Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Infestations


  • Please log in to reply
2 replies to this topic

#1 Mantczak

Mantczak

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 01 April 2007 - 12:33 PM

My husband let his virus scan run out and his computer was a mess by the time I found out about the problem. Please let me know if I caught everything or if there are programs I need to unistall.
Thanks

Meg

Logfile of HijackThis v1.99.1
Scan saved at 1:22:33 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Photo Viewer\album.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Accord\SmartWorks 2.0 - Personal Edition Project Planner\server\Swserver.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...lHKsPm4HZe+X8M=
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {DA9909BA-BD5C-FCAE-7803-C3891D7A69C3} - C:\WINDOWS\system32\zlmahvq.dll (file missing)
O2 - BHO: (no name) - {EDA22A6E-9A8C-D720-F5FB-ECCB29EC5F97} - C:\WINDOWS\system32\bezyrtw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [zjqvnj] C:\WINDOWS\system32\zjqvnj.exe
O4 - HKLM\..\Run: [zeauh] C:\WINDOWS\system32\zeauh.exe
O4 - HKLM\..\Run: [yoe] C:\WINDOWS\system32\yoe.exe
O4 - HKLM\..\Run: [ymtcdq] C:\WINDOWS\system32\ymtcdq.exe
O4 - HKLM\..\Run: [ylky] C:\WINDOWS\system32\ylky.exe
O4 - HKLM\..\Run: [yjzwv] C:\WINDOWS\system32\yjzwv.exe
O4 - HKLM\..\Run: [xsvphye] C:\WINDOWS\system32\xsvphye.exe
O4 - HKLM\..\Run: [xcd] C:\WINDOWS\system32\xcd.exe
O4 - HKLM\..\Run: [wmrltm] C:\WINDOWS\system32\wmrltm.exe
O4 - HKLM\..\Run: [wmefzjyy] C:\WINDOWS\rurgukhz.exe
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O4 - HKLM\..\Run: [Windows Generic Host Service] KQBBVLF.EXE
O4 - HKLM\..\Run: [WinBZA] WINBZA.EXE
O4 - HKLM\..\Run: [vnc] C:\WINDOWS\system32\vnc.exe
O4 - HKLM\..\Run: [vkg] C:\WINDOWS\system32\vkg.exe
O4 - HKLM\..\Run: [vixsp] C:\WINDOWS\system32\vixsp.exe
O4 - HKLM\..\Run: [vhdwcnulf] C:\WINDOWS\dxco.exe
O4 - HKLM\..\Run: [vcrbupf] C:\WINDOWS\dwdsplxcs.exe
O4 - HKLM\..\Run: [vafvvy] C:\WINDOWS\system32\vafvvy.exe
O4 - HKLM\..\Run: [uurocf] C:\WINDOWS\system32\uurocf.exe
O4 - HKLM\..\Run: [useirb] C:\WINDOWS\ioefojvlo.exe
O4 - HKLM\..\Run: [uqtkjck] C:\WINDOWS\system32\uqtkjck.exe
O4 - HKLM\..\Run: [ufb] C:\WINDOWS\system32\ufb.exe
O4 - HKLM\..\Run: [tznnw] C:\WINDOWS\system32\tznnw.exe
O4 - HKLM\..\Run: [tsgp] C:\WINDOWS\system32\tsgp.exe
O4 - HKLM\..\Run: [tloml] C:\WINDOWS\system32\tloml.exe
O4 - HKLM\..\Run: [tds] C:\WINDOWS\system32\tds.exe
O4 - HKLM\..\Run: [tcpgv] C:\WINDOWS\system32\tcpgv.exe
O4 - HKLM\..\Run: [sqonltd] C:\WINDOWS\system32\sqonltd.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\Hotbar\bin\450~1.0\SBInst.exe
O4 - HKLM\..\Run: [sbe] C:\WINDOWS\system32\sbe.exe
O4 - HKLM\..\Run: [rytom] C:\WINDOWS\dreb.exe
O4 - HKLM\..\Run: [rybwd] C:\WINDOWS\system32\rybwd.exe
O4 - HKLM\..\Run: [rwzcjpe] C:\WINDOWS\system32\rwzcjpe.exe
O4 - HKLM\..\Run: [REMOVE ME] info.exe
O4 - HKLM\..\Run: [qzwisbr] C:\WINDOWS\system32\qzwisbr.exe
O4 - HKLM\..\Run: [qre] C:\WINDOWS\system32\qre.exe
O4 - HKLM\..\Run: [qcq] C:\WINDOWS\system32\qcq.exe
O4 - HKLM\..\Run: [qbfcp] C:\WINDOWS\system32\qbfcp.exe
O4 - HKLM\..\Run: [pwomtfic] C:\WINDOWS\vsbohsb.exe
O4 - HKLM\..\Run: [pwaduuw] C:\WINDOWS\system32\pwaduuw.exe
O4 - HKLM\..\Run: [ppmjfwj] C:\WINDOWS\system32\ppmjfwj.exe
O4 - HKLM\..\Run: [pm5P36T] rtcide your computer.exe
O4 - HKLM\..\Run: [plsm] C:\WINDOWS\uhwoegtu.exe
O4 - HKLM\..\Run: [phsa] C:\WINDOWS\system32\phsa.exe
O4 - HKLM\..\Run: [pbmlfgf] "C:\WINDOWS\System32\pbmlfgf.exe"
O4 - HKLM\..\Run: [ozajoad] C:\WINDOWS\system32\ozajoad.exe
O4 - HKLM\..\Run: [oqc] C:\WINDOWS\system32\oqc.exe
O4 - HKLM\..\Run: [oozsx] C:\WINDOWS\system32\oozsx.exe
O4 - HKLM\..\Run: [ojffye] C:\WINDOWS\system32\ojffye.exe
O4 - HKLM\..\Run: [nun] C:\WINDOWS\system32\nun.exe
O4 - HKLM\..\Run: [npueuwf] C:\WINDOWS\system32\npueuwf.exe
O4 - HKLM\..\Run: [nkfi] C:\WINDOWS\system32\nkfi.exe
O4 - HKLM\..\Run: [nhc] C:\WINDOWS\system32\nhc.exe
O4 - HKLM\..\Run: [nfmilk] C:\WINDOWS\system32\nfmilk.exe
O4 - HKLM\..\Run: [nakdi] C:\WINDOWS\system32\nakdi.exe
O4 - HKLM\..\Run: [mxdyfrw] C:\WINDOWS\system32\mxdyfrw.exe
O4 - HKLM\..\Run: [msmsstj] C:\WINDOWS\system32\msmsstj.exe
O4 - HKLM\..\Run: [mpamymn] C:\WINDOWS\system32\mpamymn.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [lys] C:\WINDOWS\system32\lys.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [lqspyd] C:\WINDOWS\system32\lqspyd.exe
O4 - HKLM\..\Run: [lqiz] C:\WINDOWS\system32\lqiz.exe
O4 - HKLM\..\Run: [lnpoz] C:\WINDOWS\system32\lnpoz.exe
O4 - HKLM\..\Run: [lhvgv] C:\WINDOWS\system32\lhvgv.exe
O4 - HKLM\..\Run: [lhhnl] C:\WINDOWS\system32\lhhnl.exe
O4 - HKLM\..\Run: [lgszwzm] C:\WINDOWS\system32\lgszwzm.exe
O4 - HKLM\..\Run: [lalxiiu] C:\WINDOWS\system32\lalxiiu.exe
O4 - HKLM\..\Run: [kvkenn] C:\WINDOWS\system32\kvkenn.exe
O4 - HKLM\..\Run: [koos] C:\WINDOWS\system32\koos.exe
O4 - HKLM\..\Run: [khbpg] C:\WINDOWS\system32\khbpg.exe
O4 - HKLM\..\Run: [kdvo] C:\WINDOWS\system32\kdvo.exe
O4 - HKLM\..\Run: [jicouxp] C:\WINDOWS\system32\jicouxp.exe
O4 - HKLM\..\Run: [jHnrw05J] C:\documents and settings\harvey s. antczak\local settings\temp\jHnrw05J.exe
O4 - HKLM\..\Run: [jgtc] C:\WINDOWS\system32\jgtc.exe
O4 - HKLM\..\Run: [jfyqapu] C:\WINDOWS\system32\jfyqapu.exe
O4 - HKLM\..\Run: [iwq] C:\WINDOWS\system32\iwq.exe
O4 - HKLM\..\Run: [iiuxgnmga] C:\WINDOWS\vkvufch.exe
O4 - HKLM\..\Run: [igzpo] C:\WINDOWS\system32\igzpo.exe
O4 - HKLM\..\Run: [ieqvrds] C:\WINDOWS\system32\ieqvrds.exe
O4 - HKLM\..\Run: [ienkt] C:\WINDOWS\system32\ienkt.exe
O4 - HKLM\..\Run: [huazi] C:\WINDOWS\system32\huazi.exe
O4 - HKLM\..\Run: [hjkn] C:\WINDOWS\system32\hjkn.exe
O4 - HKLM\..\Run: [hgyka] C:\WINDOWS\system32\hgyka.exe
O4 - HKLM\..\Run: [hctk] C:\WINDOWS\system32\hctk.exe
O4 - HKLM\..\Run: [gwrx] C:\WINDOWS\system32\gwrx.exe
O4 - HKLM\..\Run: [ghhpfo] C:\WINDOWS\system32\ghhpfo.exe
O4 - HKLM\..\Run: [ggwd] C:\WINDOWS\system32\ggwd.exe
O4 - HKLM\..\Run: [getfnc] C:\WINDOWS\system32\getfnc.exe
O4 - HKLM\..\Run: [geojwm] C:\WINDOWS\system32\geojwm.exe
O4 - HKLM\..\Run: [fyzfbax] C:\WINDOWS\system32\fyzfbax.exe
O4 - HKLM\..\Run: [fxxl] C:\WINDOWS\system32\fxxl.exe
O4 - HKLM\..\Run: [fulnv] C:\WINDOWS\system32\fulnv.exe
O4 - HKLM\..\Run: [fmj] C:\WINDOWS\system32\fmj.exe
O4 - HKLM\..\Run: [fkyvk] C:\WINDOWS\system32\fkyvk.exe
O4 - HKLM\..\Run: [ffwq] C:\WINDOWS\system32\ffwq.exe
O4 - HKLM\..\Run: [eypmsu] C:\WINDOWS\fwiqspww.exe
O4 - HKLM\..\Run: [ewwg] C:\WINDOWS\system32\ewwg.exe
O4 - HKLM\..\Run: [esjf] C:\WINDOWS\system32\esjf.exe
O4 - HKLM\..\Run: [epnhase] C:\WINDOWS\system32\epnhase.exe
O4 - HKLM\..\Run: [enh] C:\WINDOWS\system32\enh.exe
O4 - HKLM\..\Run: [efuz] C:\WINDOWS\system32\efuz.exe
O4 - HKLM\..\Run: [dsZu] C:\documents and settings\lindsay\local settings\temp\dsZu.exe
O4 - HKLM\..\Run: [dnpt] C:\WINDOWS\system32\dnpt.exe
O4 - HKLM\..\Run: [dmvlzy] C:\WINDOWS\system32\dmvlzy.exe
O4 - HKLM\..\Run: [divuki] C:\WINDOWS\scnhtko.exe
O4 - HKLM\..\Run: [dfflhk] C:\WINDOWS\system32\dfflhk.exe
O4 - HKLM\..\Run: [ddjapy] C:\WINDOWS\system32\ddjapy.exe
O4 - HKLM\..\Run: [ctevpsz] C:\WINDOWS\ijkim.exe
O4 - HKLM\..\Run: [cFvnJQmK] C:\documents and settings\lindsay\local settings\temp\cFvnJQmK.exe
O4 - HKLM\..\Run: [bygf] C:\WINDOWS\system32\bygf.exe
O4 - HKLM\..\Run: [bwcrtfvh] C:\WINDOWS\pksetk.exe
O4 - HKLM\..\Run: [bvsv] C:\WINDOWS\system32\bvsv.exe
O4 - HKLM\..\Run: [btjbtt] C:\WINDOWS\system32\btjbtt.exe
O4 - HKLM\..\Run: [bsq] C:\WINDOWS\system32\bsq.exe
O4 - HKLM\..\Run: [bfdznb] C:\WINDOWS\system32\bfdznb.exe
O4 - HKLM\..\Run: [awvgjn] C:\WINDOWS\system32\awvgjn.exe
O4 - HKLM\..\Run: [alnp] C:\WINDOWS\system32\alnp.exe
O4 - HKLM\..\Run: [abxtnvy] C:\WINDOWS\system32\abxtnvy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PhotoViewer] C:\Program Files\Photo Viewer\album.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\HARVEY~1.ANT\LOCALS~1\Temp\{DBCE1027-C77B-4D98-88EC-B326C6C0C631}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRCLEAN.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartWorks Server.lnk = C:\Program Files\Accord\SmartWorks 2.0 - Personal Edition Project Planner\server\Swserver.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/flts0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098502419924
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4018/ftp...23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...lim/install.cab
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai.net/7/19/7125/4003/ftp...20/cpbrxpie.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O20 - AppInit_DLLs: wuaclt.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\SYSTEM~1\autocomp.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: Microsoft DHCP Routing Client (services) - Unknown owner - C:\Recycler\S-1-5-21-458573308-1249257218-1260325492-1443\system32\MSSvc.EXE (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:47 AM

Posted 01 April 2007 - 01:13 PM

Welcome to the BleepingComputer HijackThis forum Mantczak :thumbsup:

There are still many problems present,lets make a start.

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*****************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

*****************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the DrWeb.cvs report,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#3 Mantczak

Mantczak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 01 April 2007 - 09:19 PM

I finally finished the new scans. The Dr Web one took hours. After it was done I accidentally clicked delete instead of move. Hope I did not do any damage.... Here are the logs. Thanks for your help so far.

tgcmd.exe;c:\program files\support.com\bin;Probably DLOADER.Trojan;Incurable.Deleted.;
cpbrxpie.ocx;C:\WINDOWS;Adware.Coupons;Incurable.Deleted.;
mtuninst.exe;C:\WINDOWS;Adware.MediaTicket;Incurable.Deleted.;
destroy.exe;C:\Recycler\S-1-5-21-458573308-1249257218-1260325492-1443\system32;Tool.Prockill;Incurable.Deleted.;
id.exe;C:\Recycler\S-1-5-21-458573308-1249257218-1260325492-1443\system32;Program.PsList.127;Incurable.Deleted.;

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\RACLE~1
C:\qoobox\purity\WINDOWS\SMANTE~1
C:\qoobox\purity\WINDOWS\YMANTE~1
C:\qoobox\purity\WINDOWS\MBOLS~1
C:\qoobox\purity\WINDOWS\CURITY~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SMANTE~1
C:\qoobox\purity\WINDOWS\SYSTEM32\WNSXS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\ASKS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\YSTEM~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SMBOLS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\FNTS~1
C:\qoobox\purity\WINDOWS\SYSTEM32\SSEMBL~1
C:\qoobox\purity\WINDOWS\SYSTEM32\PPATCH~1
C:\qoobox\purity\Program Files\RACLE~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\ICROSO~1.NET
C:\qoobox\purity\Program Files\WNSXS~1
C:\qoobox\purity\Program Files\ASKS~1
C:\qoobox\purity\Program Files\SKS~1
C:\qoobox\purity\Program Files\CURITY~1
C:\qoobox\purity\Program Files\FNTS~1
C:\qoobox\purity\Program Files\SEMBLY~1
C:\qoobox\purity\Program Files\ASEMBL~1
C:\qoobox\purity\Program Files\Common Files\RACLE~1
C:\qoobox\purity\Program Files\Common Files\MANTEC~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\ICROSO~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1.NET
C:\qoobox\purity\Program Files\Common Files\CROSOF~2.NET
C:\qoobox\purity\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\Program Files\Common Files\ASKS~1
C:\qoobox\purity\Program Files\Common Files\TSKS~1
C:\qoobox\purity\Program Files\Common Files\YMBOLS~1
C:\qoobox\purity\Program Files\Common Files\PPPATC~1
C:\qoobox\purity\Program Files\CURITY~1\??curity
C:\qoobox\purity\Program Files\CURITY~1\??curity\ctxad-459.0000
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\from.txt
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\RACLE~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\SMANTE~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\CROSOF~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\WNSXS~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\YMBOLS~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\SSEMBL~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\APPLIC~1\PPATC~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\from.txt
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\YMANTE~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\CROSOF~1.NET
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\TSKS~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\SSTEM~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\SMBOLS~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\ECURIT~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\FNTS~1
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\FNTS~2
C:\qoobox\purity\DOCUME~1\HARVEY~1.ANT\MYDOCU~1\PPPATC~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-01 to 2007-04-01 ))))))))))))))))))))))))))))))))))


2007-04-01 21:54 571 --a------ C:\Combo.bat
2007-04-01 15:31 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\DoctorWeb
2007-04-01 12:59 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\APPLIC~1\Lavasoft
2007-04-01 02:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-03-31 23:57 71,680 --------- C:\WINDOWS\SYSTEM32\DRIVERS\PAVDRV51.SYS
2007-03-31 23:57 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-03-31 23:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\PAV
2007-03-31 23:57 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\APPLIC~1\Panda Software
2007-03-31 23:56 45,056 --a------ C:\WINDOWS\SYSTEM32\avldr.dll
2007-03-31 23:56 <DIR> d-------- C:\Program Files\Panda Software
2007-03-31 22:09 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-03-31 19:53 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\.housecall6.6
2007-03-30 19:49 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\Incomplete
2007-03-30 19:32 <DIR> d-------- C:\Program Files\Java
2007-03-30 19:29 <DIR> d-------- C:\Program Files\LimeWire
2007-03-30 19:29 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-30 19:27 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\.limewire
2007-03-29 20:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\SonicStage
2007-03-29 20:45 27,255 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NWWMUSB.sys
2007-03-29 20:44 11,510 --------- C:\WINDOWS\SYSTEM32\DRIVERS\VMCUSB.sys
2007-03-29 20:44 <DIR> d-------- C:\Program Files\Sony Corporation
2007-03-29 20:43 90,112 --------- C:\WINDOWS\snymsico.dll
2007-03-29 20:43 770,048 --a------ C:\WINDOWS\SYSTEM32\CDDBUISony.dll
2007-03-29 20:43 73,728 --a------ C:\WINDOWS\SYSTEM32\CddbLinkSony.dll
2007-03-29 20:43 643,072 --a------ C:\WINDOWS\SYSTEM32\CDDBControlSony.dll
2007-03-29 20:43 585,728 --a------ C:\WINDOWS\SYSTEM32\CddbMusicIDSony.dll
2007-03-29 20:43 520,192 --a------ C:\WINDOWS\SYSTEM32\CddbPlaylist2Sony.dll
2007-03-29 20:43 38,951 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys
2007-03-29 20:43 36,679 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NETMD052.sys
2007-03-29 20:43 36,232 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NETMD033.sys
2007-03-29 20:43 35,319 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NETMD031.sys
2007-03-29 20:42 20,640 --------- C:\WINDOWS\SYSTEM32\DRIVERS\PxHelp20.sys
2007-03-29 20:42 151,552 --------- C:\WINDOWS\SYSTEM32\pxwma.dll
2007-03-29 20:42 109,568 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-03-29 20:42 108,544 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-03-29 20:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-03-29 20:38 <DIR> d-------- C:\Program Files\Sony
2007-03-29 20:36 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-03-29 20:36 <DIR> d-------- C:\DOCUME~1\HARVEY~1.ANT\APPLIC~1\Sony Corporation
2007-03-26 15:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-03-26 15:24 <DIR> d-------- C:\Program Files\SpywareLocked
2007-03-17 07:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-22 16:54 4768966 --ah----- C:\DOCUME~1\HARVEY~1.ANT\APPLIC~1\iconcache.db
2007-01-28 00:04 31368 --a------ C:\DOCUME~1\HARVEY~1.ANT\APPLIC~1\gdipfontcachev1.dat
2007-01-08 19:01 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SureCleanProfessional"="\"C:\\PROGRA~1\\PANICW~1\\SURECL~1\\SRCLEAN.EXE\""
@=""
"PopUpStopperFreeEdition"="C:\\PROGRA~1\\PANICW~1\\POP-UP~2\\PSFree.exe"
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"zjqvnj"="C:\\WINDOWS\\system32\\zjqvnj.exe"
"zeauh"="C:\\WINDOWS\\system32\\zeauh.exe"
"yoe"="C:\\WINDOWS\\system32\\yoe.exe"
"ymtcdq"="C:\\WINDOWS\\system32\\ymtcdq.exe"
"ylky"="C:\\WINDOWS\\system32\\ylky.exe"
"yjzwv"="C:\\WINDOWS\\system32\\yjzwv.exe"
"xsvphye"="C:\\WINDOWS\\system32\\xsvphye.exe"
"xcd"="C:\\WINDOWS\\system32\\xcd.exe"
"wmrltm"="C:\\WINDOWS\\system32\\wmrltm.exe"
"wmefzjyy"="C:\\WINDOWS\\rurgukhz.exe"
"Winsock32 driver"="TESTING.EXE"
"Windows Generic Host Service"="KQBBVLF.EXE"
"WinBZA"="WINBZA.EXE"
"vnc"="C:\\WINDOWS\\system32\\vnc.exe"
"vkg"="C:\\WINDOWS\\system32\\vkg.exe"
"vixsp"="C:\\WINDOWS\\system32\\vixsp.exe"
"vhdwcnulf"="C:\\WINDOWS\\dxco.exe"
"vcrbupf"="C:\\WINDOWS\\dwdsplxcs.exe"
"vafvvy"="C:\\WINDOWS\\system32\\vafvvy.exe"
"uurocf"="C:\\WINDOWS\\system32\\uurocf.exe"
"useirb"="C:\\WINDOWS\\ioefojvlo.exe"
"uqtkjck"="C:\\WINDOWS\\system32\\uqtkjck.exe"
"ufb"="C:\\WINDOWS\\system32\\ufb.exe"
"tznnw"="C:\\WINDOWS\\system32\\tznnw.exe"
"tsgp"="C:\\WINDOWS\\system32\\tsgp.exe"
"tloml"="C:\\WINDOWS\\system32\\tloml.exe"
"tds"="C:\\WINDOWS\\system32\\tds.exe"
"tcpgv"="C:\\WINDOWS\\system32\\tcpgv.exe"
"sqonltd"="C:\\WINDOWS\\system32\\sqonltd.exe"
"Spam Blocker for Outlook Express"="C:\\PROGRA~1\\Hotbar\\bin\\450~1.0\\SBInst.exe"
"sbe"="C:\\WINDOWS\\system32\\sbe.exe"
"rytom"="C:\\WINDOWS\\dreb.exe"
"rybwd"="C:\\WINDOWS\\system32\\rybwd.exe"
"rwzcjpe"="C:\\WINDOWS\\system32\\rwzcjpe.exe"
"REMOVE ME"="info.exe"
"qzwisbr"="C:\\WINDOWS\\system32\\qzwisbr.exe"
"qre"="C:\\WINDOWS\\system32\\qre.exe"
"qcq"="C:\\WINDOWS\\system32\\qcq.exe"
"qbfcp"="C:\\WINDOWS\\system32\\qbfcp.exe"
"pwomtfic"="C:\\WINDOWS\\vsbohsb.exe"
"pwaduuw"="C:\\WINDOWS\\system32\\pwaduuw.exe"
"ppmjfwj"="C:\\WINDOWS\\system32\\ppmjfwj.exe"
"pm5P36T"="rtcide your computer.exe"
"plsm"="C:\\WINDOWS\\uhwoegtu.exe"
"phsa"="C:\\WINDOWS\\system32\\phsa.exe"
"pbmlfgf"="\"C:\\WINDOWS\\System32\\pbmlfgf.exe\""
"ozajoad"="C:\\WINDOWS\\system32\\ozajoad.exe"
"oqc"="C:\\WINDOWS\\system32\\oqc.exe"
"oozsx"="C:\\WINDOWS\\system32\\oozsx.exe"
"ojffye"="C:\\WINDOWS\\system32\\ojffye.exe"
"nun"="C:\\WINDOWS\\system32\\nun.exe"
"npueuwf"="C:\\WINDOWS\\system32\\npueuwf.exe"
"nkfi"="C:\\WINDOWS\\system32\\nkfi.exe"
"nhc"="C:\\WINDOWS\\system32\\nhc.exe"
"nfmilk"="C:\\WINDOWS\\system32\\nfmilk.exe"
"nakdi"="C:\\WINDOWS\\system32\\nakdi.exe"
"mxdyfrw"="C:\\WINDOWS\\system32\\mxdyfrw.exe"
"msmsstj"="C:\\WINDOWS\\system32\\msmsstj.exe"
"mpamymn"="C:\\WINDOWS\\system32\\mpamymn.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"lys"="C:\\WINDOWS\\system32\\lys.exe"
"LSPFix"="C:\\Program Files\\Common Files\\eAcceleration\\LSPfix\\LSPmonitor.exe normal"
"lqspyd"="C:\\WINDOWS\\system32\\lqspyd.exe"
"lqiz"="C:\\WINDOWS\\system32\\lqiz.exe"
"lnpoz"="C:\\WINDOWS\\system32\\lnpoz.exe"
"lhvgv"="C:\\WINDOWS\\system32\\lhvgv.exe"
"lhhnl"="C:\\WINDOWS\\system32\\lhhnl.exe"
"lgszwzm"="C:\\WINDOWS\\system32\\lgszwzm.exe"
"lalxiiu"="C:\\WINDOWS\\system32\\lalxiiu.exe"
"kvkenn"="C:\\WINDOWS\\system32\\kvkenn.exe"
"koos"="C:\\WINDOWS\\system32\\koos.exe"
"khbpg"="C:\\WINDOWS\\system32\\khbpg.exe"
"kdvo"="C:\\WINDOWS\\system32\\kdvo.exe"
"jicouxp"="C:\\WINDOWS\\system32\\jicouxp.exe"
"jHnrw05J"="C:\\documents and settings\\harvey s. antczak\\local settings\\temp\\jHnrw05J.exe"
"jgtc"="C:\\WINDOWS\\system32\\jgtc.exe"
"jfyqapu"="C:\\WINDOWS\\system32\\jfyqapu.exe"
"iwq"="C:\\WINDOWS\\system32\\iwq.exe"
"iiuxgnmga"="C:\\WINDOWS\\vkvufch.exe"
"igzpo"="C:\\WINDOWS\\system32\\igzpo.exe"
"ieqvrds"="C:\\WINDOWS\\system32\\ieqvrds.exe"
"ienkt"="C:\\WINDOWS\\system32\\ienkt.exe"
"huazi"="C:\\WINDOWS\\system32\\huazi.exe"
"hjkn"="C:\\WINDOWS\\system32\\hjkn.exe"
"hgyka"="C:\\WINDOWS\\system32\\hgyka.exe"
"hctk"="C:\\WINDOWS\\system32\\hctk.exe"
"gwrx"="C:\\WINDOWS\\system32\\gwrx.exe"
"ghhpfo"="C:\\WINDOWS\\system32\\ghhpfo.exe"
"ggwd"="C:\\WINDOWS\\system32\\ggwd.exe"
"getfnc"="C:\\WINDOWS\\system32\\getfnc.exe"
"geojwm"="C:\\WINDOWS\\system32\\geojwm.exe"
"fyzfbax"="C:\\WINDOWS\\system32\\fyzfbax.exe"
"fxxl"="C:\\WINDOWS\\system32\\fxxl.exe"
"fulnv"="C:\\WINDOWS\\system32\\fulnv.exe"
"fmj"="C:\\WINDOWS\\system32\\fmj.exe"
"fkyvk"="C:\\WINDOWS\\system32\\fkyvk.exe"
"ffwq"="C:\\WINDOWS\\system32\\ffwq.exe"
"eypmsu"="C:\\WINDOWS\\fwiqspww.exe"
"ewwg"="C:\\WINDOWS\\system32\\ewwg.exe"
"esjf"="C:\\WINDOWS\\system32\\esjf.exe"
"epnhase"="C:\\WINDOWS\\system32\\epnhase.exe"
"enh"="C:\\WINDOWS\\system32\\enh.exe"
"efuz"="C:\\WINDOWS\\system32\\efuz.exe"
"dsZu"="C:\\documents and settings\\lindsay\\local settings\\temp\\dsZu.exe"
"dnpt"="C:\\WINDOWS\\system32\\dnpt.exe"
"dmvlzy"="C:\\WINDOWS\\system32\\dmvlzy.exe"
"divuki"="C:\\WINDOWS\\scnhtko.exe"
"dfflhk"="C:\\WINDOWS\\system32\\dfflhk.exe"
"ddjapy"="C:\\WINDOWS\\system32\\ddjapy.exe"
"ctevpsz"="C:\\WINDOWS\\ijkim.exe"
"cFvnJQmK"="C:\\documents and settings\\lindsay\\local settings\\temp\\cFvnJQmK.exe"
"bygf"="C:\\WINDOWS\\system32\\bygf.exe"
"bwcrtfvh"="C:\\WINDOWS\\pksetk.exe"
"bvsv"="C:\\WINDOWS\\system32\\bvsv.exe"
"btjbtt"="C:\\WINDOWS\\system32\\btjbtt.exe"
"bsq"="C:\\WINDOWS\\system32\\bsq.exe"
"bfdznb"="C:\\WINDOWS\\system32\\bfdznb.exe"
"awvgjn"="C:\\WINDOWS\\system32\\awvgjn.exe"
"alnp"="C:\\WINDOWS\\system32\\alnp.exe"
"abxtnvy"="C:\\WINDOWS\\system32\\abxtnvy.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PhotoViewer"="C:\\Program Files\\Photo Viewer\\album.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus 2007\\APVXDWIN.EXE\" /s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Printing Migration"="rundll32.exe C:\\WINDOWS\\System32\\spool\\migrate.dll,ProcessWin9xNetworkPrinters"
"WinBZA"="WINBZA.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"HPScanPatch"="C:\\WINDOWS\\SYSTEM32\\HPScanFix.exe"
"Delay"="C:\\WINDOWS\\delayrun.exe"
"Adaptec DirectCD"="C:\\PROGRA~1\\ADAPTEC\\DIRECTCD\\DIRECTCD.EXE"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\SYSTEM\\hpztsb03.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"hpsysdrv"="C:\\WINDOWS\\SYSTEM32\\hpsysdrv.exe"
"NAV DefAlert"="C:\\PROGRA~1\\NORTON~1\\DEFALERT.EXE"
"Norton Auto-Protect"="C:\\PROGRA~1\\NORTON~1\\NAVAPW32.EXE /LOADQUIET"
"Norton eMail Protect"="C:\\Program Files\\Norton AntiVirus\\POPROXY.EXE"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"QuickTime Task"="C:\\WINDOWS\\SYSTEM32\\qttask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SSDPSRV"="C:\\WINDOWS\\SYSTEM\\ssdpsrv.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"SchedulingAgent"="mstask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wuaclt.dll "


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
"{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"eitheror"="{2016a466-91a2-43c6-97d8-2fd380f065ef}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
@="C:\\WINDOWS\\system32\\MDTC~1.EXE"
"Cdiil"="C:\\WINDOWS\\system32\\MDTC~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"xia"="C:\\WINDOWS\\system32\\tempx.exe"
"oabdt"="C:\\WINDOWS\\system32\\tempx.exe"
"ziuad"="C:\\WINDOWS\\system32\\tempx.exe"
"hjknuq"="C:\\WINDOWS\\system32\\tempx.exe"
"djnexdq"="C:\\WINDOWS\\system32\\tempx.exe"
"uekqjz"="C:\\WINDOWS\\system32\\tempx.exe"
"skzsyvs"="C:\\WINDOWS\\system32\\tempx.exe"
"ysvhmi"="C:\\WINDOWS\\system32\\tempx.exe"
"amdu"="C:\\WINDOWS\\system32\\tempx.exe"
"ewml"="C:\\WINDOWS\\system32\\tempx.exe"
"dliaway"="C:\\WINDOWS\\system32\\tempx.exe"
"risgabx"="C:\\WINDOWS\\system32\\tempx.exe"
"rgat"="C:\\WINDOWS\\system32\\tempx.exe"
"dqbw"="C:\\WINDOWS\\system32\\tempx.exe"
"rcwdoqz"="C:\\WINDOWS\\system32\\tempx.exe"
"vlmrhs"="C:\\WINDOWS\\system32\\tempx.exe"
"jmjc"="C:\\WINDOWS\\system32\\tempx.exe"
"tmhyfxi"="C:\\WINDOWS\\system32\\tempx.exe"
"jgvwmq"="C:\\WINDOWS\\system32\\tempx.exe"
"fxgfx"="C:\\WINDOWS\\system32\\tempx.exe"
"glqcw"="C:\\WINDOWS\\system32\\tempx.exe"
"idhfs"="C:\\WINDOWS\\system32\\tempx.exe"
"jaa"="C:\\WINDOWS\\system32\\tempx.exe"
"uerjash"="C:\\WINDOWS\\system32\\tempx.exe"
"gezgr"="C:\\WINDOWS\\system32\\tempx.exe"
"sotpqpg"="C:\\WINDOWS\\system32\\tempx.exe"
"uossnu"="C:\\WINDOWS\\system32\\tempx.exe"
"qni"="C:\\WINDOWS\\system32\\tempx.exe"
"gtujz"="C:\\WINDOWS\\system32\\tempx.exe"
"nlfyrz"="C:\\WINDOWS\\system32\\tempx.exe"
"vrj"="C:\\WINDOWS\\system32\\tempx.exe"
"sbrh"="C:\\WINDOWS\\system32\\tempx.exe"
"kcopt"="C:\\WINDOWS\\system32\\tempx.exe"
"jmfp"="C:\\WINDOWS\\system32\\tempx.exe"
"yabzr"="C:\\WINDOWS\\system32\\tempx.exe"
"dcko"="C:\\WINDOWS\\system32\\tempx.exe"
"ccg"="C:\\WINDOWS\\system32\\tempx.exe"
"rgvypk"="C:\\WINDOWS\\system32\\tempx.exe"
"mmefz"="C:\\WINDOWS\\system32\\tempx.exe"
"uqdlfn"="C:\\WINDOWS\\system32\\tempx.exe"
"zwtyqre"="C:\\WINDOWS\\system32\\tempx.exe"
"ztvlxj"="C:\\WINDOWS\\system32\\tempx.exe"
"bbuqxwk"="C:\\WINDOWS\\system32\\tempx.exe"
"fwemm"="C:\\WINDOWS\\system32\\tempx.exe"
"afgz"="C:\\WINDOWS\\system32\\tempx.exe"
"sxcvca"="C:\\WINDOWS\\system32\\tempx.exe"
"upriu"="C:\\WINDOWS\\system32\\tempx.exe"
"clg"="C:\\WINDOWS\\system32\\tempx.exe"
"yjoliv"="C:\\WINDOWS\\system32\\tempx.exe"
"oojly"="C:\\WINDOWS\\system32\\tempx.exe"
"pexi"="C:\\WINDOWS\\system32\\tempx.exe"
"aupy"="C:\\WINDOWS\\system32\\tempx.exe"
"oxzyvc"="C:\\WINDOWS\\system32\\tempx.exe"
"rbsfnmy"="C:\\WINDOWS\\system32\\tempx.exe"
"nnmaldh"="C:\\WINDOWS\\system32\\tempx.exe"
"hib"="C:\\WINDOWS\\system32\\tempx.exe"
"xealglt"="C:\\WINDOWS\\system32\\tempx.exe"
"pgtfbpn"="C:\\WINDOWS\\system32\\tempx.exe"
"wiqzxs"="C:\\WINDOWS\\system32\\tempx.exe"
"okzosmc"="C:\\WINDOWS\\system32\\tempx.exe"
"fztej"="C:\\WINDOWS\\system32\\tempx.exe"
"taz"="C:\\WINDOWS\\system32\\tempx.exe"
"jheltfe"="C:\\WINDOWS\\system32\\tempx.exe"
"rutccc"="C:\\WINDOWS\\system32\\tempx.exe"
"mdckpk"="C:\\WINDOWS\\system32\\tempx.exe"
"ywqukll"="C:\\WINDOWS\\system32\\tempx.exe"
"biqiu"="C:\\WINDOWS\\system32\\tempx.exe"
"doyn"="C:\\WINDOWS\\system32\\tempx.exe"
"vwq"="C:\\WINDOWS\\system32\\vwq.exe"
"tempx"="C:\\WINDOWS\\system32\\tempx.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"CDRAutoRun"=hex:00,00,00,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://images.deseretbook.com/4/epub/ml-name.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.kamat.com/mmgandhi/2413.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\10]
Source REG_SZ http://www.sampler.com/art/forumart/csforumlogo.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
Source REG_SZ http://www.historesearch.com/hsbackground.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
Source REG_SZ http://www.geocities.com/Heartland/Pointe/3709/raventag3.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\13]
Source REG_SZ http://www.historyworld.net/CImg/homebg.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\14]
Source REG_SZ https://secure.lds.org/units/images/Hillc.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\15]
Source REG_SZ http://store1.yimg.com/I/pttranscripts_1811_1228

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\16]
Source REG_SZ http://us.i1.yimg.com/us.yimg.com/i/ww/m6v8c.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\17]
Source REG_SZ HTTP://www.wunderground.com/mschannels/GizmoScroller.asp

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source REG_SZ http://sacredoasis.com/buddhanew/mossybuddha2.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source REG_SZ http://www.altonbrown.com/rantgifs/rantsbg.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source REG_SZ http://hrsewhispr.hypermart.net/officiallogo.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source REG_SZ http://writecenter.cgu.edu/images/wclogo_med.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
Source REG_SZ http://www.closeup.org/gif/cuf_logo.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source REG_SZ http://religion.rutgers.edu/vri/_themes/vri/mss2.gif

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
Source REG_SZ http://graphics7.nytimes.com/images/2004/0...ts/mill.184.jpg

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
Source REG_SZ http://www.kamat.com/mmgandhi/3295a.jpg

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
C:\WINDOWS\tasks\{19A0D209-A936-4FAC-826D-0310CC9579DE}_DAD_Harvey S. Antczak.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-01 22:07:13
C:\ComboFix2.txt ... 07-04-01 21:53


Logfile of HijackThis v1.99.1
Scan saved at 10:09:17 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Photo Viewer\album.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Accord\SmartWorks 2.0 - Personal Edition Project Planner\server\Swserver.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...lHKsPm4HZe+X8M=
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {DA9909BA-BD5C-FCAE-7803-C3891D7A69C3} - C:\WINDOWS\system32\zlmahvq.dll (file missing)
O2 - BHO: (no name) - {EDA22A6E-9A8C-D720-F5FB-ECCB29EC5F97} - C:\WINDOWS\system32\bezyrtw.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [zjqvnj] C:\WINDOWS\system32\zjqvnj.exe
O4 - HKLM\..\Run: [zeauh] C:\WINDOWS\system32\zeauh.exe
O4 - HKLM\..\Run: [yoe] C:\WINDOWS\system32\yoe.exe
O4 - HKLM\..\Run: [ymtcdq] C:\WINDOWS\system32\ymtcdq.exe
O4 - HKLM\..\Run: [ylky] C:\WINDOWS\system32\ylky.exe
O4 - HKLM\..\Run: [yjzwv] C:\WINDOWS\system32\yjzwv.exe
O4 - HKLM\..\Run: [xsvphye] C:\WINDOWS\system32\xsvphye.exe
O4 - HKLM\..\Run: [xcd] C:\WINDOWS\system32\xcd.exe
O4 - HKLM\..\Run: [wmrltm] C:\WINDOWS\system32\wmrltm.exe
O4 - HKLM\..\Run: [wmefzjyy] C:\WINDOWS\rurgukhz.exe
O4 - HKLM\..\Run: [Winsock32 driver] TESTING.EXE
O4 - HKLM\..\Run: [Windows Generic Host Service] KQBBVLF.EXE
O4 - HKLM\..\Run: [WinBZA] WINBZA.EXE
O4 - HKLM\..\Run: [vnc] C:\WINDOWS\system32\vnc.exe
O4 - HKLM\..\Run: [vkg] C:\WINDOWS\system32\vkg.exe
O4 - HKLM\..\Run: [vixsp] C:\WINDOWS\system32\vixsp.exe
O4 - HKLM\..\Run: [vhdwcnulf] C:\WINDOWS\dxco.exe
O4 - HKLM\..\Run: [vcrbupf] C:\WINDOWS\dwdsplxcs.exe
O4 - HKLM\..\Run: [vafvvy] C:\WINDOWS\system32\vafvvy.exe
O4 - HKLM\..\Run: [uurocf] C:\WINDOWS\system32\uurocf.exe
O4 - HKLM\..\Run: [useirb] C:\WINDOWS\ioefojvlo.exe
O4 - HKLM\..\Run: [uqtkjck] C:\WINDOWS\system32\uqtkjck.exe
O4 - HKLM\..\Run: [ufb] C:\WINDOWS\system32\ufb.exe
O4 - HKLM\..\Run: [tznnw] C:\WINDOWS\system32\tznnw.exe
O4 - HKLM\..\Run: [tsgp] C:\WINDOWS\system32\tsgp.exe
O4 - HKLM\..\Run: [tloml] C:\WINDOWS\system32\tloml.exe
O4 - HKLM\..\Run: [tds] C:\WINDOWS\system32\tds.exe
O4 - HKLM\..\Run: [tcpgv] C:\WINDOWS\system32\tcpgv.exe
O4 - HKLM\..\Run: [sqonltd] C:\WINDOWS\system32\sqonltd.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\Hotbar\bin\450~1.0\SBInst.exe
O4 - HKLM\..\Run: [sbe] C:\WINDOWS\system32\sbe.exe
O4 - HKLM\..\Run: [rytom] C:\WINDOWS\dreb.exe
O4 - HKLM\..\Run: [rybwd] C:\WINDOWS\system32\rybwd.exe
O4 - HKLM\..\Run: [rwzcjpe] C:\WINDOWS\system32\rwzcjpe.exe
O4 - HKLM\..\Run: [REMOVE ME] info.exe
O4 - HKLM\..\Run: [qzwisbr] C:\WINDOWS\system32\qzwisbr.exe
O4 - HKLM\..\Run: [qre] C:\WINDOWS\system32\qre.exe
O4 - HKLM\..\Run: [qcq] C:\WINDOWS\system32\qcq.exe
O4 - HKLM\..\Run: [qbfcp] C:\WINDOWS\system32\qbfcp.exe
O4 - HKLM\..\Run: [pwomtfic] C:\WINDOWS\vsbohsb.exe
O4 - HKLM\..\Run: [pwaduuw] C:\WINDOWS\system32\pwaduuw.exe
O4 - HKLM\..\Run: [ppmjfwj] C:\WINDOWS\system32\ppmjfwj.exe
O4 - HKLM\..\Run: [pm5P36T] rtcide your computer.exe
O4 - HKLM\..\Run: [plsm] C:\WINDOWS\uhwoegtu.exe
O4 - HKLM\..\Run: [phsa] C:\WINDOWS\system32\phsa.exe
O4 - HKLM\..\Run: [pbmlfgf] "C:\WINDOWS\System32\pbmlfgf.exe"
O4 - HKLM\..\Run: [ozajoad] C:\WINDOWS\system32\ozajoad.exe
O4 - HKLM\..\Run: [oqc] C:\WINDOWS\system32\oqc.exe
O4 - HKLM\..\Run: [oozsx] C:\WINDOWS\system32\oozsx.exe
O4 - HKLM\..\Run: [ojffye] C:\WINDOWS\system32\ojffye.exe
O4 - HKLM\..\Run: [nun] C:\WINDOWS\system32\nun.exe
O4 - HKLM\..\Run: [npueuwf] C:\WINDOWS\system32\npueuwf.exe
O4 - HKLM\..\Run: [nkfi] C:\WINDOWS\system32\nkfi.exe
O4 - HKLM\..\Run: [nhc] C:\WINDOWS\system32\nhc.exe
O4 - HKLM\..\Run: [nfmilk] C:\WINDOWS\system32\nfmilk.exe
O4 - HKLM\..\Run: [nakdi] C:\WINDOWS\system32\nakdi.exe
O4 - HKLM\..\Run: [mxdyfrw] C:\WINDOWS\system32\mxdyfrw.exe
O4 - HKLM\..\Run: [msmsstj] C:\WINDOWS\system32\msmsstj.exe
O4 - HKLM\..\Run: [mpamymn] C:\WINDOWS\system32\mpamymn.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [lys] C:\WINDOWS\system32\lys.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [lqspyd] C:\WINDOWS\system32\lqspyd.exe
O4 - HKLM\..\Run: [lqiz] C:\WINDOWS\system32\lqiz.exe
O4 - HKLM\..\Run: [lnpoz] C:\WINDOWS\system32\lnpoz.exe
O4 - HKLM\..\Run: [lhvgv] C:\WINDOWS\system32\lhvgv.exe
O4 - HKLM\..\Run: [lhhnl] C:\WINDOWS\system32\lhhnl.exe
O4 - HKLM\..\Run: [lgszwzm] C:\WINDOWS\system32\lgszwzm.exe
O4 - HKLM\..\Run: [lalxiiu] C:\WINDOWS\system32\lalxiiu.exe
O4 - HKLM\..\Run: [kvkenn] C:\WINDOWS\system32\kvkenn.exe
O4 - HKLM\..\Run: [koos] C:\WINDOWS\system32\koos.exe
O4 - HKLM\..\Run: [khbpg] C:\WINDOWS\system32\khbpg.exe
O4 - HKLM\..\Run: [kdvo] C:\WINDOWS\system32\kdvo.exe
O4 - HKLM\..\Run: [jicouxp] C:\WINDOWS\system32\jicouxp.exe
O4 - HKLM\..\Run: [jHnrw05J] C:\documents and settings\harvey s. antczak\local settings\temp\jHnrw05J.exe
O4 - HKLM\..\Run: [jgtc] C:\WINDOWS\system32\jgtc.exe
O4 - HKLM\..\Run: [jfyqapu] C:\WINDOWS\system32\jfyqapu.exe
O4 - HKLM\..\Run: [iwq] C:\WINDOWS\system32\iwq.exe
O4 - HKLM\..\Run: [iiuxgnmga] C:\WINDOWS\vkvufch.exe
O4 - HKLM\..\Run: [igzpo] C:\WINDOWS\system32\igzpo.exe
O4 - HKLM\..\Run: [ieqvrds] C:\WINDOWS\system32\ieqvrds.exe
O4 - HKLM\..\Run: [ienkt] C:\WINDOWS\system32\ienkt.exe
O4 - HKLM\..\Run: [huazi] C:\WINDOWS\system32\huazi.exe
O4 - HKLM\..\Run: [hjkn] C:\WINDOWS\system32\hjkn.exe
O4 - HKLM\..\Run: [hgyka] C:\WINDOWS\system32\hgyka.exe
O4 - HKLM\..\Run: [hctk] C:\WINDOWS\system32\hctk.exe
O4 - HKLM\..\Run: [gwrx] C:\WINDOWS\system32\gwrx.exe
O4 - HKLM\..\Run: [ghhpfo] C:\WINDOWS\system32\ghhpfo.exe
O4 - HKLM\..\Run: [ggwd] C:\WINDOWS\system32\ggwd.exe
O4 - HKLM\..\Run: [getfnc] C:\WINDOWS\system32\getfnc.exe
O4 - HKLM\..\Run: [geojwm] C:\WINDOWS\system32\geojwm.exe
O4 - HKLM\..\Run: [fyzfbax] C:\WINDOWS\system32\fyzfbax.exe
O4 - HKLM\..\Run: [fxxl] C:\WINDOWS\system32\fxxl.exe
O4 - HKLM\..\Run: [fulnv] C:\WINDOWS\system32\fulnv.exe
O4 - HKLM\..\Run: [fmj] C:\WINDOWS\system32\fmj.exe
O4 - HKLM\..\Run: [fkyvk] C:\WINDOWS\system32\fkyvk.exe
O4 - HKLM\..\Run: [ffwq] C:\WINDOWS\system32\ffwq.exe
O4 - HKLM\..\Run: [eypmsu] C:\WINDOWS\fwiqspww.exe
O4 - HKLM\..\Run: [ewwg] C:\WINDOWS\system32\ewwg.exe
O4 - HKLM\..\Run: [esjf] C:\WINDOWS\system32\esjf.exe
O4 - HKLM\..\Run: [epnhase] C:\WINDOWS\system32\epnhase.exe
O4 - HKLM\..\Run: [enh] C:\WINDOWS\system32\enh.exe
O4 - HKLM\..\Run: [efuz] C:\WINDOWS\system32\efuz.exe
O4 - HKLM\..\Run: [dsZu] C:\documents and settings\lindsay\local settings\temp\dsZu.exe
O4 - HKLM\..\Run: [dnpt] C:\WINDOWS\system32\dnpt.exe
O4 - HKLM\..\Run: [dmvlzy] C:\WINDOWS\system32\dmvlzy.exe
O4 - HKLM\..\Run: [divuki] C:\WINDOWS\scnhtko.exe
O4 - HKLM\..\Run: [dfflhk] C:\WINDOWS\system32\dfflhk.exe
O4 - HKLM\..\Run: [ddjapy] C:\WINDOWS\system32\ddjapy.exe
O4 - HKLM\..\Run: [ctevpsz] C:\WINDOWS\ijkim.exe
O4 - HKLM\..\Run: [cFvnJQmK] C:\documents and settings\lindsay\local settings\temp\cFvnJQmK.exe
O4 - HKLM\..\Run: [bygf] C:\WINDOWS\system32\bygf.exe
O4 - HKLM\..\Run: [bwcrtfvh] C:\WINDOWS\pksetk.exe
O4 - HKLM\..\Run: [bvsv] C:\WINDOWS\system32\bvsv.exe
O4 - HKLM\..\Run: [btjbtt] C:\WINDOWS\system32\btjbtt.exe
O4 - HKLM\..\Run: [bsq] C:\WINDOWS\system32\bsq.exe
O4 - HKLM\..\Run: [bfdznb] C:\WINDOWS\system32\bfdznb.exe
O4 - HKLM\..\Run: [awvgjn] C:\WINDOWS\system32\awvgjn.exe
O4 - HKLM\..\Run: [alnp] C:\WINDOWS\system32\alnp.exe
O4 - HKLM\..\Run: [abxtnvy] C:\WINDOWS\system32\abxtnvy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PhotoViewer] C:\Program Files\Photo Viewer\album.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRCLEAN.EXE"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SmartWorks Server.lnk = C:\Program Files\Accord\SmartWorks 2.0 - Personal Edition Project Planner\server\Swserver.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/flts0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098502419924
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - Back to top'> Back to top




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users