Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP. HijackThis logfile [CLOSED]


  • This topic is locked This topic is locked

#1
raw0911

raw0911

    Member

  • Member
  • PipPip
  • 18 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:29:20 PM, on 5/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\System32\avznkp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\lt.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\vwa32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
c:\windows\system32\iutpro.exe
C:\WINDOWS\svcproc.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC10.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsf69D.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: (no name) - {F867A896-5966-4071-852C-54DF65E36ADB} - C:\WINDOWS\System32\nneheha.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [SStb.exe] SStb.exe
O4 - HKLM\..\Run: [ssqb.exe] ssqb.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\DHERE\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [msw] C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bptre.exe"
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [win3207618104677] C:\WINDOWS\win3207618104677.exe
O4 - HKLM\..\Run: [tguofjwmndhxdjcbihzvz] C:\WINDOWS\loloqmft.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [ms06761810467] C:\WINDOWS\ms06761810467.exe
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\avznkp.exe reg_run
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{0F30DB53-0F59-49D5-9A2D-C1517C1EDD9B}\SVCHOST.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [wnfida] c:\windows\system32\iutpro.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [alkvyes] c:\windows\avbenjt.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [asmcvtw] c:\windows\ciyfktd.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [cgblfay] c:\windows\cpwnhlh.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O18 - Filter: text/html - {34B2155F-82AC-4853-8ED0-3CA1ACD5432C} - C:\WINDOWS\System32\nneheha.dll
O18 - Filter: text/plain - {34B2155F-82AC-4853-8ED0-3CA1ACD5432C} - C:\WINDOWS\System32\nneheha.dll
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#2
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
can somebody please reply to this..I am really desperate
  • 0

#3
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Raw,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#4
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
this is the new log file.

Logfile of HijackThis v1.99.1
Scan saved at 4:13:57 PM, on 5/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cnat.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\DHERE\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [msw] C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fwjwvzh] c:\windows\system32\kresbz.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\avznkp.exe reg_run
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\Run: [mcwvaya] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [yrfwskv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [lysfjpu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uucswsj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vkgujob] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [bmoojpc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kjbpuli] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hilyrpi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cioeeab] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kvaelin] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [pfxahfc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vrvpuqf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nsjpjre] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [mjjdgwv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aafrwql] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aktiiof] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vhlupox] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [elpihjc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nluaqbk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [abcpemx] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jjqjqdw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [llprobo] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [qtwaamq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kdgjqgc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ukbixru] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ryibgis] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [troxbvk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hmdqvkq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jdrbroi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ewoqwce] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [quahgfj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [xnykyrq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [knortie] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nuyybtq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uqkcouq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cgicxwd] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [tfsxuvw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [axykpqu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ybsyens] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [okyisgf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hqwvtpw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [eorugbi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Raw,

Well we certainly have our work cut out here. Your PC is heavily infected with several infections and remnants of others. We will work in a sequence to rid your system of it all.

Please print out these instructions to make it easy to follow and to have access to them when you have to reboot your pc. Please read through them prior to commencing to do anything and if there is anything that you are unsure of, or do not understand, please contact me first for assistance.

I would like you to carry out the following free on-line virus scan and follow their instructions on removal of anything that it may find.

[Kaspersky OnLine Scan. Fill in your name, for company type anything you like and add your email address in the relevant boxes.

Next please download the following two programs. Install them and update them both. Then run each one and have them fix anything that they may find.

Spybot Search and Destroy 1.3

Ad-aware S E 1.5

Download L2mfix from this location:

http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Download a free 14 day trial of ewido from the link below. Install it and start it up. Follow the prompts to upgrade it, then close it down.

ewido

Reboot into SAFE MODE by tapping the F8 key whilst your PC starts up and run Ewido. click on the Scanner button, Select drives if you have more than one and then start. grab a cup of coffee, sandwiches, book as this may take some time. Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.

At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.

If Ewido fails to run, try it one more time in SAFE MODE. If it still fails, reboot your PC normally and try it in normal mode.

Then rescan with HJT and post a fresh log back
  • 0

#6
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
thanks for the reply..I have ad-aware abd spybot S&D on my computer, but lately I have been having trouble trying to run either of them. both the programs just don't open .I have been running ad-aware in the safe mode and but spybot does not run in the safe mode as well. I have tried uninstalling and reinstalling them, but does not help. Cna you advise me on this please?

Thanks
  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
OK miss out adaware and spybot, carry onthrough the sequence, any problems just pass on to next part then tell me at the end, when you post back any logs
  • 0

#8
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
done as you advised. This is the l2mix log.

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\n0r20a9oed.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{5F77B53D-1435-C84A-DFB5-6E0068733AEE}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}"="America Online"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{3DB87C15-6D0A-48AB-B388-F0BD40BCA71D}"=""
"{76EFCB8B-9692-4262-A466-E2BB1CB576B7}"=""
"{9F70933A-9EF8-4A68-A030-0B4F8FD9BB97}"=""
"{49694BEC-8D74-4466-9FE4-3644D4A1EC43}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{A89487A4-2AC6-485F-B7C7-CAA6F6051EC2}"=""
"{DEF4E792-FE87-4495-A378-7CA4A7AA8456}"=""
"{C1EFC9E8-F5FC-4EE2-B716-23E59A4920DF}"=""
"{091A66DB-9A45-4070-AAD3-C282D197F46F}"=""
"{6C46043C-855E-4215-82FC-ACE6A4D2CA94}"=""
"{E9E0CD59-2A2A-473C-9DAB-7EDC325DB755}"=""
"{FF42C7C1-2086-4F8E-8979-C61A16B3E5AC}"=""
"{CC285912-02A1-4837-A9B6-44DB176FA511}"=""
"{47B1DABF-5B36-4C65-BAA6-1EA2828147FC}"=""
"{3A76875A-3BDB-4A43-ABB8-32EE456F4E9D}"=""
"{339F836B-0167-4A7C-A201-7C819387F25E}"=""
"{FE218803-7A8D-4B0F-86C1-3F8A3C44D500}"=""
"{A79E8F3C-FA1F-4C4D-B044-6A73C5EB0A6E}"=""
"{A24777FC-2C7E-482E-861A-F340F82B6EB5}"=""
"{1B7A3F2C-C179-4FDA-8B42-9CE40EAE7AC5}"=""
"{D9C7950E-E961-44F1-821D-1E4D6573832F}"=""
"{F076252E-A9C2-4202-BCCC-03143D2323AA}"=""
"{EFE4A279-93DA-4245-8D74-97FDFC2C1C70}"=""
"{BB4F0263-5D31-4DDD-8129-FE562F6FE71C}"=""
"{0BDB0BD7-2281-498C-A157-CA5857E89D5B}"=""
"{40740B80-E4A0-40BA-B46D-8CFA464C3BBC}"=""
"{B76B8389-18CD-4DF4-9911-70D384893AC6}"=""
"{45914454-8D46-4491-ACE7-BAF368A94C01}"=""
"{C987C795-5FBF-4401-85A3-FC1BE6E78643}"=""
"{2BD62513-7933-4E9E-83C3-8517B09C4151}"=""
"{906D6487-50B7-4E70-9674-86825F4E99B5}"=""
"{365890B5-834A-45F0-803D-A41131425279}"=""
"{E23BE82B-7EE7-4BF8-910E-8A31E574654F}"=""
"{56BFFDDA-2216-46DC-9423-CD904CDF8AF6}"=""
"{1442EEF0-C2BF-4A74-A063-74C2FDBFE007}"=""
"{EF4A07E0-CF90-4E88-9B3A-C3E078FA877A}"=""
"{6FF11FBC-D37C-4B1D-9A59-60ECDB6377D0}"=""
"{62FB8AAE-BDF6-4C0D-B6EA-DF73A316E387}"=""
"{278BD615-9E12-450A-9B81-1BEC965939CE}"=""
"{5BDBE47D-E711-4AE8-8B96-8CDBDFE8816C}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3DB87C15-6D0A-48AB-B388-F0BD40BCA71D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DB87C15-6D0A-48AB-B388-F0BD40BCA71D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DB87C15-6D0A-48AB-B388-F0BD40BCA71D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DB87C15-6D0A-48AB-B388-F0BD40BCA71D}\InprocServer32]
@="C:\\WINDOWS\\system32\\UVLMON.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{76EFCB8B-9692-4262-A466-E2BB1CB576B7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76EFCB8B-9692-4262-A466-E2BB1CB576B7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76EFCB8B-9692-4262-A466-E2BB1CB576B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{76EFCB8B-9692-4262-A466-E2BB1CB576B7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfjava.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9F70933A-9EF8-4A68-A030-0B4F8FD9BB97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F70933A-9EF8-4A68-A030-0B4F8FD9BB97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F70933A-9EF8-4A68-A030-0B4F8FD9BB97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9F70933A-9EF8-4A68-A030-0B4F8FD9BB97}\InprocServer32]
@="C:\\WINDOWS\\system32\\cepbk32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A89487A4-2AC6-485F-B7C7-CAA6F6051EC2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89487A4-2AC6-485F-B7C7-CAA6F6051EC2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89487A4-2AC6-485F-B7C7-CAA6F6051EC2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89487A4-2AC6-485F-B7C7-CAA6F6051EC2}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrrle32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DEF4E792-FE87-4495-A378-7CA4A7AA8456}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEF4E792-FE87-4495-A378-7CA4A7AA8456}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEF4E792-FE87-4495-A378-7CA4A7AA8456}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DEF4E792-FE87-4495-A378-7CA4A7AA8456}\InprocServer32]
@="C:\\WINDOWS\\system32\\jwj0071me.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1EFC9E8-F5FC-4EE2-B716-23E59A4920DF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EFC9E8-F5FC-4EE2-B716-23E59A4920DF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EFC9E8-F5FC-4EE2-B716-23E59A4920DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EFC9E8-F5FC-4EE2-B716-23E59A4920DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\cbvfat.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{091A66DB-9A45-4070-AAD3-C282D197F46F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{091A66DB-9A45-4070-AAD3-C282D197F46F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{091A66DB-9A45-4070-AAD3-C282D197F46F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{091A66DB-9A45-4070-AAD3-C282D197F46F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wadmtpdr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6C46043C-855E-4215-82FC-ACE6A4D2CA94}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C46043C-855E-4215-82FC-ACE6A4D2CA94}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C46043C-855E-4215-82FC-ACE6A4D2CA94}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C46043C-855E-4215-82FC-ACE6A4D2CA94}\InprocServer32]
@="C:\\WINDOWS\\system32\\swrobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E9E0CD59-2A2A-473C-9DAB-7EDC325DB755}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9E0CD59-2A2A-473C-9DAB-7EDC325DB755}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9E0CD59-2A2A-473C-9DAB-7EDC325DB755}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E9E0CD59-2A2A-473C-9DAB-7EDC325DB755}\InprocServer32]
@="C:\\WINDOWS\\system32\\uyib.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FF42C7C1-2086-4F8E-8979-C61A16B3E5AC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF42C7C1-2086-4F8E-8979-C61A16B3E5AC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF42C7C1-2086-4F8E-8979-C61A16B3E5AC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FF42C7C1-2086-4F8E-8979-C61A16B3E5AC}\InprocServer32]
@="C:\\WINDOWS\\system32\\ozeaut32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC285912-02A1-4837-A9B6-44DB176FA511}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC285912-02A1-4837-A9B6-44DB176FA511}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC285912-02A1-4837-A9B6-44DB176FA511}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC285912-02A1-4837-A9B6-44DB176FA511}\InprocServer32]
@="C:\\WINDOWS\\system32\\ioseng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{47B1DABF-5B36-4C65-BAA6-1EA2828147FC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B1DABF-5B36-4C65-BAA6-1EA2828147FC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B1DABF-5B36-4C65-BAA6-1EA2828147FC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47B1DABF-5B36-4C65-BAA6-1EA2828147FC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3A76875A-3BDB-4A43-ABB8-32EE456F4E9D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A76875A-3BDB-4A43-ABB8-32EE456F4E9D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A76875A-3BDB-4A43-ABB8-32EE456F4E9D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A76875A-3BDB-4A43-ABB8-32EE456F4E9D}\InprocServer32]
@="C:\\WINDOWS\\system32\\sGfrslv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{339F836B-0167-4A7C-A201-7C819387F25E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{339F836B-0167-4A7C-A201-7C819387F25E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{339F836B-0167-4A7C-A201-7C819387F25E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{339F836B-0167-4A7C-A201-7C819387F25E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wynipsec.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FE218803-7A8D-4B0F-86C1-3F8A3C44D500}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE218803-7A8D-4B0F-86C1-3F8A3C44D500}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE218803-7A8D-4B0F-86C1-3F8A3C44D500}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE218803-7A8D-4B0F-86C1-3F8A3C44D500}\InprocServer32]
@="C:\\WINDOWS\\system32\\dccpmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A79E8F3C-FA1F-4C4D-B044-6A73C5EB0A6E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A79E8F3C-FA1F-4C4D-B044-6A73C5EB0A6E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A79E8F3C-FA1F-4C4D-B044-6A73C5EB0A6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A79E8F3C-FA1F-4C4D-B044-6A73C5EB0A6E}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrjetoledb40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A24777FC-2C7E-482E-861A-F340F82B6EB5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A24777FC-2C7E-482E-861A-F340F82B6EB5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A24777FC-2C7E-482E-861A-F340F82B6EB5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A24777FC-2C7E-482E-861A-F340F82B6EB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\ulrv80a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B7A3F2C-C179-4FDA-8B42-9CE40EAE7AC5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B7A3F2C-C179-4FDA-8B42-9CE40EAE7AC5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B7A3F2C-C179-4FDA-8B42-9CE40EAE7AC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B7A3F2C-C179-4FDA-8B42-9CE40EAE7AC5}\InprocServer32]
@="C:\\WINDOWS\\system32\\PEGFILT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D9C7950E-E961-44F1-821D-1E4D6573832F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C7950E-E961-44F1-821D-1E4D6573832F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C7950E-E961-44F1-821D-1E4D6573832F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9C7950E-E961-44F1-821D-1E4D6573832F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpgrate.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F076252E-A9C2-4202-BCCC-03143D2323AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F076252E-A9C2-4202-BCCC-03143D2323AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F076252E-A9C2-4202-BCCC-03143D2323AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F076252E-A9C2-4202-BCCC-03143D2323AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\sci_ci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{40740B80-E4A0-40BA-B46D-8CFA464C3BBC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40740B80-E4A0-40BA-B46D-8CFA464C3BBC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40740B80-E4A0-40BA-B46D-8CFA464C3BBC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40740B80-E4A0-40BA-B46D-8CFA464C3BBC}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfnet.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B76B8389-18CD-4DF4-9911-70D384893AC6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B76B8389-18CD-4DF4-9911-70D384893AC6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B76B8389-18CD-4DF4-9911-70D384893AC6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B76B8389-18CD-4DF4-9911-70D384893AC6}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{45914454-8D46-4491-ACE7-BAF368A94C01}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{45914454-8D46-4491-ACE7-BAF368A94C01}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{45914454-8D46-4491-ACE7-BAF368A94C01}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{45914454-8D46-4491-ACE7-BAF368A94C01}\InprocServer32]
@="C:\\WINDOWS\\system32\\vjajet32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C987C795-5FBF-4401-85A3-FC1BE6E78643}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C987C795-5FBF-4401-85A3-FC1BE6E78643}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C987C795-5FBF-4401-85A3-FC1BE6E78643}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C987C795-5FBF-4401-85A3-FC1BE6E78643}\InprocServer32]
@="C:\\WINDOWS\\system32\\stndmail.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2BD62513-7933-4E9E-83C3-8517B09C4151}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{2BD62513-7933-4E9E-83C3-8517B09C4151}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD62513-7933-4E9E-83C3-8517B09C4151}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD62513-7933-4E9E-83C3-8517B09C4151}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbv8dmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{906D6487-50B7-4E70-9674-86825F4E99B5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{906D6487-50B7-4E70-9674-86825F4E99B5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{906D6487-50B7-4E70-9674-86825F4E99B5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{906D6487-50B7-4E70-9674-86825F4E99B5}\InprocServer32]
@="C:\\WINDOWS\\system32\\MwPMSNSv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{365890B5-834A-45F0-803D-A41131425279}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{365890B5-834A-45F0-803D-A41131425279}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{365890B5-834A-45F0-803D-A41131425279}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{365890B5-834A-45F0-803D-A41131425279}\InprocServer32]
@="C:\\WINDOWS\\system32\\wzsdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E23BE82B-7EE7-4BF8-910E-8A31E574654F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E23BE82B-7EE7-4BF8-910E-8A31E574654F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E23BE82B-7EE7-4BF8-910E-8A31E574654F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E23BE82B-7EE7-4BF8-910E-8A31E574654F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mniqtz32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{56BFFDDA-2216-46DC-9423-CD904CDF8AF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56BFFDDA-2216-46DC-9423-CD904CDF8AF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56BFFDDA-2216-46DC-9423-CD904CDF8AF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{56BFFDDA-2216-46DC-9423-CD904CDF8AF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dlrgui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1442EEF0-C2BF-4A74-A063-74C2FDBFE007}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1442EEF0-C2BF-4A74-A063-74C2FDBFE007}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1442EEF0-C2BF-4A74-A063-74C2FDBFE007}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1442EEF0-C2BF-4A74-A063-74C2FDBFE007}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqdro.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EF4A07E0-CF90-4E88-9B3A-C3E078FA877A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF4A07E0-CF90-4E88-9B3A-C3E078FA877A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF4A07E0-CF90-4E88-9B3A-C3E078FA877A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EF4A07E0-CF90-4E88-9B3A-C3E078FA877A}\InprocServer32]
@="C:\\WINDOWS\\system32\\rkvpperf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6FF11FBC-D37C-4B1D-9A59-60ECDB6377D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FF11FBC-D37C-4B1D-9A59-60ECDB6377D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FF11FBC-D37C-4B1D-9A59-60ECDB6377D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6FF11FBC-D37C-4B1D-9A59-60ECDB6377D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\ssrio800.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{62FB8AAE-BDF6-4C0D-B6EA-DF73A316E387}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62FB8AAE-BDF6-4C0D-B6EA-DF73A316E387}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62FB8AAE-BDF6-4C0D-B6EA-DF73A316E387}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{62FB8AAE-BDF6-4C0D-B6EA-DF73A316E387}\InprocServer32]
@="C:\\WINDOWS\\system32\\zppfldr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{278BD615-9E12-450A-9B81-1BEC965939CE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{278BD615-9E12-450A-9B81-1BEC965939CE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{278BD615-9E12-450A-9B81-1BEC965939CE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{278BD615-9E12-450A-9B81-1BEC965939CE}\InprocServer32]
@="C:\\WINDOWS\\system32\\pmlmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5BDBE47D-E711-4AE8-8B96-8CDBDFE8816C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BDBE47D-E711-4AE8-8B96-8CDBDFE8816C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BDBE47D-E711-4AE8-8B96-8CDBDFE8816C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5BDBE47D-E711-4AE8-8B96-8CDBDFE8816C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Volume in drive C has no label.
Volume Serial Number is 304E-C1B1

Directory of C:\WINDOWS\System32

05/27/2005 11:34 PM <DIR> dllcache
03/25/2005 10:00 AM 235,047 we_oa232.dll
03/25/2005 09:58 AM 235,047 p68qlgl516q.dll
03/25/2005 09:57 AM 235,047 MCWMDM.dll
03/25/2005 09:57 AM 235,795 aza40c3qef.dll
03/25/2005 03:03 AM 235,047 dpintf.dll
03/25/2005 03:01 AM 235,047 hrj4051qe.dll
03/25/2005 03:00 AM 235,047 pmlmon.dll
03/25/2005 02:43 AM 235,335 m8820iloe8qc0.dll
03/25/2005 02:39 AM 235,047 zppfldr.dll
03/25/2005 01:55 AM 235,047 en26l1fs1.dll
03/19/2005 11:59 AM 233,248 en2sl1f71.dll
03/19/2005 06:05 AM 233,248 mghcp.dll
03/19/2005 06:05 AM 234,813 ir6ql5j51.dll
03/19/2005 06:00 AM 233,248 ssrio800.dll
03/19/2005 05:46 AM 233,248 k844lihq184e.dll
03/19/2005 04:08 AM 233,248 dlsetup.dll
03/19/2005 03:54 AM 233,248 igagx5.dll
03/19/2005 03:52 AM 233,248 s288lclu1fq8.dll
03/19/2005 03:50 AM 233,248 rkvpperf.dll
03/17/2005 03:28 PM 233,248 szell.dll
03/17/2005 03:21 PM 233,248 m464lejq1hoe.dll
03/17/2005 03:10 PM 233,713 k826lifs1826.dll
03/15/2005 09:09 AM 234,804 j2l40c3qef.dll
03/14/2005 09:03 PM 233,713 dnp0017me.dll
03/14/2005 09:00 PM 233,713 gakcsp.dll
03/14/2005 08:57 PM 232,900 vea256.dll
03/13/2005 05:40 PM 235,858 l2r0lc9m1f.dll
03/13/2005 05:33 PM 235,858 RDCRES.dll
03/13/2005 05:30 PM 232,900 kqdro.dll
03/13/2005 03:15 PM 232,900 OQBCCP32.dll
03/13/2005 02:45 PM 235,362 nainstnt.dll
03/13/2005 01:38 PM 235,362 nvvdmd.dll
03/12/2005 04:09 PM 236,059 q0860alsedq60.dll
03/12/2005 12:15 PM 236,059 dlrgui.dll
03/12/2005 11:37 AM 234,383 pyflbmsg.dll
03/12/2005 11:34 AM 235,362 kodfc.dll
03/12/2005 11:23 AM 234,383 ucrdtea.dll
03/12/2005 06:04 AM 235,362 WchRm.dll
03/12/2005 01:38 AM 232,736 mqjet40.dll
03/11/2005 03:41 PM 232,736 kidsp.dll
03/11/2005 03:38 PM 232,736 l0r00a9med.dll
03/11/2005 03:21 AM 232,736 QLOLE32.DLL
03/11/2005 03:19 AM 232,736 mniqtz32.dll
03/10/2005 01:44 PM 232,736 ijakui.dll
03/10/2005 01:42 PM 232,885 l6j8lg1u16.dll
03/10/2005 01:41 PM 232,885 wzsdmoe2.dll
03/10/2005 02:53 AM 232,736 uaiplat.dll
03/10/2005 02:51 AM 232,885 MwPMSNSv.dll
03/08/2005 05:07 PM 232,736 dgutil.dll
03/07/2005 02:48 PM 223,491 czmdlg32.dll
03/07/2005 02:47 PM 223,491 kt06l7ds1.dll
03/07/2005 02:39 PM 223,491 en6sl1j71.dll
03/05/2005 12:45 PM 223,491 cmvfat.dll
03/02/2005 03:14 PM 223,491 mcang.dll
03/01/2005 09:56 AM 223,491 iasetup.dll
03/01/2005 09:55 AM 222,839 dn0201doe.dll
02/28/2005 09:14 AM 223,491 ukandlg.dll
02/27/2005 12:12 PM 223,491 iEssvcs.dll
02/25/2005 09:50 PM 222,839 pttorsvc.dll
02/25/2005 09:39 PM 222,839 gK22lgfo162c.dll
02/25/2005 09:38 PM 226,125 m4lsle371h.dll
02/24/2005 09:22 AM 226,125 szrobj.dll
02/24/2005 09:20 AM 226,125 k0pmla711d.dll
02/19/2005 05:03 AM 226,125 dfspex.dll
02/18/2005 04:49 PM 226,125 cfbcatex.dll
02/17/2005 01:13 AM 226,125 fDultrep.dll
02/16/2005 06:35 PM 224,216 megrate.dll
02/16/2005 06:34 PM 223,205 ktjul7191.dll
02/16/2005 03:08 PM 223,205 fM0o0ed3eh0.dll
02/16/2005 03:07 PM 223,205 ir6ul5j91.dll
02/15/2005 02:58 PM 223,205 h2l2lc3o1f.dll
02/14/2005 12:53 PM 223,205 g8lmli3118.dll
02/12/2005 06:20 PM 223,205 muhgrcoi.dll
02/12/2005 05:09 PM 223,794 lv8q09l5e.dll
02/09/2005 01:40 PM 223,843 dhgest.dll
02/09/2005 01:40 PM 225,770 kt2ul7f91.dll
02/07/2005 02:38 AM 223,613 gp20l3fm1.dll
02/02/2005 06:24 PM 222,845 ismontr.dll
02/01/2005 09:37 AM 226,195 dqnwsock.dll
02/01/2005 09:37 AM 222,917 mvj4l91q1.dll
01/31/2005 02:20 AM 226,195 wpidx.dll
01/26/2005 01:34 AM 226,195 wjaueng.dll
01/26/2005 01:21 AM 224,687 hesetup.dll
01/26/2005 01:20 AM 224,299 ennml1511.dll
01/26/2005 01:10 AM 224,299 mgxoci.dll
01/26/2005 01:08 AM 222,911 hrp0057me.dll
01/25/2005 08:47 AM 222,911 mrw3prt.dll
01/25/2005 08:46 AM 225,585 fp6203joe.dll
01/25/2005 01:36 AM 223,753 o2840clqefqe0.dll
01/22/2005 08:26 PM 223,753 watdecod.dll
01/18/2005 11:46 PM 223,753 dlmasf.dll
01/18/2005 05:53 PM 223,753 mixmlr.dll
01/18/2005 10:25 AM 223,753 abcore.dll
01/18/2005 01:52 AM 223,569 en28l1fu1.dll
01/16/2005 03:59 PM 223,569 fpp8037ue.dll
01/15/2005 12:16 PM 223,569 lv0409dqe.dll
01/15/2005 03:05 AM 223,569 enrql1951.dll
01/14/2005 02:47 PM 222,588 jt0007dme.dll
01/14/2005 10:42 AM 222,588 uneg.dll
01/14/2005 10:42 AM 222,798 f0j20a1oed.dll
01/14/2005 10:35 AM 225,904 f40o0ed3eh0.dll
01/14/2005 01:59 AM 225,600 shrobj.dll
01/14/2005 01:57 AM 225,600 hrjm0511e.dll
01/13/2005 06:03 PM 225,600 mhtvgs.dll
01/13/2005 06:02 PM 224,998 n8l8li3u18.dll
01/13/2005 03:45 PM 224,998 Sfncor11.dll
01/13/2005 03:38 PM 224,998 rbnd.dll
01/13/2005 12:44 PM 224,998 sxrio800.dll
01/13/2005 12:29 PM 224,998 oxbccr32.dll
01/13/2005 12:26 PM 224,998 fsifs.dll
01/13/2005 10:39 AM 224,998 vir.dll
01/13/2005 10:13 AM 224,998 kzdhe.dll
01/13/2005 10:13 AM 223,069 gp2sl3f71.dll
01/13/2005 01:24 AM 224,998 kncom.dll
01/12/2005 03:28 PM 224,998 QWJava.DLL
01/12/2005 09:48 AM 224,998 tprmmgr.dll
01/12/2005 09:11 AM 224,257 g622lgfo162c.dll
01/11/2005 02:50 PM 225,045 lvp8097ue.dll
01/09/2005 08:33 PM 225,045 mfyuv.dll
01/09/2005 07:25 PM 225,045 cyvfat.dll
01/09/2005 04:23 PM 223,492 j22q0cf5ef2.dll
01/09/2005 04:13 PM 225,045 g6jolg1316.dll
01/07/2005 11:34 AM 223,492 dhprop.dll
01/07/2005 11:33 AM 223,331 aza2la9o1d.dll
01/06/2005 01:45 PM 223,492 mpricons.dll
01/06/2005 12:42 AM 223,331 Poops16.dll
01/06/2005 12:42 AM 224,792 en64l1jq1.dll
01/06/2005 12:23 AM 225,137 hrps0577e.dll
01/06/2005 12:13 AM 224,362 ffifs.dll
01/06/2005 12:11 AM 222,915 hr0805due.dll
01/05/2005 07:32 PM 222,915 MRT2FW95.DLL
01/05/2005 07:31 PM 225,279 p2n80c5uef.dll
01/05/2005 01:44 PM 225,279 krsys32.dll
01/05/2005 01:42 PM 223,853 n0r2la9o1d.dll
01/05/2005 12:50 PM 223,853 mrcsubs.dll
01/05/2005 12:13 PM 225,279 rppwsx.dll
01/05/2005 11:44 AM 223,853 mygrate.dll
12/27/2004 03:45 PM 223,853 iOssdo.dll
12/27/2004 03:44 PM 222,985 hp4023hmg.dll
12/26/2004 09:48 PM 222,985 EsnClass.Dll
12/26/2004 09:48 PM 224,916 enlul1391.dll
12/26/2004 02:58 PM 222,985 vwrtear.dll
12/25/2004 01:49 PM 222,985 mCg_hook.dll
12/25/2004 01:32 PM 223,723 hr4405hqe.dll
12/24/2004 05:04 PM 223,723 hhdserv.dll
12/24/2004 11:49 AM 223,723 fotls532.dll
12/22/2004 02:21 PM 223,723 kbsys32.dll
12/22/2004 02:19 PM 223,014 ir0ol5d31.dll
12/21/2004 10:07 AM 223,014 jrdwmie.dll
12/21/2004 10:06 AM 224,898 en6ul1j91.dll
12/20/2004 11:02 AM 224,898 iqmontr.dll
12/20/2004 11:02 AM 225,906 c800lidm180a.dll
12/20/2004 10:16 AM 222,851 jdcript.dll
12/20/2004 10:16 AM 223,922 enp0l17m1.dll
12/19/2004 06:18 PM 222,851 abifil32.dll
12/19/2004 04:50 PM 222,851 wehnetbs.dll
12/19/2004 12:04 PM 226,175 kodlv.dll
12/19/2004 11:56 AM 225,957 gp6ml3j11.dll
12/19/2004 11:22 AM 225,957 wonsrv.dll
12/19/2004 11:21 AM 225,282 ir82l5lo1.dll
12/19/2004 11:11 AM 225,299 jtj0071me.dll
12/19/2004 12:37 AM 225,738 l6n40g5qe6.dll
12/19/2004 12:34 AM 222,912 mv04l9dq1.dll
12/17/2004 09:57 AM 225,282 WhAspiNT.DLL
12/17/2004 01:03 AM 223,005 m4280efueh280.dll
12/10/2004 01:33 AM 225,282 p86slij718o.dll
12/10/2004 01:29 AM 224,863 dnpu0179e.dll
12/08/2004 09:11 PM 224,863 SpmStore.dll
12/08/2004 01:28 AM 226,261 p0n80a5ued.dll
12/08/2004 12:42 AM 224,863 whnhttp.dll
10/09/2001 09:38 AM <DIR> Microsoft
170 File(s) 38,603,136 bytes
2 Dir(s) 22,058,225,664 bytes free
  • 0

#9
Guest_usetobe_*

Guest_usetobe_*
  • Guest
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
  • 0

#10
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I tried running the l2mfix,but it keeps giving a message "winlogoff". Also after rebooting, the program started running, but there were no desktop icons and the window of l2mfix showed the winlogoff error.
This is the new log file

Logfile of HijackThis v1.99.1
Scan saved at 6:47:11 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O2 - BHO: (no name) - {E1D9E556-DCC3-4CCA-836B-A418007032CA} - C:\WINDOWS\System32\obkgmc.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\DHERE\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [msw] C:\Documents and Settings\All Users\Application Data\msw\MSW.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fwjwvzh] c:\windows\system32\kresbz.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\DHERE\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\Run: [mcwvaya] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [yrfwskv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [lysfjpu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uucswsj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vkgujob] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [bmoojpc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kjbpuli] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hilyrpi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cioeeab] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kvaelin] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [pfxahfc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vrvpuqf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nsjpjre] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [mjjdgwv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aafrwql] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aktiiof] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vhlupox] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [elpihjc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nluaqbk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [abcpemx] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jjqjqdw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [llprobo] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [qtwaamq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kdgjqgc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ukbixru] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ryibgis] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [troxbvk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hmdqvkq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jdrbroi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ewoqwce] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [quahgfj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [xnykyrq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [knortie] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nuyybtq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uqkcouq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cgicxwd] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [tfsxuvw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [axykpqu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ybsyens] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [okyisgf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hqwvtpw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [eorugbi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O18 - Filter: text/html - {416C8FA3-A6D6-43E3-ACF6-257D3A3E76E4} - C:\WINDOWS\System32\obkgmc.dll
O18 - Filter: text/plain - {416C8FA3-A6D6-43E3-ACF6-257D3A3E76E4} - C:\WINDOWS\System32\obkgmc.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

Advertisements


#11
Guest_usetobe_*

Guest_usetobe_*
  • Guest
OK time to change the sequence a bit,

Please carry out another fre online virus scan from the following location. Allow it to fix anything it finds,

Panda Activescan

Next carry out the ewido scan and post the log back in this thread. The ewido scan might fail, but please try it at least 2 more times in safe mode. If it still fails reboot your PC and try it 2 times in normal mode.
  • 0

#12
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
This is the report from panda activescan.


Incident Status Location

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\System32\bdfdjc.dll
Adware:Adware/SearchExe No disinfected C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\Documents and Settings\DHERE\Start Menu\Programs\AdDestroyer
Adware:Adware/Sqwire No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.in?
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/SearchExe No disinfected C:\DOCUME~1\DHERE\LOCALS~1\Temp\se.dll
Adware:Adware/Startpage.GX No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/Fizzle No disinfected C:\Program Files\FwBarTemp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\DHERE\Favorites\Casino & Adult
Adware:Adware/Beginto No disinfected Windows Registry
Adware:Adware/PowerSearch No disinfected C:\WINDOWS\System32\stlb2.xml
Adware:Adware/BroadcastPC No disinfected Windows Registry
Spyware:Spyware/Spyblocs No disinfected C:\WINDOWS\System32\10minsite.exe
Spyware:Spyware/Search3 No disinfected C:\Program Files\Search3 Toolbar
Virus:Trj/Downloader.AEE Disinfected Operating system
Adware:Adware/Findspy No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/CWS.HomeSearchAsisstantNo disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\thun.dll
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\System32\Free LapTop Computer.ico
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\System32\Cache\mswinstall.exe
Virus:Backdoor Program Disinfected C:\Documents and Settings\All Users\Documents\autorun.inf
Virus:W32/Gaobot.KW.worm Disinfected C:\Documents and Settings\All Users\Documents\winaii.exe
Adware:Adware/Findspy No disinfected C:\Documents and Settings\DHERE\Favorites\ Free Hidden Cams World - Realtime.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\DHERE\Favorites\ Free Spy Cam - Realtime.url
Adware:Adware/SearchExe No disinfected C:\Documents and Settings\DHERE\Local Settings\Temp\se.dll
Adware:Adware/SearchExe No disinfected C:\Documents and Settings\DHERE\Local Settings\Temp\temp.fr5DE0
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\K4T6THUB\fun120_2005523113628[1].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\ExactAd-Funcade_468x60_2005520145015[1].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\exactcardcrazy300_2005523113354[1].htm
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Common Files\Java\bpcv2_inst.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\ct.html
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\2504041110.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Beryllium.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bruzmoh.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-tsrkqn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Century.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSV7P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\desktrf-162813.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ez_advolt.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia2_56.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\InvestorIntelligenceInstallWeb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-dectest1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Setup.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\snackman.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\TrafficSpec8.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Verti1.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\winversion.exe
Adware:Adware/EliteBar No disinfected C:\WINDOWS\Downloaded Program Files\OSD149F.OSD
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\alchem.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\nvsveog.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Spyware:Spyware/Spyblocs No disinfected C:\WINDOWS\system32\10minsite.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\70tovmto.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\abasa5jrp.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\abcore.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\abifil32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\assnt.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\aza2la9o1d.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\bdfdjc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\c800lidm180a.dll
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\system32\Cache\mswinstall.exe
Spyware:Spyware/ShhhToolbar No disinfected C:\WINDOWS\system32\Cache\runsearch.exe
Spyware:Spyware/UrlSpy No disinfected C:\WINDOWS\system32\Cache\setup1015.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\system32\Cache\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\Cache\wrapperouter.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cbvfat.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cepbk32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cfbcatex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cmvfat.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\copbk32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\cyvfat.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\czmdlg32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dccpmon.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dfnet.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dfspex.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dhgest.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dhmodemx.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dhprop.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dl16gt.dLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dlmasf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dn0201doe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dnpu0179e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\dqnwsock.dll
Adware:Adware/Beginto No disinfected C:\WINDOWS\system32\dsktrf.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en28l1fu1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en64l1jq1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en6sl1j71.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en6ul1j91.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\enlul1391.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ennml1511.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\enp0l17m1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\enrql1951.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\EsnClass.Dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\f0j20a1oed.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\f40o0ed3eh0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fDultrep.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fM0o0ed3eh0.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fotls532.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fp6203joe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fpp8037ue.dll
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free LapTop Computer.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Picture iPod.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free Sony Playstation.ico
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\system32\Free U2 iPod.ico
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\fsifs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\g622lgfo162c.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\g6jolg1316.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\g8lmli3118.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gK22lgfo162c.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gp20l3fm1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gp2sl3f71.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\gp6ml3j11.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\h2l2lc3o1f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hesetup.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hhdserv.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\hochkaod3.ini
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hp4023hmg.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hr0805due.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hr4405hqe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hrjm0511e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hrp0057me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\hrps0577e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iasetup.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iaxpromn.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iEssvcs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iNssdo.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ioseng.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iOssdo.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\iqmontr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ir0ol5d31.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ir6ul5j91.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ir82l5lo1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ismontr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\j22q0cf5ef2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jdcript.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jrdwmie.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jt0007dme.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jtj0071me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\jwj0071me.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\k0pmla711d.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kbsys32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kidfc.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kncom.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kodlv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\krsys32.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kt06l7ds1.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kt2ul7f91.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\ktjul7191.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\kzdhe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\l6n40g5qe6.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\lv0409dqe.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\lv8q09l5e.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\lvp8097ue.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\m2rmlc911f.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\m4280efueh280.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\m4lsle371h.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mcang.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mCg_hook.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\megrate.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mfjava.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mfyuv.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mgxoci.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mhtvgs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mixmlr.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mpgrate.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mpricons.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mrcsubs.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mrjetoledb40.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\mrrle32.dll
  • 0

#13
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Any luck with Ewido?
  • 0

#14
raw0911

raw0911

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
This is the report from ewido scan. Following that is the latest hijackthis logfile.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:16:39 AM, 6/24/2005
+ Report-Checksum: C227FBB9

+ Date of database: 6/7/2005
+ Version of scan engine: v3.0

+ Duration: 57 min
+ Scanned Files: 62726
+ Speed: 18.05 Files/Second
+ Infected files: 3
+ Removed files: 3
+ Files put in quarantine: 3
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\DHERE\Cookies\dhere@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\DHERE\Cookies\dhere@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\DHERE\Cookies\dhere@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 7:20:23 AM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\DHERE\Desktop\HijackThis.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\avciman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {4593F035-9115-449D-9432-AED670874A96} - C:\WINDOWS\System32\clhbafj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: CIEExtension Object - {B51DC573-E998-4834-9B45-BAB7C2AE0A75} - C:\Program Files\Ad-Protect\ADPIEmonitor.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [sountskmanager] sountaskmgr
O4 - HKLM\..\Run: [Microsoft Update] msawindows.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4U4Rfn] C:\documents and settings\dhere\local settings\temp\4U4Rfn.exe
O4 - HKLM\..\Run: [pQpJE8y] C:\documents and settings\dhere\local settings\temp\pQpJE8y.exe
O4 - HKLM\..\Run: [CKBcC5c] C:\documents and settings\dhere\local settings\temp\CKBcC5c.exe
O4 - HKLM\..\Run: [yhqY3d7] C:\documents and settings\dhere\local settings\temp\yhqY3d7.exe
O4 - HKLM\..\Run: [xVCVpv] C:\documents and settings\dhere\local settings\temp\xVCVpv.exe
O4 - HKLM\..\Run: [vcmxin] C:\WINDOWS\system32\BW_ActiveX.Stub.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [csuptfn] c:\windows\system32\csuptfn.exe
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [AutoLoaderq0t61YKfMKPJ] "C:\WINDOWS\System32\ulrrenv.exe" /HideDir /HideUninstall /PC="CP.FHB" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [q72g3sX] ulrrenv.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ Messenger] C:\WINDOWS\System32\p0n8ting.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [fwjwvzh] c:\windows\system32\kresbz.exe
O4 - HKLM\..\Run: [Vio Pes] vwa32.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\DHERE\Desktop\l2mfix\second.bat
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UpgConfVer] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\UpgConf.exe" /v:9.02.01
O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKLM\..\RunServices: [Vio Pes] vwa32.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [Ajr] C:\WINDOWS\System32\??anregw.exe
O4 - HKCU\..\Run: [xjyfrrf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oapdtoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mimfimp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [viiqxhr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bxtsjtm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oaeosns] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cvilixc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dxtfnah] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xhtyvxh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ykhenxg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [bntcsvf] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yeeturm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yycfhae] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [apjpdsl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ryphkdi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hgepfsi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xrnsdev] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ctrereq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kmhasdl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ictxgin] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jkhfmhx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gammcdp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ciqlyxv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fuhsvxi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hrcrrya] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mprgjcu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [usyytli] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gqjitfm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipayptn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [jfbvdlc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygurpra] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nkucbif] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hfmqeks] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gyacbsr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xyeehyg] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dmqdmfd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qodltbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wuoudri] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [indedyr] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ucwacne] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [waufsgx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnhrkpx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [okbctba] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hjqlkcl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ygnhrjv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xbhwfhp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ificgic] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [stywcvk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [uqjobsh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lncqmls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vojisat] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ecujgim] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qkjwnpp] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yqncquq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [nqqyskv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wqyaxoi] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [opotjro] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [otuvnjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fensrhb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [cnywnjm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vovgach] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [faivdjx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [rpdmixy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [audpfqn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [layliog] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ipsuyuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [fkmgejw] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oribmju] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lejfiuc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [eascnho] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vdinvrv] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [spdxkyq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mahygls] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ibciqmj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vsafrxo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yonreiy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [dllfgie] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [aepeaff] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hpmeboh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [shacofm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lliktuk] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sqaupnn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [hwiauou] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [tintjeo] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [iktlytn] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [kpuwadh] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [oqnrunl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [sihfsxc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [yccnfwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [elkadib] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xalhebu] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [letcqnl] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [gabsivd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [mxxnfkt] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ojxpwqx] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lfrinlm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ilruilc] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ugeetqy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [ooywhfb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [lkymjwm] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [vwisovs] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [xjotoqj] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [idwofbq] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qmonkxy] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [qxkmktd] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [igcyknb] c:\windows\ddlkwrq.exe
O4 - HKCU\..\Run: [wnbgssm] c:\windows\ryxqtkn.exe
O4 - HKCU\..\Run: [ppviocc] c:\windows\nexqgiq.exe
O4 - HKCU\..\Run: [jmontux] c:\windows\ikgerqa.exe
O4 - HKCU\..\Run: [qwveiap] c:\windows\khkoyvr.exe
O4 - HKCU\..\Run: [linofsx] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [mwdjklp] c:\windows\rmwxwgm.exe
O4 - HKCU\..\Run: [ksjpent] c:\windows\kqcpmms.exe
O4 - HKCU\..\Run: [vqcxadn] c:\windows\tfudewl.exe
O4 - HKCU\..\Run: [lofioik] c:\windows\sltvdji.exe
O4 - HKCU\..\Run: [eawnsom] c:\windows\ksaauyu.exe
O4 - HKCU\..\Run: [fvwjkyl] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [inaifkb] c:\windows\hxfwwxc.exe
O4 - HKCU\..\Run: [ekhhnqv] c:\windows\epjujcu.exe
O4 - HKCU\..\Run: [wbplrwr] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [lhcpmxk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [siiemkh] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [cikegjn] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [mtupqnq] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [tjrpvvu] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [icgdwdy] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [bsxjgpl] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [jcmoeut] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [mqabuws] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qltlcum] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [kanuhys] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [chaxanb] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [fqdkcdw] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [qckvsjj] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [nehtpvm] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [rfgqjri] c:\windows\lsujyff.exe
O4 - HKCU\..\Run: [whtvbfk] c:\windows\xexlxxv.exe
O4 - HKCU\..\Run: [srrysqc] c:\windows\khppcsy.exe
O4 - HKCU\..\Run: [qvysnej] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nibtxul] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cooqksr] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [wrxvwge] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kxcifou] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kismube] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [foljhtx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aqntdqq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tyvydkw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [eytbklx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tweaccg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uoiontn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [cgsibri] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [chcdxmw] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yitsdkl] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lkfjxon] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qiiohga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qpqvslt] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uaulmob] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [uqtgexc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kavlhkk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [oyvwxha] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [dajqckd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kawncaq] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [guiqvuc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qgerpgn] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [lywwoel] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gfeveeh] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [qrivywg] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [sjjpoiu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yyjvemb] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [aogktmy] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [txfxpuu] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [rkdgkls] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [nywksvp] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [tpiexpd] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [hnogauj] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [gxhnhop] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [ltadrjx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [yaragga] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [kcuqfhc] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [daotcwx] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [olfbvnk] c:\windows\myxwddb.exe
O4 - HKCU\..\Run: [xonsflb] c:\windows\tmmqvqx.exe
O4 - HKCU\..\Run: [sqdnwoa] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [whjntop] c:\windows\dvuwwbl.exe
O4 - HKCU\..\Run: [svkkfcg] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [hmjqank] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [gkdweco] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [fifvwcb] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [oljsuuw] c:\windows\ppjtmry.exe
O4 - HKCU\..\Run: [nsgbjic] c:\windows\mtfxuql.exe
O4 - HKCU\..\Run: [vajhafd] c:\windows\einhnfd.exe
O4 - HKCU\..\Run: [khlbgxd] c:\windows\kpvssxf.exe
O4 - HKCU\..\Run: [nemlyrv] c:\windows\kqjltfy.exe
O4 - HKCU\..\Run: [slwkjiw] c:\windows\kjpakwn.exe
O4 - HKCU\..\Run: [oguvtua] c:\windows\crjoubx.exe
O4 - HKCU\..\Run: [kauntvu] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [lcjabyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [hhbyahf] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [vtliypb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [nrvxfyb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jfppkvq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [jjkwpxq] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [gmtoklb] c:\windows\tkdjwum.exe
O4 - HKCU\..\Run: [geaxxgg] c:\windows\isrolbo.exe
O4 - HKCU\..\Run: [mcwvaya] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [yrfwskv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [lysfjpu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uucswsj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vkgujob] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [bmoojpc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kjbpuli] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hilyrpi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cioeeab] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kvaelin] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [pfxahfc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vrvpuqf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nsjpjre] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [mjjdgwv] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aafrwql] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [aktiiof] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [vhlupox] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [elpihjc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nluaqbk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [abcpemx] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jjqjqdw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [llprobo] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [qtwaamq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [kdgjqgc] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ukbixru] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ryibgis] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [troxbvk] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hmdqvkq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [jdrbroi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ewoqwce] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [quahgfj] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [xnykyrq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [knortie] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [nuyybtq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [uqkcouq] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [cgicxwd] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [tfsxuvw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [axykpqu] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [ybsyens] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [okyisgf] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [hqwvtpw] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [eorugbi] c:\windows\rflwmri.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {210B16CB-F9F8-4C36-B11E-E865DF76354B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AEF4EE1-07B6-46FD-9379-2C8C7B4F62DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Support - {95540188-895D-49E0-BF8B-37D28ED3F799} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .IE5: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{205893FB-CABD-4E12-82F2-6D1E9BA6E5FF}: NameServer = 206.141.192.60 206.141.193.55
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqlallg.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\n0r20a9oed.dll (file missing)
O21 - SSODL: Shedule Protocol - {07A58DD3-BC91-4982-9550-D69F8866AE12} - C:\WINDOWS\System32\iasantld.dll (file missing)
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\DHERE\Local Settings\Temporary Internet Files\Content.IE5\6U50JHLR\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Vio Pes (Vie Pes) - Unknown owner - C:\WINDOWS\System32\vwa32.exe" -service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#15
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Raw,

Retry this now.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. If it doesn't run, then there is no need for a new HJT log, just let me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP