\WINDOWS\system32\qmzpge.exe r
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1103768917\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [dmkuk.exe] C:\WINDOWS\system32\dmkuk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: MTV Networks Video Optimizer.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {0344C39D-08C7-2C59-DA53-030F04E3B667} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03FEA051-1137-602E-4B46-62EC7CDD82F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05A7540D-8C33-6D7C-76E1-243312A4EB72} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {067574FC-6D88-25E5-B79F-14E77086373D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06C1CA5C-0B3E-343E-A7D4-627E7902DDF4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0791DB92-4613-69F3-2B6B-6E2406FB3A76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09617450-FA8F-32A4-CFE7-3D2328EC7115} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {096D9804-246B-52B3-567D-248E46A1221C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09FE9BE4-5F52-227B-E81F-322B07D32BCF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B505344-0C5F-669B-E109-02192B20A5F7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0C9AD8BF-8F88-59C3-70BE-0C5635DA9A36} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0CCD9497-00E9-45EF-552E-71507E7083F4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0DDC6358-45B5-51E2-EFD0-37B3660A2B85} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E8662F6-AB31-3CE8-821B-2D84547B4E4C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F74D6F0-310B-50E6-5C83-5BFD3F04A30A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FFB7900-8F1F-4995-04D6-30801248C8E3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10373BEE-866E-3B4C-3A87-44F26215E717} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10B3024A-B37A-7208-D023-69FA4593D097} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1294373B-BDD8-69C3-54DD-34BD43261F05} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1354AC3D-4B8F-7348-75A4-371D4380CB87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {13F38133-71E4-7758-EED3-2C83709AAA84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147A4794-F2E9-4891-6CEE-12882D130048} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {164A6C56-0DF7-0E56-D62E-2FD20E7F9447} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1655AAE1-4D64-38CD-DE86-4A472D50DA27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {167BE960-C892-6F6D-C74E-5E9400DDF311} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16A3BCD9-7AEC-77F0-5CE9-2F500CDEE01C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16DBC305-BBC7-7E5F-B060-2CF97D2D56AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1822C381-75B8-26CB-E240-6DA068C7AF37} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19424B43-D00B-793C-5A7D-313201EAC6C8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19892E22-CADB-46C2-211C-625138F64444} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1A47F430-7CA2-31F7-05C0-2DB75B6DA51A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1AA29F15-B285-2EC1-A470-188C7E04D06E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B00C802-2483-5AA6-F0DE-566231BCBF5F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B1DD955-7415-1C30-D0CE-6888575B40C6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B78187E-A5D9-5363-8251-5AF46DA802C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B9EC0D8-4F5B-0833-DBC3-43F77BC1BA0E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1BC42157-489E-567B-D459-6E751341D26C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1C9F09DE-ED2E-46B4-0006-6EE616BE5E21} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1E6FE19D-BB39-7AA2-D317-3D2828260183} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F094B01-B85E-2792-751F-63437F85FC78} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F911772-2CC1-70A9-8BA5-3D367B835A60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {201D90CB-94C0-6570-D976-17844B60DDB3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2099A796-ECCB-0E70-517C-6C6863682722} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21FC9D93-A26D-077F-C489-173B52A291DC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {22AD4CF5-29B1-327D-F344-1C8928418493} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24DF1A1A-3CC0-3AC2-8D0D-11D71626DCD4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26B990AD-2FE2-2184-CC8B-4415503F1894} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26E0C51E-4AD4-3369-2CBB-1D8A2F3F6D46} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27D453BD-BFDF-2100-162E-35BA5AFFB797} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {289FBBEB-36D7-6399-96EB-0D610D741F86} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B3DD7AA-376A-5D68-0D72-57DE6445AB17} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BF7B5EE-268B-6EA4-CF82-0B3067FB18B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CADDE76-D188-393A-9A1D-713E6C7B1C2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CDB330B-87F2-3C5D-B8D0-72D0699E1FF3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2EDEDED8-B0C5-0FA0-3CD8-56922CD4E0C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {30CF51AF-E367-68ED-6BEB-0CFB5C4090FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30F4D647-33B1-28F8-42C4-4BCA779AB236} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3116E065-70F9-4817-2F1C-2320251F937F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32499B7A-86AD-0A50-4A1F-502D4CF1F145} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332D71C0-02D5-4976-A750-72715B53CD27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332ECFFA-085E-2B10-C7F8-41695A776CE9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35A0DC97-45B2-430E-6CD0-010C154CCD2A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {377F44C7-E381-3FAE-94C6-55AE0F3A72D7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {378315C5-43C1-7A89-D7BC-443405B9D74D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {388B985E-1AAF-0994-1E6F-7D4D26EBCDC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {38DF7EFF-547D-084B-F3FD-58CE5273015B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {39A0A245-5D5C-1AFA-549F-4DC941EA2A63} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AC762FE-799B-5833-B92E-59C634DFD79A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C347075-F8BB-1C42-B746-1A8A2BBFFF69} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C92CE11-0F46-714D-545D-76E266BCCCB4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E00531C-79F8-74BA-9AC4-25DE6DAD2A95} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6B9C06-2A46-526A-B746-3F823B4F776C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F07D4C1-4132-4AE0-5492-6B006C938578} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {406CCCA3-F601-1823-29A2-363E0B15E451} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {431FC7F5-F343-7433-033E-0D2A23192029} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46268F4E-9292-4C78-512C-124A11675C92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {477EF755-7AED-0EE2-0AE5-02744727B7B4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {479350A7-3DCF-5943-AD05-4C867935981C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4878722A-46A1-6018-C004-4E764DD9AD6F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {489C6E0D-1113-6F87-62DF-741D0ADF2ABE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4A9CE4C3-F2D7-3A9C-A309-23CA354EB608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B3F2D0F-C86C-2415-5217-38150D8C65C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B72CEF9-F4A9-1CF5-DC2F-3BE240684DEB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4CD44647-CAFB-2BD1-2439-05035A7E98F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DD17090-151D-40AA-D4E5-7B5B510B974D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DDC375D-A518-4694-F48D-66CC56C2A3D2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E4116F5-3DC8-7AC0-0AE4-64553BD0A76A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E556AF0-360B-118B-8657-53973B4FC248} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {4F2661D4-FCAA-433F-8064-4A9F4A7B012C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50341BAB-284B-770B-32F0-68924794B56D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5056EA15-974F-16D9-39D4-308210BFDA25} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {51988F11-376F-6758-C52B-608B6C40F388} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {534AB36D-33DB-6D5D-0CFD-18C30FC4938B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {55BCD43E-198F-627C-38A8-785E47DAC512} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574587B2-78FE-44D5-6D80-58F51E2691A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57FF0195-8604-7C97-D574-66622566B6F8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {58C303C0-67B9-5336-4603-447B39C8AA6A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5A83E39E-3BD9-1B02-D72D-359C4E2F4B7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA7D10D-08AD-56E7-369E-6D9D044F1537} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA86EA4-848C-7E88-3416-18E705E3A083} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5BEDE219-4716-0DF2-A8BE-5C752FBE1377} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C20847B-DDA3-1E0B-6414-0A93037F7FBA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C6DBFBF-59F8-5F0B-9259-17E06C77B991} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CA8131B-A8E3-1D49-BA59-6C5E2BF7C470} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ED1B32D-9299-3274-1291-27EC4D6934BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EE23C00-6384-1FBB-0E65-23E749F33B5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F1732A9-95E9-35F3-5277-6CB95CEFE6A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {60125D6D-4591-260D-3EFB-13621685AAA6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {611AC9F6-F31B-1652-59D8-48F864CC8DB9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61BCEB12-A877-5F5C-15BB-28CB4588BBD5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6248F79F-2EBB-13EE-532C-7A2A00F15E11} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {632276C0-0E85-167F-C578-331A3FC2A0EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {63DF8CF6-FAC5-5E69-085A-706E34CEFA74} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {644995B7-07BF-3142-3CCF-3B824976714A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6467AF58-72C6-742C-BB2E-3516287436B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {650EA576-2610-19C4-0463-04910D280F42} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66B2BA7A-C5DD-4439-47EC-26BA43F91D38} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69664B57-F731-79A7-33D6-555A5EB2C035} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6A9B11FC-CBEE-4EA8-1B4E-2B254ACA24F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DCD394F-B838-309B-F907-607B77662B60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE87118-C3B0-41E1-C343-05A91E99D9DE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72AE9D0C-1994-79B6-A128-0E9B4AD3B96D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {75E7E066-AEED-3B0F-DA23-12E5412A1091} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780193F3-781E-21A9-A4A1-3A942939FE9B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780BAF37-9052-1862-B0FF-65FE088E63F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {78131654-1018-64DC-D5AD-2C227AACAE3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B1651EC-2E0D-60AC-BF02-67BE04BAD068} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E3A646C-7766-49C5-3A7A-6B8F7EE63104} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F6CECB4-78D4-2F29-BAA8-4FD509525698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA7A2DA-FA5D-41FA-B134-D00C219B220E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2BCD49-FE3A-4064-9174-A78EDC4ADFF4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA2AB463-5919-4669-A7F4-A397D431C3AB}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O20 - Winlogon Notify: qhnjtixj - C:\WINDOWS\SYSTEM32\qhnjtixj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Owner\My Documents\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 30 October 2006 - 11:06 AM

Welcome to Bleeping Computer, rainbow_warrior.

* Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.
Posted ImagePosted Image

Olivier

#3 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 01 November 2006 - 02:28 PM

Following is "report.txt" from fixit:

(There was no request for restart, but I will anyway.)

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
please post this at the forum

#4 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 02 November 2006 - 03:58 AM

Hi rainbow_warrior,

Please read this thread and let us know if it helps:
http://support.microsoft.com/default.aspx?...kb;en-us;324767

Edited by stonangel, 02 November 2006 - 03:58 AM.

Posted ImagePosted Image

Olivier

#5 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 03 November 2006 - 06:23 PM

Is the cd this article refers to a windows cd with the missing file, or a cd for some program that did not start and generated the error message? This Presario computer I am trying to fix has the hard drive partitioned into C and D, with the D apparently for backing up the windows system. Should I look on the D drive for windows\system32\autoexec.nt and copy it to the C drive?

I should mention that there may be two copies of Macafee virusscan installed. One is from the University of Delaware and is not active because the U of D account is closed. The other is the aol one, which is active. aol seems to use quite a lot of cpu time, but the kids have their email accounts there. Whenever windows starts, macafee warns of a suspicious file and suggests a scan, but it never finds anything. (AVG flagged the file C:\WINDOWS\system32\wdmpd.dll as a virus. I have it in the recycle bin, assuming nobody emptied it. Do I need this file?)

I find it strange that Spybot takes maybe two hours now to run, when before it took maybe ten minutes. I uninstalled and reinstalled Spybot, but it made no difference. In fact, Spybot seems to have retained some quarantined items through the uninstall/reinstall.

#6 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 03 November 2006 - 10:37 PM

Spybot is currently on 32041/49144 Aureate. Found so far:

Smitfraud-C.Toolbar888
Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan
Register Key

Smitfraud_C.
User settingss
HKEY-USERS\S-1-5-21-498118531-507363679-300665225-1003\Software\Microsoft\Wi..
Register Value

#7 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 04 November 2006 - 12:32 PM

Hi rainbow_warrior,

* Could you run FiwWareOut and post back the report with a naw hijackthis log, please?
Posted ImagePosted Image

Olivier

#8 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 09 November 2006 - 12:12 AM

Hi Olivier

Following the the Fixwareout log. I think it is identical to before:

Check for missing files
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
please post this at the forum

*****************************************************

Next the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:22 PM, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1103768917\ee\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\AOL\1103768917\ee\aolsoftware.exe
C:\Documents and Settings\Owner\My Documents\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0574C016-5C5F-4B1D-92E0-2864095B2CA9} - C:\WINDOWS\Microsoft.NET\migbd.dll (file missing)
O2 - BHO: (no name) - {256EB13B-A59A-4735-9EED-8B398C3125CF} - C:\WINDOWS\Registration\yssc.dll (file missing)
O2 - BHO: (no name) - {27F232A4-A0E9-4C56-B5A3-55BA8EB2C8A8} - (no file)
O2 - BHO: (no name) - {2CBB8D24-8F7B-454E-BB18-11E8CB176E2B} - C:\WINDOWS\inf\atskpi.dll (file missing)
O2 - BHO: (no name) - {4FB0E3AB-303C-499E-9C23-CADD967EA7B8} - C:\WINDOWS\vddrsv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {721A9CCF-2C6B-42B0-B8F8-DFF7B7050352} - (no file)
O2 - BHO: (no name) - {76F9CB85-0949-4220-9ECF-86E897B82E73} - C:\WINDOWS\ServicePackFiles\picac.dll (file missing)
O2 - BHO: (no name) - {794212FE-1C3F-4FB4-994E-46DFB213F777} - C:\WINDOWS\repair\gvaca.dll (file missing)
O2 - BHO: (no name) - {8134B517-3308-4510-BD41-7E378A7DBFB8} - C:\WINDOWS\system32\hryinnka.dll
O2 - BHO: (no name) - {99943216-B0C8-4A49-91C5-08D28A37E3B5} - (no file)
O2 - BHO: (no name) - {B885B7F4-15CE-43CB-9F25-AE5392C173DF} - (no file)
O2 - BHO: (no name) - {C0850BC0-244B-4E3F-8F18-D57B5A91BA54} - C:\WINDOWS\inf\nuc.dll (file missing)
O2 - BHO: (no name) - {C2977D8A-BBEF-4E5E-A9FD-424930ED2377} - (no file)
O2 - BHO: (no name) - {C42ADBF0-A425-470B-A080-7C062D3BC548} - C:\WINDOWS\system\pamcd.dll (file missing)
O2 - BHO: (no name) - {D849BF2D-0356-4BAA-B54F-056D50CF1756} - (no file)
O2 - BHO: (no name) - {DCDE8338-AEE5-4F39-A9B9-D1FBA19E45FC} - (no file)
O2 - BHO: (no name) - {F136AF6F-AADB-4887-9C74-AAEC93829C7A} - C:\WINDOWS\assembly\temp\ualaars.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [fctud2a9] C:\WINDOWS\system32\fctud2a9.exe
O4 - HKLM\..\Run: [pfaivuvm] C:\WINDOWS\system32\pfaivuvm.exe
O4 - HKLM\..\Run: [q683oogi] C:\WINDOWS\system32\q683oogi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [2umqmo0i] C:\WINDOWS\system32\2umqmo0i.exe
O4 - HKLM\..\Run: [Gram save corn 4] C:\Documents and Settings\All Users\Application Data\drivebirdgramsave\closespam.exe
O4 - HKLM\..\Run: [ghfben] C:\WINDOWS\system32\qmzpge.exe r
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1103768917\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmyos.exe] C:\WINDOWS\system32\dmyos.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: MTV Networks Video Optimizer.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {0344C39D-08C7-2C59-DA53-030F04E3B667} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03FEA051-1137-602E-4B46-62EC7CDD82F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05A7540D-8C33-6D7C-76E1-243312A4EB72} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {067574FC-6D88-25E5-B79F-14E77086373D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06C1CA5C-0B3E-343E-A7D4-627E7902DDF4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0791DB92-4613-69F3-2B6B-6E2406FB3A76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09617450-FA8F-32A4-CFE7-3D2328EC7115} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {096D9804-246B-52B3-567D-248E46A1221C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09FE9BE4-5F52-227B-E81F-322B07D32BCF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B505344-0C5F-669B-E109-02192B20A5F7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0C9AD8BF-8F88-59C3-70BE-0C5635DA9A36} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0CCD9497-00E9-45EF-552E-71507E7083F4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0DDC6358-45B5-51E2-EFD0-37B3660A2B85} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E8662F6-AB31-3CE8-821B-2D84547B4E4C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F74D6F0-310B-50E6-5C83-5BFD3F04A30A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FFB7900-8F1F-4995-04D6-30801248C8E3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10373BEE-866E-3B4C-3A87-44F26215E717} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10B3024A-B37A-7208-D023-69FA4593D097} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1294373B-BDD8-69C3-54DD-34BD43261F05} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1354AC3D-4B8F-7348-75A4-371D4380CB87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {13F38133-71E4-7758-EED3-2C83709AAA84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147A4794-F2E9-4891-6CEE-12882D130048} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {164A6C56-0DF7-0E56-D62E-2FD20E7F9447} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1655AAE1-4D64-38CD-DE86-4A472D50DA27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {167BE960-C892-6F6D-C74E-5E9400DDF311} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16A3BCD9-7AEC-77F0-5CE9-2F500CDEE01C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16DBC305-BBC7-7E5F-B060-2CF97D2D56AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1822C381-75B8-26CB-E240-6DA068C7AF37} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19424B43-D00B-793C-5A7D-313201EAC6C8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19892E22-CADB-46C2-211C-625138F64444} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1A47F430-7CA2-31F7-05C0-2DB75B6DA51A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1AA29F15-B285-2EC1-A470-188C7E04D06E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B00C802-2483-5AA6-F0DE-566231BCBF5F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B1DD955-7415-1C30-D0CE-6888575B40C6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B78187E-A5D9-5363-8251-5AF46DA802C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B9EC0D8-4F5B-0833-DBC3-43F77BC1BA0E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1BC42157-489E-567B-D459-6E751341D26C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1C9F09DE-ED2E-46B4-0006-6EE616BE5E21} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1E6FE19D-BB39-7AA2-D317-3D2828260183} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F094B01-B85E-2792-751F-63437F85FC78} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F911772-2CC1-70A9-8BA5-3D367B835A60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {201D90CB-94C0-6570-D976-17844B60DDB3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2099A796-ECCB-0E70-517C-6C6863682722} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21FC9D93-A26D-077F-C489-173B52A291DC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {22AD4CF5-29B1-327D-F344-1C8928418493} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24DF1A1A-3CC0-3AC2-8D0D-11D71626DCD4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26B990AD-2FE2-2184-CC8B-4415503F1894} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26E0C51E-4AD4-3369-2CBB-1D8A2F3F6D46} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27D453BD-BFDF-2100-162E-35BA5AFFB797} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {289FBBEB-36D7-6399-96EB-0D610D741F86} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B3DD7AA-376A-5D68-0D72-57DE6445AB17} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BF7B5EE-268B-6EA4-CF82-0B3067FB18B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CADDE76-D188-393A-9A1D-713E6C7B1C2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CDB330B-87F2-3C5D-B8D0-72D0699E1FF3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2EDEDED8-B0C5-0FA0-3CD8-56922CD4E0C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {30CF51AF-E367-68ED-6BEB-0CFB5C4090FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30F4D647-33B1-28F8-42C4-4BCA779AB236} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3116E065-70F9-4817-2F1C-2320251F937F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32499B7A-86AD-0A50-4A1F-502D4CF1F145} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332D71C0-02D5-4976-A750-72715B53CD27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332ECFFA-085E-2B10-C7F8-41695A776CE9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35A0DC97-45B2-430E-6CD0-010C154CCD2A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {377F44C7-E381-3FAE-94C6-55AE0F3A72D7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {378315C5-43C1-7A89-D7BC-443405B9D74D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {388B985E-1AAF-0994-1E6F-7D4D26EBCDC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {38DF7EFF-547D-084B-F3FD-58CE5273015B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {39A0A245-5D5C-1AFA-549F-4DC941EA2A63} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AC762FE-799B-5833-B92E-59C634DFD79A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C347075-F8BB-1C42-B746-1A8A2BBFFF69} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C92CE11-0F46-714D-545D-76E266BCCCB4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E00531C-79F8-74BA-9AC4-25DE6DAD2A95} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6B9C06-2A46-526A-B746-3F823B4F776C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F07D4C1-4132-4AE0-5492-6B006C938578} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {406CCCA3-F601-1823-29A2-363E0B15E451} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {431FC7F5-F343-7433-033E-0D2A23192029} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46268F4E-9292-4C78-512C-124A11675C92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {477EF755-7AED-0EE2-0AE5-02744727B7B4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {479350A7-3DCF-5943-AD05-4C867935981C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4878722A-46A1-6018-C004-4E764DD9AD6F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {489C6E0D-1113-6F87-62DF-741D0ADF2ABE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4A9CE4C3-F2D7-3A9C-A309-23CA354EB608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B3F2D0F-C86C-2415-5217-38150D8C65C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B72CEF9-F4A9-1CF5-DC2F-3BE240684DEB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4CD44647-CAFB-2BD1-2439-05035A7E98F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DD17090-151D-40AA-D4E5-7B5B510B974D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DDC375D-A518-4694-F48D-66CC56C2A3D2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E4116F5-3DC8-7AC0-0AE4-64553BD0A76A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E556AF0-360B-118B-8657-53973B4FC248} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {4F2661D4-FCAA-433F-8064-4A9F4A7B012C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50341BAB-284B-770B-32F0-68924794B56D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5056EA15-974F-16D9-39D4-308210BFDA25} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {51988F11-376F-6758-C52B-608B6C40F388} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {534AB36D-33DB-6D5D-0CFD-18C30FC4938B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {55BCD43E-198F-627C-38A8-785E47DAC512} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574587B2-78FE-44D5-6D80-58F51E2691A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57FF0195-8604-7C97-D574-66622566B6F8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {58C303C0-67B9-5336-4603-447B39C8AA6A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5A83E39E-3BD9-1B02-D72D-359C4E2F4B7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA7D10D-08AD-56E7-369E-6D9D044F1537} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA86EA4-848C-7E88-3416-18E705E3A083} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5BEDE219-4716-0DF2-A8BE-5C752FBE1377} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C20847B-DDA3-1E0B-6414-0A93037F7FBA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C6DBFBF-59F8-5F0B-9259-17E06C77B991} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CA8131B-A8E3-1D49-BA59-6C5E2BF7C470} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ED1B32D-9299-3274-1291-27EC4D6934BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EE23C00-6384-1FBB-0E65-23E749F33B5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F1732A9-95E9-35F3-5277-6CB95CEFE6A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {60125D6D-4591-260D-3EFB-13621685AAA6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {611AC9F6-F31B-1652-59D8-48F864CC8DB9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61BCEB12-A877-5F5C-15BB-28CB4588BBD5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6248F79F-2EBB-13EE-532C-7A2A00F15E11} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {632276C0-0E85-167F-C578-331A3FC2A0EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {63DF8CF6-FAC5-5E69-085A-706E34CEFA74} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {644995B7-07BF-3142-3CCF-3B824976714A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6467AF58-72C6-742C-BB2E-3516287436B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {650EA576-2610-19C4-0463-04910D280F42} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66B2BA7A-C5DD-4439-47EC-26BA43F91D38} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69664B57-F731-79A7-33D6-555A5EB2C035} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6A9B11FC-CBEE-4EA8-1B4E-2B254ACA24F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DCD394F-B838-309B-F907-607B77662B60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE87118-C3B0-41E1-C343-05A91E99D9DE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72AE9D0C-1994-79B6-A128-0E9B4AD3B96D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {75E7E066-AEED-3B0F-DA23-12E5412A1091} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780193F3-781E-21A9-A4A1-3A942939FE9B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780BAF37-9052-1862-B0FF-65FE088E63F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {78131654-1018-64DC-D5AD-2C227AACAE3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B1651EC-2E0D-60AC-BF02-67BE04BAD068} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E3A646C-7766-49C5-3A7A-6B8F7EE63104} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F6CECB4-78D4-2F29-BAA8-4FD509525698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA7A2DA-FA5D-41FA-B134-D00C219B220E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2BCD49-FE3A-4064-9174-A78EDC4ADFF4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA2AB463-5919-4669-A7F4-A397D431C3AB}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O20 - Winlogon Notify: qhnjtixj - C:\WINDOWS\SYSTEM32\qhnjtixj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Owner\My Documents\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

*****************************************************************************************

David

#9 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 11 November 2006 - 04:48 AM

Hi David,

And sorry for the delay in response, I was a little busy.

* Please click on this link:
http://www.visualtour.com/downloads/xp_fix.exe

* Run FixWareOut again and let us know if it helps please.
Posted ImagePosted Image

Olivier

#10 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 14 November 2006 - 02:33 AM

I have retyped the dialog screen as I do not know the exact meaning.

SpyBotS&D still runs quickly up to Baciami about 500 and then takes a long time to get to 1000.

I get the following output from C:\WINDOWS\system32\cmd.exe
(I am typing what it says)

This batch will remove WareOut and UnSpyPC from your system.

Use at your own risk.

Press any key to continue . . .
Downloading BFU - Brute Force Uninstaller
Written by Merijn - http://www.merijn.org/

File Downloader - Version 1.01 <build 7.4>
Downloads a file from HIIP or a FIP server.
Copyright <c> 2004, Noel Danjou <webmaster @noeld.com>.

Server: www.nerijn.org
Port: 80
Protocol: HIIP

bfu.zip:
Download failure: A connection with the server could not be established

Archive: bfu.zip
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitute one disk of a multi-part achive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in bfu.zip,
and cannot find bfu.zip.zip, period.
BFU.exe was not present, unpacked or in proper location

Please make sure yoou have a working internet connection or
download bfu.zip <Brute Force Uninstaller> manually and extract the file BFU.exe
to the fixwareout\sub folder then restart the batch, fixit.bat.
From this address please http://www.merijn.org/files/
Press any key to continue . . .

#11 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 14 November 2006 - 01:51 PM

OK. Could you try the tool staying online, please?
Posted ImagePosted Image

Olivier

#12 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 14 November 2006 - 06:10 PM

Hi Olivier

That computer usually stays turned on and connected to the internet. I went home after I posted last night/this morning. I will probably be there again within a few hours.

David

#13 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 14 November 2006 - 11:57 PM

Here is the new FixWareOut log, report.txt

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmbwx.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM

ALONE.

Searching by size/names...


Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSVLB.EXE 51,769 2006-10-18

Other suspects.
Directory of C:\WINDOWS\system32

Misc files.

Checking for older varients covered by the Rem3 tool.

***************************************************************************************

Here is the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:51 PM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir Workstation\sched.exe
C:\Program Files\AntiVir Workstation\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\AntiVir Workstation\avesvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\1103768917\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir Workstation\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\AOL\1103768917\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0574C016-5C5F-4B1D-92E0-2864095B2CA9} - C:\WINDOWS\Microsoft.NET\migbd.dll (file missing)
O2 - BHO: (no name) - {256EB13B-A59A-4735-9EED-8B398C3125CF} - C:\WINDOWS\Registration\yssc.dll (file missing)
O2 - BHO: (no name) - {27F232A4-A0E9-4C56-B5A3-55BA8EB2C8A8} - (no file)
O2 - BHO: (no name) - {2CBB8D24-8F7B-454E-BB18-11E8CB176E2B} - C:\WINDOWS\inf\atskpi.dll (file missing)
O2 - BHO: (no name) - {4FB0E3AB-303C-499E-9C23-CADD967EA7B8} - C:\WINDOWS\vddrsv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {721A9CCF-2C6B-42B0-B8F8-DFF7B7050352} - (no file)
O2 - BHO: (no name) - {76F9CB85-0949-4220-9ECF-86E897B82E73} - C:\WINDOWS\ServicePackFiles\picac.dll (file missing)
O2 - BHO: (no name) - {794212FE-1C3F-4FB4-994E-46DFB213F777} - C:\WINDOWS\repair\gvaca.dll (file missing)
O2 - BHO: (no name) - {8134B517-3308-4510-BD41-7E378A7DBFB8} - C:\WINDOWS\system32\hryinnka.dll (file missing)
O2 - BHO: (no name) - {99943216-B0C8-4A49-91C5-08D28A37E3B5} - (no file)
O2 - BHO: (no name) - {B885B7F4-15CE-43CB-9F25-AE5392C173DF} - (no file)
O2 - BHO: (no name) - {C0850BC0-244B-4E3F-8F18-D57B5A91BA54} - C:\WINDOWS\inf\nuc.dll (file missing)
O2 - BHO: (no name) - {C2977D8A-BBEF-4E5E-A9FD-424930ED2377} - (no file)
O2 - BHO: (no name) - {C42ADBF0-A425-470B-A080-7C062D3BC548} - C:\WINDOWS\system\pamcd.dll (file missing)
O2 - BHO: (no name) - {D849BF2D-0356-4BAA-B54F-056D50CF1756} - (no file)
O2 - BHO: (no name) - {DCDE8338-AEE5-4F39-A9B9-D1FBA19E45FC} - (no file)
O2 - BHO: (no name) - {F136AF6F-AADB-4887-9C74-AAEC93829C7A} - C:\WINDOWS\assembly\temp\ualaars.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768917\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [fctud2a9] C:\WINDOWS\system32\fctud2a9.exe
O4 - HKLM\..\Run: [pfaivuvm] C:\WINDOWS\system32\pfaivuvm.exe
O4 - HKLM\..\Run: [q683oogi] C:\WINDOWS\system32\q683oogi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [2umqmo0i] C:\WINDOWS\system32\2umqmo0i.exe
O4 - HKLM\..\Run: [Gram save corn 4] C:\Documents and Settings\All Users\Application Data\drivebirdgramsave\closespam.exe
O4 - HKLM\..\Run: [ghfben] C:\WINDOWS\system32\qmzpge.exe r
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1103768917\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir Workstation\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: MTV Networks Video Optimizer.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {0344C39D-08C7-2C59-DA53-030F04E3B667} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03FEA051-1137-602E-4B46-62EC7CDD82F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05A7540D-8C33-6D7C-76E1-243312A4EB72} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {067574FC-6D88-25E5-B79F-14E77086373D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06C1CA5C-0B3E-343E-A7D4-627E7902DDF4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0791DB92-4613-69F3-2B6B-6E2406FB3A76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09617450-FA8F-32A4-CFE7-3D2328EC7115} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {096D9804-246B-52B3-567D-248E46A1221C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09FE9BE4-5F52-227B-E81F-322B07D32BCF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B505344-0C5F-669B-E109-02192B20A5F7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0C9AD8BF-8F88-59C3-70BE-0C5635DA9A36} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0CCD9497-00E9-45EF-552E-71507E7083F4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0DDC6358-45B5-51E2-EFD0-37B3660A2B85} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E8662F6-AB31-3CE8-821B-2D84547B4E4C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F74D6F0-310B-50E6-5C83-5BFD3F04A30A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FFB7900-8F1F-4995-04D6-30801248C8E3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10373BEE-866E-3B4C-3A87-44F26215E717} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10B3024A-B37A-7208-D023-69FA4593D097} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1294373B-BDD8-69C3-54DD-34BD43261F05} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1354AC3D-4B8F-7348-75A4-371D4380CB87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {13F38133-71E4-7758-EED3-2C83709AAA84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147A4794-F2E9-4891-6CEE-12882D130048} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {164A6C56-0DF7-0E56-D62E-2FD20E7F9447} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1655AAE1-4D64-38CD-DE86-4A472D50DA27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {167BE960-C892-6F6D-C74E-5E9400DDF311} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16A3BCD9-7AEC-77F0-5CE9-2F500CDEE01C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16DBC305-BBC7-7E5F-B060-2CF97D2D56AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1822C381-75B8-26CB-E240-6DA068C7AF37} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19424B43-D00B-793C-5A7D-313201EAC6C8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19892E22-CADB-46C2-211C-625138F64444} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1A47F430-7CA2-31F7-05C0-2DB75B6DA51A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1AA29F15-B285-2EC1-A470-188C7E04D06E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B00C802-2483-5AA6-F0DE-566231BCBF5F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B1DD955-7415-1C30-D0CE-6888575B40C6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B78187E-A5D9-5363-8251-5AF46DA802C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B9EC0D8-4F5B-0833-DBC3-43F77BC1BA0E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1BC42157-489E-567B-D459-6E751341D26C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1C9F09DE-ED2E-46B4-0006-6EE616BE5E21} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1E6FE19D-BB39-7AA2-D317-3D2828260183} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F094B01-B85E-2792-751F-63437F85FC78} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F911772-2CC1-70A9-8BA5-3D367B835A60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {201D90CB-94C0-6570-D976-17844B60DDB3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2099A796-ECCB-0E70-517C-6C6863682722} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21FC9D93-A26D-077F-C489-173B52A291DC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {22AD4CF5-29B1-327D-F344-1C8928418493} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24DF1A1A-3CC0-3AC2-8D0D-11D71626DCD4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26B990AD-2FE2-2184-CC8B-4415503F1894} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26E0C51E-4AD4-3369-2CBB-1D8A2F3F6D46} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27D453BD-BFDF-2100-162E-35BA5AFFB797} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {289FBBEB-36D7-6399-96EB-0D610D741F86} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B3DD7AA-376A-5D68-0D72-57DE6445AB17} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BF7B5EE-268B-6EA4-CF82-0B3067FB18B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CADDE76-D188-393A-9A1D-713E6C7B1C2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CDB330B-87F2-3C5D-B8D0-72D0699E1FF3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2EDEDED8-B0C5-0FA0-3CD8-56922CD4E0C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab
O16 - DPF: {30CF51AF-E367-68ED-6BEB-0CFB5C4090FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30F4D647-33B1-28F8-42C4-4BCA779AB236} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3116E065-70F9-4817-2F1C-2320251F937F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32499B7A-86AD-0A50-4A1F-502D4CF1F145} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332D71C0-02D5-4976-A750-72715B53CD27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332ECFFA-085E-2B10-C7F8-41695A776CE9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35A0DC97-45B2-430E-6CD0-010C154CCD2A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {377F44C7-E381-3FAE-94C6-55AE0F3A72D7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {378315C5-43C1-7A89-D7BC-443405B9D74D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {388B985E-1AAF-0994-1E6F-7D4D26EBCDC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {38DF7EFF-547D-084B-F3FD-58CE5273015B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {39A0A245-5D5C-1AFA-549F-4DC941EA2A63} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AC762FE-799B-5833-B92E-59C634DFD79A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C347075-F8BB-1C42-B746-1A8A2BBFFF69} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C92CE11-0F46-714D-545D-76E266BCCCB4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E00531C-79F8-74BA-9AC4-25DE6DAD2A95} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6B9C06-2A46-526A-B746-3F823B4F776C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F07D4C1-4132-4AE0-5492-6B006C938578} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {406CCCA3-F601-1823-29A2-363E0B15E451} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {431FC7F5-F343-7433-033E-0D2A23192029} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46268F4E-9292-4C78-512C-124A11675C92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {477EF755-7AED-0EE2-0AE5-02744727B7B4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {479350A7-3DCF-5943-AD05-4C867935981C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4878722A-46A1-6018-C004-4E764DD9AD6F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {489C6E0D-1113-6F87-62DF-741D0ADF2ABE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4A9CE4C3-F2D7-3A9C-A309-23CA354EB608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B3F2D0F-C86C-2415-5217-38150D8C65C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B72CEF9-F4A9-1CF5-DC2F-3BE240684DEB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4CD44647-CAFB-2BD1-2439-05035A7E98F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DD17090-151D-40AA-D4E5-7B5B510B974D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DDC375D-A518-4694-F48D-66CC56C2A3D2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E4116F5-3DC8-7AC0-0AE4-64553BD0A76A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E556AF0-360B-118B-8657-53973B4FC248} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {4F2661D4-FCAA-433F-8064-4A9F4A7B012C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50341BAB-284B-770B-32F0-68924794B56D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5056EA15-974F-16D9-39D4-308210BFDA25} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {51988F11-376F-6758-C52B-608B6C40F388} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {534AB36D-33DB-6D5D-0CFD-18C30FC4938B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {55BCD43E-198F-627C-38A8-785E47DAC512} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574587B2-78FE-44D5-6D80-58F51E2691A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57FF0195-8604-7C97-D574-66622566B6F8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {58C303C0-67B9-5336-4603-447B39C8AA6A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5A83E39E-3BD9-1B02-D72D-359C4E2F4B7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA7D10D-08AD-56E7-369E-6D9D044F1537} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA86EA4-848C-7E88-3416-18E705E3A083} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5BEDE219-4716-0DF2-A8BE-5C752FBE1377} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C20847B-DDA3-1E0B-6414-0A93037F7FBA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C6DBFBF-59F8-5F0B-9259-17E06C77B991} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CA8131B-A8E3-1D49-BA59-6C5E2BF7C470} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ED1B32D-9299-3274-1291-27EC4D6934BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EE23C00-6384-1FBB-0E65-23E749F33B5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F1732A9-95E9-35F3-5277-6CB95CEFE6A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {60125D6D-4591-260D-3EFB-13621685AAA6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {611AC9F6-F31B-1652-59D8-48F864CC8DB9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61BCEB12-A877-5F5C-15BB-28CB4588BBD5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6248F79F-2EBB-13EE-532C-7A2A00F15E11} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {632276C0-0E85-167F-C578-331A3FC2A0EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {63DF8CF6-FAC5-5E69-085A-706E34CEFA74} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {644995B7-07BF-3142-3CCF-3B824976714A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6467AF58-72C6-742C-BB2E-3516287436B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {650EA576-2610-19C4-0463-04910D280F42} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66B2BA7A-C5DD-4439-47EC-26BA43F91D38} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69664B57-F731-79A7-33D6-555A5EB2C035} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6A9B11FC-CBEE-4EA8-1B4E-2B254ACA24F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DCD394F-B838-309B-F907-607B77662B60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE87118-C3B0-41E1-C343-05A91E99D9DE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72AE9D0C-1994-79B6-A128-0E9B4AD3B96D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {75E7E066-AEED-3B0F-DA23-12E5412A1091} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780193F3-781E-21A9-A4A1-3A942939FE9B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780BAF37-9052-1862-B0FF-65FE088E63F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {78131654-1018-64DC-D5AD-2C227AACAE3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B1651EC-2E0D-60AC-BF02-67BE04BAD068} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E3A646C-7766-49C5-3A7A-6B8F7EE63104} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F6CECB4-78D4-2F29-BAA8-4FD509525698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA7A2DA-FA5D-41FA-B134-D00C219B220E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2BCD49-FE3A-4064-9174-A78EDC4ADFF4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA2AB463-5919-4669-A7F4-A397D431C3AB}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O20 - Winlogon Notify: qhnjtixj - C:\WINDOWS\SYSTEM32\qhnjtixj.dll
O23 - Service: AntiVir Windows Workstation MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avmailc.exe
O23 - Service: AntiVir Windows Workstation Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir Workstation\sched.exe
O23 - Service: AntiVir Windows Workstation Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir Workstation\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1103768917\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: AntiVir Windows Workstation MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir Workstation\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Documents and Settings\Owner\My Documents\iPod\bin\iPodService.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#14 rainbow_warrior

rainbow_warrior
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newark, Delaware
  • Local time:09:17 PM

Posted 15 November 2006 - 01:07 AM

Thanks Stonangel

SpyBot seems to be running normally now, in about ten minutes or less. AdAware found 36 tracking cookies and Spybot found one more (Avenue A). Do you see anything else that still needs fixing? By the way, my grandson found out today that someone used his debit card account to buy an air ticket to Singapore.

Did I mention that McAfee gives a warning to scan every time the system is restarted. I didn't restart since running FixWareOut the last time.

Rainbox_Warrior

#15 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:03:17 AM

Posted 15 November 2006 - 03:10 PM

Hi rainbow_warrior,

* I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.
* I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

* Please Go to Start> Add or Remove Programs and uninstall if listed:

SmileyDistrict

* Please download Process Explorer from here

* Please download the Killbox by Option^Explicit.

Save them to your desktop.

* Run Process Explorer and find the following process in the list of Processes:

qmzpge.exe

Select the process and click Process > Suspend.

Leave Process Explorer running with the process suspended the whole time! Do NOT close it - even when your system is rebooting!

Then run HijackThis. Click Config > Misc Tools > Delete a file on reboot...
In the explorer Window select the file C:\WINDOWS\system32\qmzpge.exe
When prompted if you want to reboot click YES.

* Please re-open HijackThis and scan. Check the below entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0574C016-5C5F-4B1D-92E0-2864095B2CA9} - C:\WINDOWS\Microsoft.NET\migbd.dll (file missing)
O2 - BHO: (no name) - {256EB13B-A59A-4735-9EED-8B398C3125CF} - C:\WINDOWS\Registration\yssc.dll (file missing)
O2 - BHO: (no name) - {27F232A4-A0E9-4C56-B5A3-55BA8EB2C8A8} - (no file)
O2 - BHO: (no name) - {2CBB8D24-8F7B-454E-BB18-11E8CB176E2B} - C:\WINDOWS\inf\atskpi.dll (file missing)
O2 - BHO: (no name) - {4FB0E3AB-303C-499E-9C23-CADD967EA7B8} - C:\WINDOWS\vddrsv.dll (file missing)

O2 - BHO: (no name) - {721A9CCF-2C6B-42B0-B8F8-DFF7B7050352} - (no file)
O2 - BHO: (no name) - {76F9CB85-0949-4220-9ECF-86E897B82E73} - C:\WINDOWS\ServicePackFiles\picac.dll (file missing)
O2 - BHO: (no name) - {794212FE-1C3F-4FB4-994E-46DFB213F777} - C:\WINDOWS\repair\gvaca.dll (file missing)
O2 - BHO: (no name) - {8134B517-3308-4510-BD41-7E378A7DBFB8} - C:\WINDOWS\system32\hryinnka.dll (file missing)
O2 - BHO: (no name) - {99943216-B0C8-4A49-91C5-08D28A37E3B5} - (no file)
O2 - BHO: (no name) - {B885B7F4-15CE-43CB-9F25-AE5392C173DF} - (no file)
O2 - BHO: (no name) - {C0850BC0-244B-4E3F-8F18-D57B5A91BA54} - C:\WINDOWS\inf\nuc.dll (file missing)
O2 - BHO: (no name) - {C2977D8A-BBEF-4E5E-A9FD-424930ED2377} - (no file)
O2 - BHO: (no name) - {C42ADBF0-A425-470B-A080-7C062D3BC548} - C:\WINDOWS\system\pamcd.dll (file missing)
O2 - BHO: (no name) - {D849BF2D-0356-4BAA-B54F-056D50CF1756} - (no file)
O2 - BHO: (no name) - {DCDE8338-AEE5-4F39-A9B9-D1FBA19E45FC} - (no file)
O2 - BHO: (no name) - {F136AF6F-AADB-4887-9C74-AAEC93829C7A} - C:\WINDOWS\assembly\temp\ualaars.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKLM\..\Run: [fctud2a9] C:\WINDOWS\system32\fctud2a9.exe
O4 - HKLM\..\Run: [pfaivuvm] C:\WINDOWS\system32\pfaivuvm.exe
O4 - HKLM\..\Run: [q683oogi] C:\WINDOWS\system32\q683oogi.exe

O4 - HKLM\..\Run: [2umqmo0i] C:\WINDOWS\system32\2umqmo0i.exe
O4 - HKLM\..\Run: [Gram save corn 4] C:\Documents and Settings\All Users\Application Data\drivebirdgramsave\closespam.exe
O4 - HKLM\..\Run: [ghfben] C:\WINDOWS\system32\qmzpge.exe r

O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR

O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\Program Files\SmileyDistrict\insmile.dll (file missing)

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {0344C39D-08C7-2C59-DA53-030F04E3B667} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {03FEA051-1137-602E-4B46-62EC7CDD82F6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05A7540D-8C33-6D7C-76E1-243312A4EB72} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {067574FC-6D88-25E5-B79F-14E77086373D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06C1CA5C-0B3E-343E-A7D4-627E7902DDF4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0791DB92-4613-69F3-2B6B-6E2406FB3A76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09617450-FA8F-32A4-CFE7-3D2328EC7115} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {096D9804-246B-52B3-567D-248E46A1221C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {09FE9BE4-5F52-227B-E81F-322B07D32BCF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B505344-0C5F-669B-E109-02192B20A5F7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0C9AD8BF-8F88-59C3-70BE-0C5635DA9A36} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0CCD9497-00E9-45EF-552E-71507E7083F4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0DDC6358-45B5-51E2-EFD0-37B3660A2B85} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E8662F6-AB31-3CE8-821B-2D84547B4E4C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F74D6F0-310B-50E6-5C83-5BFD3F04A30A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0FFB7900-8F1F-4995-04D6-30801248C8E3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10373BEE-866E-3B4C-3A87-44F26215E717} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {10B3024A-B37A-7208-D023-69FA4593D097} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1294373B-BDD8-69C3-54DD-34BD43261F05} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1354AC3D-4B8F-7348-75A4-371D4380CB87} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {13F38133-71E4-7758-EED3-2C83709AAA84} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {147A4794-F2E9-4891-6CEE-12882D130048} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {164A6C56-0DF7-0E56-D62E-2FD20E7F9447} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1655AAE1-4D64-38CD-DE86-4A472D50DA27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {167BE960-C892-6F6D-C74E-5E9400DDF311} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16A3BCD9-7AEC-77F0-5CE9-2F500CDEE01C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {16DBC305-BBC7-7E5F-B060-2CF97D2D56AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1822C381-75B8-26CB-E240-6DA068C7AF37} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19424B43-D00B-793C-5A7D-313201EAC6C8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19892E22-CADB-46C2-211C-625138F64444} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1A47F430-7CA2-31F7-05C0-2DB75B6DA51A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1AA29F15-B285-2EC1-A470-188C7E04D06E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B00C802-2483-5AA6-F0DE-566231BCBF5F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B1DD955-7415-1C30-D0CE-6888575B40C6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B78187E-A5D9-5363-8251-5AF46DA802C2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1B9EC0D8-4F5B-0833-DBC3-43F77BC1BA0E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1BC42157-489E-567B-D459-6E751341D26C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1C9F09DE-ED2E-46B4-0006-6EE616BE5E21} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1E6FE19D-BB39-7AA2-D317-3D2828260183} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F094B01-B85E-2792-751F-63437F85FC78} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F911772-2CC1-70A9-8BA5-3D367B835A60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {201D90CB-94C0-6570-D976-17844B60DDB3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2099A796-ECCB-0E70-517C-6C6863682722} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {21FC9D93-A26D-077F-C489-173B52A291DC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {22AD4CF5-29B1-327D-F344-1C8928418493} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24DF1A1A-3CC0-3AC2-8D0D-11D71626DCD4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26B990AD-2FE2-2184-CC8B-4415503F1894} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26E0C51E-4AD4-3369-2CBB-1D8A2F3F6D46} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27D453BD-BFDF-2100-162E-35BA5AFFB797} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {289FBBEB-36D7-6399-96EB-0D610D741F86} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B3DD7AA-376A-5D68-0D72-57DE6445AB17} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2BF7B5EE-268B-6EA4-CF82-0B3067FB18B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CADDE76-D188-393A-9A1D-713E6C7B1C2E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2CDB330B-87F2-3C5D-B8D0-72D0699E1FF3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2EDEDED8-B0C5-0FA0-3CD8-56922CD4E0C3} - http://85.255.113.214/1/gdnUS2218.exe

O16 - DPF: {30CF51AF-E367-68ED-6BEB-0CFB5C4090FC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30F4D647-33B1-28F8-42C4-4BCA779AB236} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3116E065-70F9-4817-2F1C-2320251F937F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {32499B7A-86AD-0A50-4A1F-502D4CF1F145} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332D71C0-02D5-4976-A750-72715B53CD27} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {332ECFFA-085E-2B10-C7F8-41695A776CE9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {35A0DC97-45B2-430E-6CD0-010C154CCD2A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {377F44C7-E381-3FAE-94C6-55AE0F3A72D7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {378315C5-43C1-7A89-D7BC-443405B9D74D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {388B985E-1AAF-0994-1E6F-7D4D26EBCDC4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {38DF7EFF-547D-084B-F3FD-58CE5273015B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {39A0A245-5D5C-1AFA-549F-4DC941EA2A63} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3AC762FE-799B-5833-B92E-59C634DFD79A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C347075-F8BB-1C42-B746-1A8A2BBFFF69} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3C92CE11-0F46-714D-545D-76E266BCCCB4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E00531C-79F8-74BA-9AC4-25DE6DAD2A95} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3E6B9C06-2A46-526A-B746-3F823B4F776C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3F07D4C1-4132-4AE0-5492-6B006C938578} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {406CCCA3-F601-1823-29A2-363E0B15E451} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {431FC7F5-F343-7433-033E-0D2A23192029} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {46268F4E-9292-4C78-512C-124A11675C92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {477EF755-7AED-0EE2-0AE5-02744727B7B4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {479350A7-3DCF-5943-AD05-4C867935981C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4878722A-46A1-6018-C004-4E764DD9AD6F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {489C6E0D-1113-6F87-62DF-741D0ADF2ABE} - http://85.255.113.214/1/gdnUS2218.exe

O16 - DPF: {4A9CE4C3-F2D7-3A9C-A309-23CA354EB608} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B3F2D0F-C86C-2415-5217-38150D8C65C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4B72CEF9-F4A9-1CF5-DC2F-3BE240684DEB} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4CD44647-CAFB-2BD1-2439-05035A7E98F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DD17090-151D-40AA-D4E5-7B5B510B974D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DDC375D-A518-4694-F48D-66CC56C2A3D2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E4116F5-3DC8-7AC0-0AE4-64553BD0A76A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4E556AF0-360B-118B-8657-53973B4FC248} - http://85.255.113.214/1/gdnUS2218.exe

O16 - DPF: {4F2661D4-FCAA-433F-8064-4A9F4A7B012C} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {50341BAB-284B-770B-32F0-68924794B56D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5056EA15-974F-16D9-39D4-308210BFDA25} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {51988F11-376F-6758-C52B-608B6C40F388} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {534AB36D-33DB-6D5D-0CFD-18C30FC4938B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {55BCD43E-198F-627C-38A8-785E47DAC512} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {574587B2-78FE-44D5-6D80-58F51E2691A0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {57FF0195-8604-7C97-D574-66622566B6F8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {58C303C0-67B9-5336-4603-447B39C8AA6A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5A83E39E-3BD9-1B02-D72D-359C4E2F4B7B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA7D10D-08AD-56E7-369E-6D9D044F1537} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AA86EA4-848C-7E88-3416-18E705E3A083} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5BEDE219-4716-0DF2-A8BE-5C752FBE1377} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C20847B-DDA3-1E0B-6414-0A93037F7FBA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C6DBFBF-59F8-5F0B-9259-17E06C77B991} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5CA8131B-A8E3-1D49-BA59-6C5E2BF7C470} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5ED1B32D-9299-3274-1291-27EC4D6934BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EE23C00-6384-1FBB-0E65-23E749F33B5A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5F1732A9-95E9-35F3-5277-6CB95CEFE6A4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {60125D6D-4591-260D-3EFB-13621685AAA6} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {611AC9F6-F31B-1652-59D8-48F864CC8DB9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {61BCEB12-A877-5F5C-15BB-28CB4588BBD5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6248F79F-2EBB-13EE-532C-7A2A00F15E11} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {632276C0-0E85-167F-C578-331A3FC2A0EE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {63DF8CF6-FAC5-5E69-085A-706E34CEFA74} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {644995B7-07BF-3142-3CCF-3B824976714A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6467AF58-72C6-742C-BB2E-3516287436B8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {650EA576-2610-19C4-0463-04910D280F42} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {66B2BA7A-C5DD-4439-47EC-26BA43F91D38} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {69664B57-F731-79A7-33D6-555A5EB2C035} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6A9B11FC-CBEE-4EA8-1B4E-2B254ACA24F1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DCD394F-B838-309B-F907-607B77662B60} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DE87118-C3B0-41E1-C343-05A91E99D9DE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {72AE9D0C-1994-79B6-A128-0E9B4AD3B96D} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {75E7E066-AEED-3B0F-DA23-12E5412A1091} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780193F3-781E-21A9-A4A1-3A942939FE9B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {780BAF37-9052-1862-B0FF-65FE088E63F0} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {78131654-1018-64DC-D5AD-2C227AACAE3A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7B1651EC-2E0D-60AC-BF02-67BE04BAD068} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E3A646C-7766-49C5-3A7A-6B8F7EE63104} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F6CECB4-78D4-2F29-BAA8-4FD509525698} - http://85.255.113.214/1/gdnUS2218.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA7A2DA-FA5D-41FA-B134-D00C219B220E}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E2BCD49-FE3A-4064-9174-A78EDC4ADFF4}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA2AB463-5919-4669-A7F4-A397D431C3AB}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.63
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D5BF1FF-CBB9-4070-9B90-FC3A11733A12}: NameServer = 85.255.115.34,85.255.112.63

Close any open windows except for HijackThis then click on Fix checked.

* Boot into Safe mode. Make sure you can hidden files and folders.

Delete the following folders if they are still present:

C:\Program Files\SmileyDistrict
C:\Documents and Settings\All Users\Application Data\drivebirdgramsave

* Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\CSVLB.EXE
    C:\WINDOWS\system32\fctud2a9.exe
    C:\WINDOWS\system32\pfaivuvm.exe
    C:\WINDOWS\system32\q683oogi.exe
    C:\WINDOWS\system32\2umqmo0i.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

* Post back a fresh hijackthis log, please.
Posted ImagePosted Image

Olivier




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users