Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hundreds of pop-ups and other problems [CLOSED]

Started by lew10281 , Apr 28 2005 10:37 AM

  • This topic is locked This topic is locked

#1
lew10281
Posted 28 April 2005 - 10:37 AM

lew10281

    Member

  • Member
  • PipPip
  • 48 posts
I can barely type this thread from all these pop-ups. I have ran Ad-Aware and Spybot numerous times with no help before i discovered this site (which seems awesome).

I get a lot of pop-ups such as security warnings, Aurora, Cashback Buddy, and others. i would really appreciate if you could help me out.

Also when i press CTRL + ALT + DEL in the Windows Task Manager under the applications tab, i see some applications such as BMAN and BMAN1. i have no idea what those are. I also get a frequent rumbling from my CPU as if it was trying to load. the only way to get rid of that rumbling is to run ad-aware, but it will come back next time i turn the computer on.

anyway, here is my hijackthis Log. any help is greatly appreciated.





Logfile of HijackThis v1.99.1
Scan saved at 11:21:30 AM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\bvdb\reda.exe
C:\WINDOWS\System32\rpllpa.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\WINDOWS\System32\pngehor\rdjuonu.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\WINDOWS\System32\cvjafk\imxfats.exe
C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
C:\Program Files\xqm8vk65\62507609.exe
C:\WINDOWS\System32\bvdb\reda.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\wrunw\cumgx.exe
C:\WINDOWS\System32\ylmacnwb.exe
C:\WINDOWS\System32\GSMedia3.exe
C:\WINDOWS\system\dwwasu.exe
C:\Program Files\AIM\aim.exe
c:\windows\system32\jmswsoq.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\qxymh\liss.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\HijackThis.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\toc_0019.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [072V38X] mse2_32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [eqqmjum] C:\WINDOWS\System32\qoetqa\eqqmjum.exe
O4 - HKLM\..\Run: [nyoi] C:\WINDOWS\System32\bbijcrr\nyoi.exe
O4 - HKLM\..\Run: [rrnkqy] C:\WINDOWS\System32\frdobua\rrnkqy.exe
O4 - HKLM\..\Run: [flhmirko] C:\WINDOWS\System32\ffarct\flhmirko.exe
O4 - HKLM\..\Run: [hcajy] C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O4 - HKLM\..\Run: [rudok] C:\WINDOWS\System32\xjrpxc\rudok.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpllpa.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [xqm8vk65] C:\Program Files\xqm8vk65\xqm8vk65.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [mkkxmb] C:\WINDOWS\System32\yiwxp\mkkxmb.exe
O4 - HKLM\..\Run: [ldfew] C:\WINDOWS\System32\dvdxstx\ldfew.exe
O4 - HKLM\..\Run: [jipbb] C:\WINDOWS\System32\guodnt\jipbb.exe
O4 - HKLM\..\Run: [uauxag] C:\WINDOWS\System32\qxwfvtf\uauxag.exe
O4 - HKLM\..\Run: [bwcn] C:\WINDOWS\System32\amshkt\bwcn.exe
O4 - HKLM\..\Run: [hwfk] C:\WINDOWS\System32\xruoqg\hwfk.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\oumpkiyx.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnia.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [yjyagior] C:\WINDOWS\System32\dxdih\yjyagior.exe
O4 - HKLM\..\Run: [plhhg] C:\WINDOWS\System32\jiwquorx\plhhg.exe
O4 - HKLM\..\Run: [liss] C:\WINDOWS\System32\qxymh\liss.exe
O4 - HKLM\..\Run: [rdjuonu] C:\WINDOWS\System32\pngehor\rdjuonu.exe
O4 - HKLM\..\Run: [rjrfi] C:\WINDOWS\System32\equw\rjrfi.exe
O4 - HKLM\..\Run: [nbrc] C:\WINDOWS\System32\kljnmmw\nbrc.exe
O4 - HKLM\..\Run: [lesowjpq] C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
O4 - HKLM\..\Run: [hgqkbi] C:\WINDOWS\System32\bwcandxy\hgqkbi.exe
O4 - HKLM\..\Run: [imxfats] C:\WINDOWS\System32\cvjafk\imxfats.exe
O4 - HKLM\..\Run: [reda] C:\WINDOWS\System32\bvdb\reda.exe
O4 - HKLM\..\Run: [cumgx] C:\WINDOWS\System32\wrunw\cumgx.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\ylmacnwb.exe
O4 - HKLM\..\Run: [hqtqbt] c:\windows\system32\jmswsoq.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [instfunc] C:\WINDOWS\System32\instfunc.exe
O4 - HKCU\..\Run: [bs5pis] C:\WINDOWS\System32\bs5pis.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: flhmirkoffarct - Unknown owner - C:\WINDOWS\System32\ffarct\flhmirko.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: hcajyqpwqcxmq - Unknown owner - C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jipbbguodnt - Unknown owner - C:\WINDOWS\System32\guodnt\jipbb.exe
O23 - Service: ldfewdvdxstx - Unknown owner - C:\WINDOWS\System32\dvdxstx\ldfew.exe
O23 - Service: lissqxymh - Unknown owner - C:\WINDOWS\System32\qxymh\liss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: nyoibbijcrr - Unknown owner - C:\WINDOWS\System32\bbijcrr\nyoi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: redabvdb - Unknown owner - C:\WINDOWS\System32\bvdb\reda.exe
O23 - Service: rrnkqyfrdobua - Unknown owner - C:\WINDOWS\System32\frdobua\rrnkqy.exe
O23 - Service: rudokxjrpxc - Unknown owner - C:\WINDOWS\System32\xjrpxc\rudok.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: uauxagqxwfvtf - Unknown owner - C:\WINDOWS\System32\qxwfvtf\uauxag.exe
  • 0

Advertisements

#2
Justin
Posted 28 April 2005 - 04:47 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Lew10281,

Hello and welcome to Geeks To Go, my name is Jfcap, and I will be helping you clean your system.

You have a number of different problems that I can see. Lets start out with some general scans and see if we cant clean things up a little.

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.
  • 0

#3
lew10281
Posted 28 April 2005 - 07:24 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
ok JF i ran Spybot and AdAware again and i got the same errors. So i quarantined/deleted them.

I couldn't run any of those 3 online virus scans. The pop-ups are preventing me to do them. I had around 250 pop-ups while running Kaspersky. I ran Kaspersky for about 1 hour and 45 mins and i only had %1 done. It had found no errors.

I ran TrendMicro for about 45 mins and it wouldn't even start to scan

I ran BitDefender for about 45 mins and it only had like 3000 files scanned. i think the pop ups are preventing me from running these scans.

I aslo think that these problems are embedded in my registry. My problems may be advanced where they are not being recognized by these automatic scanners. is there something else you would like me to try? i will post both logs in a minute.
  • 0

#4
lew10281
Posted 28 April 2005 - 07:30 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
1st Logfile you requested


Logfile of HijackThis v1.99.1
Scan saved at 8:28:51 PM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\rpllpa.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\WINDOWS\System32\goyh\eirweub.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\eaddi\xutnw.exe
C:\WINDOWS\System32\urtpbue\hsuiskj.exe
C:\Program Files\xqm8vk65\62507609.exe
C:\WINDOWS\System32\pngehor\rdjuonu.exe
C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
C:\WINDOWS\System32\phbadd\bvayndap.exe
C:\WINDOWS\System32\phbadd\bvayndap.exe
C:\WINDOWS\System32\smuno\cinsrw.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
C:\WINDOWS\rjrowxfl.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\windows\system32\muujdxy.exe
C:\WINDOWS\System32\GSMedia3.exe
C:\WINDOWS\system\dwwasu.exe
c:\windows\system32\checis.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ezula\mmod.exe
C:\windows\system32\calc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {6DF5F9EF-0C98-1C8C-F17F-85B1E70F1D25} - C:\WINDOWS\System32\dxfnqnmv\gnihncbe.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [072V38X] mse2_32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [eqqmjum] C:\WINDOWS\System32\qoetqa\eqqmjum.exe
O4 - HKLM\..\Run: [nyoi] C:\WINDOWS\System32\bbijcrr\nyoi.exe
O4 - HKLM\..\Run: [rrnkqy] C:\WINDOWS\System32\frdobua\rrnkqy.exe
O4 - HKLM\..\Run: [flhmirko] C:\WINDOWS\System32\ffarct\flhmirko.exe
O4 - HKLM\..\Run: [hcajy] C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O4 - HKLM\..\Run: [rudok] C:\WINDOWS\System32\xjrpxc\rudok.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\rpllpa.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [xqm8vk65] C:\Program Files\xqm8vk65\xqm8vk65.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [mkkxmb] C:\WINDOWS\System32\yiwxp\mkkxmb.exe
O4 - HKLM\..\Run: [ldfew] C:\WINDOWS\System32\dvdxstx\ldfew.exe
O4 - HKLM\..\Run: [jipbb] C:\WINDOWS\System32\guodnt\jipbb.exe
O4 - HKLM\..\Run: [uauxag] C:\WINDOWS\System32\qxwfvtf\uauxag.exe
O4 - HKLM\..\Run: [bwcn] C:\WINDOWS\System32\amshkt\bwcn.exe
O4 - HKLM\..\Run: [hwfk] C:\WINDOWS\System32\xruoqg\hwfk.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\oumpkiyx.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnia.exe
O4 - HKLM\..\Run: [yjyagior] C:\WINDOWS\System32\dxdih\yjyagior.exe
O4 - HKLM\..\Run: [plhhg] C:\WINDOWS\System32\jiwquorx\plhhg.exe
O4 - HKLM\..\Run: [liss] C:\WINDOWS\System32\qxymh\liss.exe
O4 - HKLM\..\Run: [rdjuonu] C:\WINDOWS\System32\pngehor\rdjuonu.exe
O4 - HKLM\..\Run: [rjrfi] C:\WINDOWS\System32\equw\rjrfi.exe
O4 - HKLM\..\Run: [nbrc] C:\WINDOWS\System32\kljnmmw\nbrc.exe
O4 - HKLM\..\Run: [lesowjpq] C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
O4 - HKLM\..\Run: [hgqkbi] C:\WINDOWS\System32\bwcandxy\hgqkbi.exe
O4 - HKLM\..\Run: [imxfats] C:\WINDOWS\System32\cvjafk\imxfats.exe
O4 - HKLM\..\Run: [reda] C:\WINDOWS\System32\bvdb\reda.exe
O4 - HKLM\..\Run: [cumgx] C:\WINDOWS\System32\wrunw\cumgx.exe
O4 - HKLM\..\Run: [bvayndap] C:\WINDOWS\System32\phbadd\bvayndap.exe
O4 - HKLM\..\Run: [cinsrw] C:\WINDOWS\System32\smuno\cinsrw.exe
O4 - HKLM\..\Run: [aarnac] C:\WINDOWS\System32\ovdqww\aarnac.exe
O4 - HKLM\..\Run: [lqknbh] C:\WINDOWS\System32\aqacxjn\lqknbh.exe
O4 - HKLM\..\Run: [1d56m0GM] C:\WINDOWS\rjrowxfl.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [cfijylgb] C:\WINDOWS\cfijylgb.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [eirweub] C:\WINDOWS\System32\goyh\eirweub.exe
O4 - HKLM\..\Run: [xutnw] C:\WINDOWS\System32\eaddi\xutnw.exe
O4 - HKLM\..\Run: [hsuiskj] C:\WINDOWS\System32\urtpbue\hsuiskj.exe
O4 - HKLM\..\Run: [syeqnku] C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\wmmxxl.exe
O4 - HKLM\..\Run: [muujdxy] c:\windows\system32\muujdxy.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [oiajwe] c:\windows\system32\checis.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [instfunc] C:\WINDOWS\System32\instfunc.exe
O4 - HKCU\..\Run: [bs5pis] C:\WINDOWS\System32\bs5pis.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: aarnacovdqww - Unknown owner - C:\WINDOWS\System32\ovdqww\aarnac.exe
O23 - Service: bvayndapphbadd - Unknown owner - C:\WINDOWS\System32\phbadd\bvayndap.exe
O23 - Service: cinsrwsmuno - Unknown owner - C:\WINDOWS\System32\smuno\cinsrw.exe
O23 - Service: flhmirkoffarct - Unknown owner - C:\WINDOWS\System32\ffarct\flhmirko.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: hcajyqpwqcxmq - Unknown owner - C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jipbbguodnt - Unknown owner - C:\WINDOWS\System32\guodnt\jipbb.exe
O23 - Service: ldfewdvdxstx - Unknown owner - C:\WINDOWS\System32\dvdxstx\ldfew.exe
O23 - Service: lissqxymh - Unknown owner - C:\WINDOWS\System32\qxymh\liss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: nyoibbijcrr - Unknown owner - C:\WINDOWS\System32\bbijcrr\nyoi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: redabvdb - Unknown owner - C:\WINDOWS\System32\bvdb\reda.exe
O23 - Service: rrnkqyfrdobua - Unknown owner - C:\WINDOWS\System32\frdobua\rrnkqy.exe
O23 - Service: rudokxjrpxc - Unknown owner - C:\WINDOWS\System32\xjrpxc\rudok.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: uauxagqxwfvtf - Unknown owner - C:\WINDOWS\System32\qxwfvtf\uauxag.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
  • 0

#5
lew10281
Posted 28 April 2005 - 07:33 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Ad-aware 6 Personal
Ad-Aware SE Personal
Adobe Acrobat 6.0 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AOL Instant Messenger
Ares Lite Edition 1.8.1
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Charter Pipeline® Self-Installation
Crystal Maze from Hewlett-Packard Desktops (remove only)
dBpowerAMP Music Converter
DirectX Hotfix - KB825116
Display Utility
DivX Codec 3.1alpha release
DVD X Rescue
DVDXCopy 1.2.1 b628 (remove only)
DVDXCopy Platinum 3.1.1
DVDXCopy Platinum 4.0.3
Easy Internet Sign-up
Error Guard 2.5.0
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HPIZ350
Huffyuv AVI lossless video codec (Remove Only)
IntelliMover Data Transfer Demo
Internet Optimizer
InternetOffers
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
ISTsvc
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Anti-Virus Web Scanner
Media Access
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Mozilla Firefox (1.0.3)
MSN
My Global Search Bar
Nokia PC Connectivity SDK 3.0
NVIDIA Display Driver
NVIDIA Ethernet Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Outlook Express Update Q330994
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Quicken 2004
QuickTime
RealArcade
RealPlayer
RecordNow!
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Spybot - Search & Destroy 1.3
The BullsEye Network
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
Uninstall 180search Assistant
Updates from HP
VideoLAN VLC media player 0.8.1
Viewpoint Manager (Remove Only)
Wheel of Fortune (remove only)
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821431
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
Word Symphony from Hewlett-Packard Desktops (remove only)
Yahoo! Address AutoComplete
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
YourSiteBar
  • 0

#6
Justin
Posted 28 April 2005 - 09:04 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello,

Before I dive into HiJackThis fixes, I want you to try downloading and installing this program, it is really good and will take away some of the minor things for us.

lease follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
  • 0

#7
lew10281
Posted 29 April 2005 - 12:47 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
well it took about 3 hours to run the scan. it never finished the 1st time. so i ran it again for another 3 hours and around 85.7, ewido just automatically closed out. it ran thru most of my C drive so i will just post the 3 reports under the analysis tab.

Heres the Startup Report




---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 1:39:09 PM, 4/29/2005
+ Report-Checksum: 265BD57

Reg\HKLM\Run uauxag C:\WINDOWS\System32\qxwfvtf\uauxag.exe
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run HPHmon05 C:\WINDOWS\System32\hphmon05.exe
Reg\HKLM\Run UpdateManager "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run cinsrw C:\WINDOWS\System32\smuno\cinsrw.exe
Reg\HKLM\Run GMedia2 C:\WINDOWS\System32\GSMedia3.exe
Reg\HKCU\Run AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Reg\HKCU\Run BackupNotify c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
Reg\HKCU\Run instfunc C:\WINDOWS\System32\instfunc.exe
Reg\HKCU\Run bs5pis C:\WINDOWS\System32\bs5pis.exe
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Reg\HKLM\Run hpsysdrv c:\windows\system\hpsysdrv.exe
Reg\HKLM\Run HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
Reg\HKLM\Run AlcxMonitor ALCXMNTR.EXE
Reg\HKLM\Run iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Reg\HKLM\Run Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
Reg\HKLM\Run VTTimer VTTimer.exe
Reg\HKLM\Run PS2 C:\WINDOWS\system32\ps2.exe
Reg\HKLM\Run AGRSMMSG AGRSMMSG.exe
Reg\HKLM\Run nwiz nwiz.exe /installquiet /keeploaded /nodetect
Reg\HKLM\Run ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Reg\HKLM\Run ServiceLayer C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Reg\HKLM\Run Nokia Tray Application C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
Reg\HKLM\Run WildTangent CDA RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
Reg\HKLM\Run 072V38X mse2_32.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run ErrorGuard C:\Program Files\ErrorGuard\ErrorGuard.Exe
Reg\HKLM\Run cfgmgr51 RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
Reg\HKLM\Run eqqmjum C:\WINDOWS\System32\qoetqa\eqqmjum.exe
Reg\HKLM\Run nyoi C:\WINDOWS\System32\bbijcrr\nyoi.exe
Reg\HKLM\Run rrnkqy C:\WINDOWS\System32\frdobua\rrnkqy.exe
Reg\HKLM\Run flhmirko C:\WINDOWS\System32\ffarct\flhmirko.exe
Reg\HKLM\Run hcajy C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
Reg\HKLM\Run rudok C:\WINDOWS\System32\xjrpxc\rudok.exe
Reg\HKLM\Run xqm8vk65 C:\Program Files\xqm8vk65\xqm8vk65.exe
Reg\HKLM\Run mkkxmb C:\WINDOWS\System32\yiwxp\mkkxmb.exe
Reg\HKLM\Run ldfew C:\WINDOWS\System32\dvdxstx\ldfew.exe
Reg\HKLM\Run jipbb C:\WINDOWS\System32\guodnt\jipbb.exe
Reg\HKLM\Run bwcn C:\WINDOWS\System32\amshkt\bwcn.exe
Reg\HKLM\Run hwfk C:\WINDOWS\System32\xruoqg\hwfk.exe
Reg\HKLM\Run SkyH2 C:\DOCUME~1\Owner\LOCALS~1\Temp\oumpkiyx.exe
Reg\HKLM\Run checkrun C:\windows\system32\elitefto32.exe
Reg\HKLM\Run gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Reg\HKLM\Run hshnin C:\DOCUME~1\Owner\LOCALS~1\Temp\gnia.exe
Reg\HKLM\Run yjyagior C:\WINDOWS\System32\dxdih\yjyagior.exe
Reg\HKLM\Run plhhg C:\WINDOWS\System32\jiwquorx\plhhg.exe
Reg\HKLM\Run liss C:\WINDOWS\System32\qxymh\liss.exe
Reg\HKLM\Run rdjuonu C:\WINDOWS\System32\pngehor\rdjuonu.exe
Reg\HKLM\Run rjrfi C:\WINDOWS\System32\equw\rjrfi.exe
Reg\HKLM\Run nbrc C:\WINDOWS\System32\kljnmmw\nbrc.exe
Reg\HKLM\Run lesowjpq C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
Reg\HKLM\Run hgqkbi C:\WINDOWS\System32\bwcandxy\hgqkbi.exe
Reg\HKLM\Run imxfats C:\WINDOWS\System32\cvjafk\imxfats.exe
Reg\HKLM\Run reda C:\WINDOWS\System32\bvdb\reda.exe
Reg\HKLM\Run cumgx C:\WINDOWS\System32\wrunw\cumgx.exe
Reg\HKLM\Run bvayndap C:\WINDOWS\System32\phbadd\bvayndap.exe
Reg\HKLM\Run aarnac C:\WINDOWS\System32\ovdqww\aarnac.exe
Reg\HKLM\Run lqknbh C:\WINDOWS\System32\aqacxjn\lqknbh.exe
Reg\HKLM\Run eirweub C:\WINDOWS\System32\goyh\eirweub.exe
Reg\HKLM\Run hsuiskj C:\WINDOWS\System32\urtpbue\hsuiskj.exe
Reg\HKLM\Run syeqnku C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
Reg\HKLM\Run version C:\WINDOWS\System32\wmmxxl.exe
Reg\HKLM\Run Media Access C:\Program Files\Media Access\MediaAccK.exe
Reg\HKLM\Run KernelFaultCheck %systemroot%\system32\dumprep 0 -k
Reg\HKLM\Run HPHUPD05 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Shell\CommonStartup HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
Shell\CommonStartup Quicken Scheduled Updates.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
Shell\CommonStartup Updates from HP.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
Shell\UserStartup HP Organize.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk
Shell\UserStartup IMStart.lnk C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
Shell\CommonStartup Acrobat Assistant.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

Edited by lew10281, 29 April 2005 - 12:48 PM.

  • 0

#8
lew10281
Posted 29 April 2005 - 12:49 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Heres the Connection Report





---------------------------------------------------------
ewido security suite - Connection report
---------------------------------------------------------

+ Created on: 1:39:52 PM, 4/29/2005
+ Report-Checksum: 346B6B2

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1044 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1045 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1067 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1068 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1078 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1079 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1081 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1110 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1131 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1176 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1191 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1192 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1193 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1194 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1195 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1196 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1197 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 24.217.225.5:139 0.0.0.0:0 LISTENING
TCP 24.217.225.5:1043 66.230.223.73:80 CLOSE_WAIT
TCP 24.217.225.5:1044 66.230.223.73:80 CLOSE_WAIT
TCP 24.217.225.5:1045 66.230.223.73:80 CLOSE_WAIT
TCP 24.217.225.5:1067 66.230.223.73:80 CLOSE_WAIT
TCP 24.217.225.5:1068 66.230.223.73:80 CLOSE_WAIT
TCP 24.217.225.5:1076 217.172.187.213:80 TIME_WAIT
TCP 24.217.225.5:1079 64.233.167.147:80 ESTABLISHED
TCP 24.217.225.5:1080 64.233.167.147:80 ESTABLISHED
TCP 24.217.225.5:1081 64.233.167.147:80 ESTABLISHED
TCP 24.217.225.5:1083 212.58.240.134:80 TIME_WAIT
TCP 24.217.225.5:1085 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1086 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1087 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1088 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1089 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1090 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1091 65.115.67.11:80 TIME_WAIT
TCP 24.217.225.5:1110 69.25.43.140:80 ESTABLISHED
TCP 24.217.225.5:1131 65.39.254.24:80 ESTABLISHED
TCP 24.217.225.5:1176 200.170.192.53:80 ESTABLISHED
TCP 24.217.225.5:1191 195.137.236.117:80 ESTABLISHED
TCP 24.217.225.5:1192 195.137.236.117:80 ESTABLISHED
TCP 24.217.225.5:1193 213.159.119.4:80 SYN_SENT
TCP 24.217.225.5:1194 64.246.54.69:80 ESTABLISHED
TCP 24.217.225.5:1195 69.20.126.67:80 ESTABLISHED
TCP 24.217.225.5:1196 69.20.126.67:80 ESTABLISHED
TCP 24.217.225.5:1197 200.170.192.53:80 SYN_SENT
TCP 127.0.0.1:1077 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1077 127.0.0.1:1078 ESTABLISHED
TCP 127.0.0.1:1078 127.0.0.1:1077 ESTABLISHED
TCP 127.0.0.1:5180 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1027
UDP 0.0.0.0:1036
UDP 0.0.0.0:1037
UDP 0.0.0.0:1038
UDP 0.0.0.0:1039
UDP 0.0.0.0:9370
UDP 24.217.225.5:123
UDP 24.217.225.5:137
UDP 24.217.225.5:138
UDP 24.217.225.5:1900
UDP 127.0.0.1:123
UDP 127.0.0.1:1026
UDP 127.0.0.1:1029
UDP 127.0.0.1:1106
UDP 127.0.0.1:1900
  • 0

#9
lew10281
Posted 29 April 2005 - 12:50 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Heres the Process Report





---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 1:49:36 PM, 4/29/2005
+ Report-Checksum: 57BBCD5E

0: System Process
4: System Process
140: C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
208: C:\Program Files\ewido\security suite\ewidoctrl.exe
212: C:\Program Files\AIM\aim.exe
224: C:\Program Files\QuickTime\qttask.exe
268: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
288: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
432: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
476: C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
580: C:\Program Files\xqm8vk65\xqm8vk65.exe
604: C:\WINDOWS\System32\gearsec.exe
676: C:\WINDOWS\System32\goyh\eirweub.exe
684: C:\WINDOWS\system32\NOTEPAD.EXE
704: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
728: \SystemRoot\System32\smss.exe
768: C:\WINDOWS\System32\urtpbue\hsuiskj.exe
776: \??\C:\WINDOWS\system32\csrss.exe
800: \??\C:\WINDOWS\system32\winlogon.exe
844: C:\WINDOWS\system32\services.exe
856: C:\WINDOWS\system32\lsass.exe
1032: C:\WINDOWS\system32\svchost.exe
1104: C:\Program Files\Mozilla Firefox\firefox.exe
1164: C:\WINDOWS\System32\svchost.exe
1224: C:\Program Files\xqm8vk65\62507609.exe
1240: C:\WINDOWS\System32\pngehor\rdjuonu.exe
1316: C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
1368: C:\WINDOWS\System32\svchost.exe
1472: C:\WINDOWS\System32\svchost.exe
1588: C:\WINDOWS\Explorer.EXE
1612: C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
1672: C:\WINDOWS\System32\wmmxxl.exe
1712: C:\WINDOWS\System32\phbadd\bvayndap.exe
1736: C:\WINDOWS\system32\spoolsv.exe
1768: C:\WINDOWS\System32\phbadd\bvayndap.exe
1880: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1888: C:\windows\system\hpsysdrv.exe
1896: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
1912: C:\WINDOWS\System32\hphmon05.exe
1920: C:\Program Files\iTunes\iTunesHelper.exe
1964: C:\WINDOWS\AGRSMMSG.exe
1992: C:\WINDOWS\ALCXMNTR.EXE
2000: C:\WINDOWS\System32\rundll32.exe
2020: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
2028: C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
2076: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
2180: C:\WINDOWS\System32\nvsvc32.exe
2212: C:\Program Files\ewido\security suite\SecuritySuite.exe
2332: C:\WINDOWS\System32\svchost.exe
2396: C:\WINDOWS\System32\wdfmgr.exe
2452: C:\WINDOWS\System32\MsPMSPSv.exe
2560: C:\Program Files\Internet Explorer\iexplore.exe
2596: C:\WINDOWS\system32\NOTEPAD.EXE
2620: C:\Program Files\iPod\bin\iPodService.exe
2852: C:\Program Files\ewido\security suite\ewidoguard.exe
3608: C:\WINDOWS\System32\wuauclt.exe
4068: C:\DOCUME~1\Owner\LOCALS~1\Temp\wmmxxl.exe
  • 0

#10
Justin
Posted 29 April 2005 - 12:54 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello,

can you please post a new HiJackThis log for me to look at? I will look at it this afternoon when I get home 9around 3pm pst)

Thanks

Justin
  • 0

Advertisements

#11
lew10281
Posted 29 April 2005 - 12:54 PM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's the New hijackthis report



Logfile of HijackThis v1.99.1
Scan saved at 1:53:12 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\WINDOWS\System32\goyh\eirweub.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\urtpbue\hsuiskj.exe
C:\Program Files\xqm8vk65\62507609.exe
C:\WINDOWS\System32\pngehor\rdjuonu.exe
C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
C:\WINDOWS\System32\wmmxxl.exe
C:\WINDOWS\System32\phbadd\bvayndap.exe
C:\WINDOWS\System32\phbadd\bvayndap.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wmmxxl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {6DF5F9EF-0C98-1C8C-F17F-85B1E70F1D25} - C:\WINDOWS\System32\dxfnqnmv\gnihncbe.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [072V38X] mse2_32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [eqqmjum] C:\WINDOWS\System32\qoetqa\eqqmjum.exe
O4 - HKLM\..\Run: [nyoi] C:\WINDOWS\System32\bbijcrr\nyoi.exe
O4 - HKLM\..\Run: [rrnkqy] C:\WINDOWS\System32\frdobua\rrnkqy.exe
O4 - HKLM\..\Run: [flhmirko] C:\WINDOWS\System32\ffarct\flhmirko.exe
O4 - HKLM\..\Run: [hcajy] C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O4 - HKLM\..\Run: [rudok] C:\WINDOWS\System32\xjrpxc\rudok.exe
O4 - HKLM\..\Run: [xqm8vk65] C:\Program Files\xqm8vk65\xqm8vk65.exe
O4 - HKLM\..\Run: [mkkxmb] C:\WINDOWS\System32\yiwxp\mkkxmb.exe
O4 - HKLM\..\Run: [ldfew] C:\WINDOWS\System32\dvdxstx\ldfew.exe
O4 - HKLM\..\Run: [jipbb] C:\WINDOWS\System32\guodnt\jipbb.exe
O4 - HKLM\..\Run: [uauxag] C:\WINDOWS\System32\qxwfvtf\uauxag.exe
O4 - HKLM\..\Run: [bwcn] C:\WINDOWS\System32\amshkt\bwcn.exe
O4 - HKLM\..\Run: [hwfk] C:\WINDOWS\System32\xruoqg\hwfk.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\oumpkiyx.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnia.exe
O4 - HKLM\..\Run: [yjyagior] C:\WINDOWS\System32\dxdih\yjyagior.exe
O4 - HKLM\..\Run: [plhhg] C:\WINDOWS\System32\jiwquorx\plhhg.exe
O4 - HKLM\..\Run: [liss] C:\WINDOWS\System32\qxymh\liss.exe
O4 - HKLM\..\Run: [rdjuonu] C:\WINDOWS\System32\pngehor\rdjuonu.exe
O4 - HKLM\..\Run: [rjrfi] C:\WINDOWS\System32\equw\rjrfi.exe
O4 - HKLM\..\Run: [nbrc] C:\WINDOWS\System32\kljnmmw\nbrc.exe
O4 - HKLM\..\Run: [lesowjpq] C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
O4 - HKLM\..\Run: [hgqkbi] C:\WINDOWS\System32\bwcandxy\hgqkbi.exe
O4 - HKLM\..\Run: [imxfats] C:\WINDOWS\System32\cvjafk\imxfats.exe
O4 - HKLM\..\Run: [reda] C:\WINDOWS\System32\bvdb\reda.exe
O4 - HKLM\..\Run: [cumgx] C:\WINDOWS\System32\wrunw\cumgx.exe
O4 - HKLM\..\Run: [bvayndap] C:\WINDOWS\System32\phbadd\bvayndap.exe
O4 - HKLM\..\Run: [aarnac] C:\WINDOWS\System32\ovdqww\aarnac.exe
O4 - HKLM\..\Run: [lqknbh] C:\WINDOWS\System32\aqacxjn\lqknbh.exe
O4 - HKLM\..\Run: [eirweub] C:\WINDOWS\System32\goyh\eirweub.exe
O4 - HKLM\..\Run: [hsuiskj] C:\WINDOWS\System32\urtpbue\hsuiskj.exe
O4 - HKLM\..\Run: [syeqnku] C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\wmmxxl.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cinsrw] C:\WINDOWS\System32\smuno\cinsrw.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [instfunc] C:\WINDOWS\System32\instfunc.exe
O4 - HKCU\..\Run: [bs5pis] C:\WINDOWS\System32\bs5pis.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: aarnacovdqww - Unknown owner - C:\WINDOWS\System32\ovdqww\aarnac.exe
O23 - Service: bvayndapphbadd - Unknown owner - C:\WINDOWS\System32\phbadd\bvayndap.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: flhmirkoffarct - Unknown owner - C:\WINDOWS\System32\ffarct\flhmirko.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: hcajyqpwqcxmq - Unknown owner - C:\WINDOWS\System32\qpwqcxmq\hcajy.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jipbbguodnt - Unknown owner - C:\WINDOWS\System32\guodnt\jipbb.exe
O23 - Service: ldfewdvdxstx - Unknown owner - C:\WINDOWS\System32\dvdxstx\ldfew.exe
O23 - Service: lissqxymh - Unknown owner - C:\WINDOWS\System32\qxymh\liss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: nyoibbijcrr - Unknown owner - C:\WINDOWS\System32\bbijcrr\nyoi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: redabvdb - Unknown owner - C:\WINDOWS\System32\bvdb\reda.exe
O23 - Service: rrnkqyfrdobua - Unknown owner - C:\WINDOWS\System32\frdobua\rrnkqy.exe
O23 - Service: rudokxjrpxc - Unknown owner - C:\WINDOWS\System32\xjrpxc\rudok.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: uauxagqxwfvtf - Unknown owner - C:\WINDOWS\System32\qxwfvtf\uauxag.exe
  • 0

#12
Justin
Posted 29 April 2005 - 05:14 PM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Lew,

Your computer has a lot of infections on it, and to make it a lot easier we need to get these online scans to work. So please boot your computer in safemode.

As your computer boots up, please continously tap F8 until a menu appears. Select Safemode with Networking (This will allow you to get on the internet).

Once in safemode, please conduct the scans that I listed in my first reply (Quotes below for reference)

You have a number of different problems that I can see.  Lets start out with some general scans and see if we cant clean things up a little.

Please download Spybot Search & Destroy and AdAware

Follow all the instructions on this website to run a scan with both of these softwares.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender(Please post the results of the scan(s) in your next reply)


Reboot into normal windows.

Please post a fresh HiJackThis log.


Justin
  • 0

#13
lew10281
Posted 30 April 2005 - 02:31 AM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
This is my Kaspersky Scan. I did it in regular mode, not in Safe Mode




Initialize Kaspersky Anti-Virus Web Scanner
(downloading and installing Kaspersky Anti-Virus Web Scanner ActiveX from the server into your computer)




Update Kaspersky Anti-Virus Databases
(downloading and installing the latest Kaspersky Anti-Virus Databases onto your computer)




Please wait to update the virus definitions...
Downloading...
- daily.avc
- avp.klb
Updating...
Update finished. Ready to scan.
Next
Please select a target to scan:
My Computer
scan all your hard and mapped disks
My Email
scan all your hard and mapped disks only for the following extensions: *.PST; *.OST; *.MDB; *.DBX; *.EML; *.MBS
Folders...
scan selected folders
A File...
scan a one file
Warning: The Kaspersky Anti-Virus Web Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please disable your AV protection before running the Kaspersky Anti-Virus Web Scanner.
The scan is complete.
Attention, your computer is infected.
The following infected files/objects were found during the scan:


File Name Virus Name Send Delete

C:\Documents ...98\mtrslib2[1].js Trojan-...S.Small.ag send delete

C:\Documents ...98\mtrslib2[2].js Trojan-...S.Small.ag send delete

C:\Documents ...98\STATS12[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...98\STATS12[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...GT\bundles[1].0xe Trojan....Thought.ba send delete

C:\Documents ...rInstaller[1].exe Trojan-...n32.Delf.z send delete

C:\Documents ...install201[1].0xe Trojan....Thought.an send delete

C:\Documents ...T\saie1101[1].0xe Trojan-...2.Small.mr send delete

C:\Documents ...T\shopinst[1].0xe Trojan-...2.Small.wj send delete

C:\Documents ...QXGT\TRACK[1].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...5_Bundle_8[1].0XE Trojan-...2.Small.ht send delete

C:\Documents ...navigation[1].chm Trojan-...S.Psyme.ak send delete

C:\Documents ...8N43\TRACK[1].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...8N43\track[1].0tm Exploit.HTML.Mht send delete

C:\Documents ...8N43\TRACK[2].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...8N43\track[2].0tm Exploit.HTML.Mht send delete

C:\Documents ...8N43\TRACK[3].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...8N43\TRACK[4].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...8N43\TRACK[5].0HM Trojan-...JS.Psyme.n send delete

C:\Documents ...VU3E5FF\29[1].bin Trojan-...n32.Delf.z send delete

C:\Documents ...F\aun_0001[1].exe Trojan-....Small.akz send delete

C:\Documents ...FF\STATS22[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...FF\STATS22[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...XGA\TRACK9[1].CHM Trojan-...BS.Psyme.v send delete

C:\Documents ...A\VCMnet11[1].exe Trojan....istrator.b send delete

C:\Documents ...Y\aun_0001[1].exe Trojan-....Small.akz send delete

C:\Documents ...Y\aun_0001[2].exe Trojan-....Small.akz send delete

C:\Documents ...0Y\STATS25[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...0Y\stats25[1].htm Exploit.HTML.Mht send delete

C:\Documents ...0Y\STATS25[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...B0Y\TRACK9[1].CHM Trojan-...BS.Psyme.v send delete

C:\Documents ...B0Y\TRACK9[2].CHM Trojan-...BS.Psyme.v send delete

C:\Documents ...\aun_0001[10].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[11].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[12].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[13].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[14].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[15].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[16].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[17].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[18].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[19].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[1].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[20].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[21].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[22].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[23].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[24].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[25].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[26].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[27].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[28].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[29].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[2].exe Trojan-....Small.akz send delete

C:\Documents ...\aun_0001[30].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[3].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[4].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[5].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[6].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[7].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[8].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0001[9].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0019[1].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0029[1].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0029[2].exe Trojan-....Small.akz send delete

C:\Documents ...7\aun_0029[3].exe Trojan-....Small.akz send delete

C:\Documents ...U7\STATS12[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS12[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS12[3].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS12[4].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS12[5].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[10].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[11].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[12].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[13].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[14].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[15].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[16].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[17].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[18].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[19].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats13[1].htm Exploit.HTML.Mht send delete

C:\Documents ...7\STATS13[20].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[21].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[22].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[23].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[24].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[25].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[26].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[27].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[28].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[29].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats13[2].htm Exploit.HTML.Mht send delete

C:\Documents ...7\STATS13[30].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[31].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[32].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[33].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS13[34].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[3].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats13[3].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS13[4].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats13[4].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS13[5].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats13[5].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS13[6].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[7].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[8].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS13[9].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[10].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[11].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[12].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[13].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[14].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[15].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[16].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[17].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[18].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[19].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats22[1].htm Exploit.HTML.Mht send delete

C:\Documents ...7\STATS22[20].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[21].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[22].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[23].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[24].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[25].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[26].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[27].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[28].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[29].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats22[2].htm Exploit.HTML.Mht send delete

C:\Documents ...7\STATS22[30].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[31].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[32].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...7\STATS22[33].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[3].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats22[3].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS22[4].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats22[4].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS22[5].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[6].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[7].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[8].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS22[9].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS25[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS25[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS25[3].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS25[4].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS28[1].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats28[1].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS28[2].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\stats28[2].htm Exploit.HTML.Mht send delete

C:\Documents ...U7\STATS28[3].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS28[4].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS28[5].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS28[6].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\STATS28[7].CHM Trojan-...JS.Psyme.n send delete

C:\Documents ...U7\TRACK15[1].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...U7\TRACK15[2].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...U7\TRACK15[3].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...U7\TRACK15[4].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...U7\TRACK15[5].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...U7\TRACK15[6].CHM Trojan-...BS.Psyme.x send delete

C:\Documents ...W1W7WF\a172[1].js Trojan-...S.Small.af send delete

C:\Documents ...navigation[1].chm Trojan-...S.Psyme.ak send delete

C:\Documents ...IVK9\a072aa[1].js Trojan-...S.Small.af send delete

C:\Documents ...0ZMX\HELP1[1].0HM Trojan-...der.JS.gen send delete

C:\Program Fi...emp\searchbar.exe Trojan-...in32.VB.eu send delete

C:\Program Fi...1-ABCC-1EC69E.asq Trojan-...Qoologic.i send delete

C:\Program Fi...\wmplayer.exe.tmp Trojan-....Small.apm send delete

C:\temporary\aun_0001.exe Trojan-....Small.akz send delete

C:\WINDOWS\bu...lperInstaller.exe Trojan-...n32.Delf.z send delete

C:\WINDOWS\bundles\saie1101.0xe Trojan-...2.Small.mr send delete

C:\WINDOWS\bundles\shopinst.0xe Trojan-...2.Small.wj send delete

C:\WINDOWS\bu...M_B5_Bundle_8.0XE Trojan-...2.Small.ht send delete

C:\WINDOWS\Helper101.dll Trojan-...n32.Delf.r send delete

C:\WINDOWS\svcproc.exe Trojan.....Stervis.c send delete

C:\WINDOWS\sy...m32\bvdb\reda.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...candxy\hgqkbi.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...ache\AUNIcons.exe Trojan-...2.Agent.jq send delete

C:\WINDOWS\sy...cxtpls_loader.exe Trojan-....Apropo.ab send delete

C:\WINDOWS\sy...Cache\dist006.exe Trojan-...in32.VB.eu send delete

C:\WINDOWS\sy...he\EDow_AS2_r.exe Trojan-...32.QDown.q send delete

C:\WINDOWS\sy...HelperInstall.exe Trojan-...n32.Delf.z send delete

C:\WINDOWS\sy...che\installer.exe Trojan-...2.Small.wc send delete

C:\WINDOWS\sy...r_MARKETING17.exe Trojan-...2.Adload.a send delete

C:\WINDOWS\sy...stall_1002828.exe Trojan-...2.Agent.hl send delete

C:\WINDOWS\system32\cnqqnxc.exe Trojan-...Qoologic.i send delete

C:\WINDOWS\sy...tor_update[1].exe Trojan....artPage.nk send delete

C:\WINDOWS\sy...tor_update[2].exe Trojan....artPage.nk send delete

C:\WINDOWS\sy...cxtpls_loader.exe Trojan-....Apropo.ab send delete

C:\WINDOWS\system32\dist001.exe Trojan-...in32.VB.eu send delete

C:\WINDOWS\system32\dohks.exe Trojan-...2.Agent.lg send delete

C:\WINDOWS\sy...xdih\yjyagior.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...32\equw\rjrfi.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\system32\fbhbh.exe Trojan-...2.Agent.lg send delete

C:\WINDOWS\sy...\goyh\eirweub.exe Trojan-...2.Agent.lg send delete

C:\WINDOWS\sy...\guodnt\jipbb.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...r_MARKETING18.exe Trojan-...2.Agent.hl send delete

C:\WINDOWS\system32\instfunc.0xe Trojan-...2.Agent.am send delete

C:\WINDOWS\system32\iqqdswk.exe Trojan.Win32.VB.ux send delete

C:\WINDOWS\sy...iwquorx\plhhg.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...\kljnmmw\nbrc.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\system32\main.exe Trojan-...2.Agent.hw send delete

C:\WINDOWS\sy...lrlje\ssxbhjn.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...ccyk\lesowjpq.exe Trojan-...2.Agent.mw send delete

C:\WINDOWS\sy...ovdqww\aarnac.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...gehor\rdjuonu.exe Trojan-...2.Agent.lg send delete

C:\WINDOWS\system32\Pop2.exe Trojan-...2.Agent.hl send delete

C:\WINDOWS\system32\qayya.dat Trojan-...Qoologic.l send delete

C:\WINDOWS\sy...xwfvtf\uauxag.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\system32\skytown.exe Trojan-...in32.VB.eh send delete

C:\WINDOWS\sy...\ujuein\mjuvv.exe Trojan-...32.Delf.ky send delete

C:\WINDOWS\sy...tpbue\hsuiskj.exe Trojan-...2.Agent.mw send delete

C:\WINDOWS\system32\winupdt.exe Trojan-...2.Agent.jq send delete

C:\WINDOWS\system32\wmconfig.cpl Trojan-...2.Small.wc send delete

C:\WINDOWS\sy...2\xruoqg\hwfk.exe Trojan-...2.Agent.mw send delete

C:\WINDOWS\sy...\yiwxp\mkkxmb.exe Trojan-...2.Agent.lg send delete

C:\WINDOWS\system32\zip2he.exe Trojan-...in32.VB.eh send delete
  • 0

#14
Justin
Posted 30 April 2005 - 11:16 AM

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hi

Can you post a new HiJackThis log for me?

Thanks

Justin
  • 0

#15
lew10281
Posted 30 April 2005 - 11:52 AM

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:51:35 PM, on 4/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\xqm8vk65\xqm8vk65.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\xqm8vk65\62507609.exe
C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
C:\WINDOWS\System32\wmmxxl.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\phbadd\bvayndap.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {6DF5F9EF-0C98-1C8C-F17F-85B1E70F1D25} - C:\WINDOWS\System32\dxfnqnmv\gnihncbe.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [072V38X] mse2_32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [xqm8vk65] C:\Program Files\xqm8vk65\xqm8vk65.exe
O4 - HKLM\..\Run: [mkkxmb] C:\WINDOWS\System32\yiwxp\mkkxmb.exe
O4 - HKLM\..\Run: [ldfew] C:\WINDOWS\System32\dvdxstx\ldfew.exe
O4 - HKLM\..\Run: [jipbb] C:\WINDOWS\System32\guodnt\jipbb.exe
O4 - HKLM\..\Run: [uauxag] C:\WINDOWS\System32\qxwfvtf\uauxag.exe
O4 - HKLM\..\Run: [bwcn] C:\WINDOWS\System32\amshkt\bwcn.exe
O4 - HKLM\..\Run: [hwfk] C:\WINDOWS\System32\xruoqg\hwfk.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\oumpkiyx.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitefto32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\gnia.exe
O4 - HKLM\..\Run: [yjyagior] C:\WINDOWS\System32\dxdih\yjyagior.exe
O4 - HKLM\..\Run: [plhhg] C:\WINDOWS\System32\jiwquorx\plhhg.exe
O4 - HKLM\..\Run: [liss] C:\WINDOWS\System32\qxymh\liss.exe
O4 - HKLM\..\Run: [rdjuonu] C:\WINDOWS\System32\pngehor\rdjuonu.exe
O4 - HKLM\..\Run: [rjrfi] C:\WINDOWS\System32\equw\rjrfi.exe
O4 - HKLM\..\Run: [nbrc] C:\WINDOWS\System32\kljnmmw\nbrc.exe
O4 - HKLM\..\Run: [lesowjpq] C:\WINDOWS\System32\oosaccyk\lesowjpq.exe
O4 - HKLM\..\Run: [hgqkbi] C:\WINDOWS\System32\bwcandxy\hgqkbi.exe
O4 - HKLM\..\Run: [imxfats] C:\WINDOWS\System32\cvjafk\imxfats.exe
O4 - HKLM\..\Run: [reda] C:\WINDOWS\System32\bvdb\reda.exe
O4 - HKLM\..\Run: [cumgx] C:\WINDOWS\System32\wrunw\cumgx.exe
O4 - HKLM\..\Run: [bvayndap] C:\WINDOWS\System32\phbadd\bvayndap.exe
O4 - HKLM\..\Run: [aarnac] C:\WINDOWS\System32\ovdqww\aarnac.exe
O4 - HKLM\..\Run: [lqknbh] C:\WINDOWS\System32\aqacxjn\lqknbh.exe
O4 - HKLM\..\Run: [eirweub] C:\WINDOWS\System32\goyh\eirweub.exe
O4 - HKLM\..\Run: [hsuiskj] C:\WINDOWS\System32\urtpbue\hsuiskj.exe
O4 - HKLM\..\Run: [syeqnku] C:\WINDOWS\System32\dvwrdhh\syeqnku.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\wmmxxl.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [cinsrw] C:\WINDOWS\System32\smuno\cinsrw.exe
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [instfunc] C:\WINDOWS\System32\instfunc.exe
O4 - HKCU\..\Run: [bs5pis] C:\WINDOWS\System32\bs5pis.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: aarnacovdqww - Unknown owner - C:\WINDOWS\System32\ovdqww\aarnac.exe (file missing)
O23 - Service: bvayndapphbadd - Unknown owner - C:\WINDOWS\System32\phbadd\bvayndap.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: flhmirkoffarct - Unknown owner - C:\WINDOWS\System32\ffarct\flhmirko.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: hcajyqpwqcxmq - Unknown owner - C:\WINDOWS\System32\qpwqcxmq\hcajy.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jipbbguodnt - Unknown owner - C:\WINDOWS\System32\guodnt\jipbb.exe (file missing)
O23 - Service: ldfewdvdxstx - Unknown owner - C:\WINDOWS\System32\dvdxstx\ldfew.exe
O23 - Service: lissqxymh - Unknown owner - C:\WINDOWS\System32\qxymh\liss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: nyoibbijcrr - Unknown owner - C:\WINDOWS\System32\bbijcrr\nyoi.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: redabvdb - Unknown owner - C:\WINDOWS\System32\bvdb\reda.exe (file missing)
O23 - Service: rrnkqyfrdobua - Unknown owner - C:\WINDOWS\System32\frdobua\rrnkqy.exe (file missing)
O23 - Service: rudokxjrpxc - Unknown owner - C:\WINDOWS\System32\xjrpxc\rudok.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: uauxagqxwfvtf - Unknown owner - C:\WINDOWS\System32\qxwfvtf\uauxag.exe (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP