Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

StartPage-DU.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
heavenwaits

heavenwaits

    Member

  • Member
  • PipPip
  • 20 posts
Okay, so I'm brand new here, and I only know basics about computers, so bear with me please.

Yesterday my McAffee started telling me it had cleaned the trojan StartPage-DU.dll from my computer. My Windows Anti-Spyware also keeps asking me if I want to allow certain startup programs and keeps trying to install an Internet Browser Helper called "Class." Also, as typical (from what I've found) of this trojan, my default homepage keeps getting changed to About:Blank. I've run a virus scan now and it's not finding anything, nor are any of the anti-spywares. My IE keeps randomly closing and McAffee keeps telling me it's cleaning the file, but obviously it's not doing any good. I've tried downloading some of the programs suggested on the site to help clean it out, including CWShredder, but when I get to those sites IE shuts down and I can't get them downloaded. I did download highjackthis, however. Here is the scan I did:

Logfile of HijackThis v1.99.1
Scan saved at 10:44:07 PM, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\netyy.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us4nb.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\uvjqt.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59}
- C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {F1D7DCBA-0130-C987-716B-EE88E16B0371} -
C:\WINDOWS\ipph.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655}
- c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp]
c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook
Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook
Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default
Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program
Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [netyy.exe] C:\WINDOWS\system32\netyy.exe
O4 - HKLM\..\RunOnce: [atlmq.exe] C:\WINDOWS\atlmq.exe
O4 - HKLM\..\RunOnce: [msji32.exe] C:\WINDOWS\system32\msji32.exe
O4 - HKLM\..\RunOnce: [appzc.exe] C:\WINDOWS\appzc.exe
O4 - HKLM\..\RunOnce: [mfcan32.exe] C:\WINDOWS\system32\mfcan32.exe
O4 - HKLM\..\RunOnce: [sysni.exe] C:\WINDOWS\system32\sysni.exe
O4 - HKLM\..\RunOnce: [winvo.exe] C:\WINDOWS\system32\winvo.exe
O4 - HKLM\..\RunOnce: [apiit32.exe] C:\WINDOWS\system32\apiit32.exe
O4 - HKLM\..\RunOnce: [mstl.exe] C:\WINDOWS\system32\mstl.exe
O4 - HKLM\..\RunOnce: [addxn.exe] C:\WINDOWS\addxn.exe
O4 - HKLM\..\RunOnce: [msdn32.exe] C:\WINDOWS\system32\msdn32.exe
O4 - HKLM\..\RunOnce: [iefw32.exe] C:\WINDOWS\system32\iefw32.exe
O4 - HKLM\..\RunOnce: [iemz.exe] C:\WINDOWS\iemz.exe
O4 - HKLM\..\RunOnce: [winfi32.exe] C:\WINDOWS\system32\winfi32.exe
O4 - HKLM\..\RunOnce: [sdkqv.exe] C:\WINDOWS\system32\sdkqv.exe
O4 - HKLM\..\RunOnce: [atlse.exe] C:\WINDOWS\atlse.exe
O4 - HKLM\..\RunOnce: [atlrg32.exe] C:\WINDOWS\atlrg32.exe
O4 - HKLM\..\RunOnce: [msuz.exe] C:\WINDOWS\system32\msuz.exe
O4 - HKLM\..\RunOnce: [netjz32.exe] C:\WINDOWS\netjz32.exe
O4 - HKLM\..\RunOnce: [d3uw.exe] C:\WINDOWS\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [javabi32.exe] C:\WINDOWS\system32\javabi32.exe
O4 - HKLM\..\RunOnce: [atlkm32.exe] C:\WINDOWS\atlkm32.exe
O4 - HKLM\..\RunOnce: [mspo.exe] C:\WINDOWS\system32\mspo.exe
O4 - HKLM\..\RunOnce: [appuq.exe] C:\WINDOWS\system32\appuq.exe
O4 - HKLM\..\RunOnce: [d3hk32.exe] C:\WINDOWS\d3hk32.exe
O4 - HKLM\..\RunOnce: [atlla.exe] C:\WINDOWS\system32\atlla.exe
O4 - HKLM\..\RunOnce: [syskn.exe] C:\WINDOWS\syskn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class)
-
http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online
Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control
4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) -
Unknown owner - C:\WINDOWS\system32\msji32.exe
O23 - Service: HP Configuration Interface Service (HPConfig) -
Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program
Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) -
McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Thanks in advance if anyone can help me out!
  • 0

Advertisements


#2
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There :tazz: heavenwaits

I am UKBiker and I will be helping you with this log. As it is some time since you first posted, could you please rescan and post a new log for me. In addition, when you save the log in Notepad, please ensure that the Wordwrap feature is turned off by Unchecking that option in the Format tab in Notepad.

UKBiker
  • 0

#3
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi there! Thanks in advance for the help...

I've managed to get CWshredder on my computer as well as Ad-Aware and Spybot (my friend burned them to disk for me) so I hope it took care of a few problems, but I am still having a problem with About: Blank, as well as StartPage-DU.dll popping up on my anti-virus, and my internet explorer randomly closes its windows. Here is my new scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:47:49 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\netyy.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tlwgy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {F5FEE684-3453-6CDB-7C0D-2B254124B336} - C:\WINDOWS\system32\mstp32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [netyy.exe] C:\WINDOWS\system32\netyy.exe
O4 - HKLM\..\RunOnce: [atlmq.exe] C:\WINDOWS\atlmq.exe
O4 - HKLM\..\RunOnce: [iean32.exe] C:\WINDOWS\system32\iean32.exe
O4 - HKLM\..\RunOnce: [sdkgh.exe] C:\WINDOWS\system32\sdkgh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\atlmq.exe" /s (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

Edited by heavenwaits, 12 July 2005 - 06:04 PM.

  • 0

#4
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there heavenwaits ;)


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck :tazz:

UKBiker

with thanks to ScHwErV
  • 0

#5
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, back...

I did everything you asked me to, it all went off without a hitch, but it seems I stil have something here that needs removing. Here are the logs you asked for:

SpSeHjfix:

(7/12/05 9:02:40 PM) SPSeHjFix started v1.1.2
(7/12/05 9:02:40 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/12/05 9:02:40 PM) Language: english
(7/12/05 9:02:40 PM) Win-Path: C:\WINDOWS
(7/12/05 9:02:40 PM) System-Path: C:\WINDOWS\system32
(7/12/05 9:02:40 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(7/12/05 9:02:43 PM) Disinfection started
(7/12/05 9:02:43 PM) Bad-Dll(IEP): (not found)
(7/12/05 9:02:43 PM) Bad-Dll(IEP) in BHO: (not found)
(7/12/05 9:02:43 PM) UBF: 7 - UBB: 1 - UBR: 90
(7/12/05 9:02:43 PM) UBF: 7 - UBB: 1 - UBR: 90
(7/12/05 9:02:43 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(7/12/05 9:02:43 PM) Stealth-String not found
(7/12/05 9:02:43 PM) Not infected->END

Edited by heavenwaits, 13 July 2005 - 12:35 AM.

  • 0

#6
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the Kaspersky scan:


KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Wednesday, July 13, 2005 01:18:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/07/2005
Kaspersky Anti-Virus database records: 130360
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 36355
Number of viruses found: 3
Number of infected objects: 978
Number of suspicious objects: 0
Duration of the scan process: 7368 sec

Infected Object Name - Virus Name
C:\WINDOWS\addbw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addfg.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addfz.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\addhl.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\addiw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addli.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addlu32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\addly.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addmh32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\addmk.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addns.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addnt32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addpr32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addsk.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addxn.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\addys32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\apiab32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apicv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apiip.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apijf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apiji.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apinw.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apipy.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\apitg32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apitr32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\apivs32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\appac32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\appac32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\appcs.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\appem32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\appen.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\appen.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\appep.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\appll.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\appnv32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\appst32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\appts.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\appxy.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\appzc.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlkm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlmm32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlmq.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlpl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlqx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlqy.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\atlrg32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlrk.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlrw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlsd.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\atlse.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlsh.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atltq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\atlwu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\AuHCcup1.ini:ugnro:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Blue Lace 16.bmp:nzenf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\bootstat.dat:dmgyrw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\bootstat.dat:dunqr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\bootstat.dat:pytbf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\bootstat.dat:tydump:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\bootstat.dat:xgrxm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\clock.avi:bjbiwe:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\clock.avi:upwav:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\CMinstall.log:ckxzn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\CMinstall.log:vnzdlg:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\CMinstall.log:vvfwt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\cmsetacl.log:bunch:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Coffee Bean.bmp:ujtnyp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\COM+.log:eekde:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\COM+.log:oorio:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\COM+.log:ovybn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\COM+.log:yshgb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\comsetup.log:ixdoi:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\comsetup.log:svftb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\control.ini:azwmc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\corelpf.lrs:eudsgs:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\crab32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crbl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crhf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crja.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\crkb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crpa.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\crsf32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\crtx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crvf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crwb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crxp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\crze32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3bb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3bh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3dn.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\d3dn.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3et32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3hf32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\d3hf32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3hk32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3ik32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3io.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3jr.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3mj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3qo.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\d3ua.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3vk.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\d3wm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3wo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3xg32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\d3xq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\dahotfix.log:axwbc:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\dahotfix.log:lwpyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\dahotfix.log:xhcdr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\desktop.ini:pvkpr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\DtcInstall.log:uvgsi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\endec.2wr:dxiex:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\endec.2wr:ewiag:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\endec.2wr:syggf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\endec.2wr:ypubk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\endec.2wr:ypubkd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\FeatherTexture.bmp:ijnof:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\flwyu.log:lzzmz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Gone Fishing.bmp:awnhg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Greenstone.bmp:oqtwu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Greenstone.bmp:xgiqv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\hp.bmp:hhfid:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\hp1600.bmp:rewhp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\hp640.bmp:rkxej:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\iead32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ieal.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\iebu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iecu.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\iega32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\iegx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\iele.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\iemz.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ieod.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\iert32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ieuo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iexq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iezt32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iis6.log:xsamb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipbf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipcj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipcx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipgr.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iphb.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\iphi.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\iphj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipht.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipje32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipko.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipna.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ipov32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ippt.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipqj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipqo.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipre32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipso.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\iptz32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipub.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ipyn32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ipyn32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ipzl.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ipzl.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\jautoexp.dat:ndntde:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\javaaa.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\javacn.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javadn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\javafm.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javaft.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javahu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\javajd32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\javaoh32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javard32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javaru.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\javasa32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\jhsts.txt:lbwuo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\jhsts.txt:xpnmx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB823182.log:xqfpp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB824105.log:fexyfo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB824105.log:qzvyu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB825119.log:itlxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB826939.log:bgwhd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB826939.log:iqvlk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB826939.log:mkekp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB826939.log:tuwkx:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB828035.log:bnthu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB828035.log:idjzc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB828741.log:vbmzfv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB833987.log:hrqwu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB833987.log:yzohf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB835732.log:asiim:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB837001.log:qfiicb:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB837001.log:yowme:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB839643.log:ptyvz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB839643.log:sldhf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB839643.log:tszdg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB839643.log:uxnzh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB839645.log:txezw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB839645.log:xcrud:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB840987.log:eyxej:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB840987.log:wbsfb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB841356.log:lxwey:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB841873.log:avbgw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB841873.log:pplnp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB841873.log:wrqje:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB842773.log:afsni:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB842773.log:iecnz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB842773.log:wyhks:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB867282-IE6SP1-20050127.163319.log:aarqm:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB867282-IE6SP1-20050127.163319.log:mlnux:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB867282-IE6SP1-20050127.163319.log:wcugh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB871250.log:prjog:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB871250.log:wnzfw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB873333.log:ozzxu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB873333.log:rwswe:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB873333.log:tgdsc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB873339.log:gtrvi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB873376.log:jrlxlh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB873376.log:qnwiu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB883939.log:lgwyw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB883939.log:sxfxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB883939.log:vtmhm:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB885250.log:lbuji:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB885626.log:kguah:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB885626.log:luagy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB885835.log:cxvps:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB885835.log:fahqt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB885836.log:dfsfa:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB885836.log:gnnbxl:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB885836.log:vgmvc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB886185.log:hnxoh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB886185.log:injkn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB887472.log:aloobz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB887472.log:gvpai:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB888113.log:jrjzp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB888113.log:uzzxl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB888113.log:ygxgzw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB888162.log:axxsz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB888162.log:vzgtd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:csbfr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:llgse:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:ozwxx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:szuqm:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB890046.log:vguyh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB890046.log:vneql:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890047.log:roalf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890175.log:rrfkkp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890859.log:cismf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890859.log:lqilv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890923-IE6SP1-20050225.103456.log:jplyz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890923.log:dsyji:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB890923.log:ksxxmz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB891711.log:mtexo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB891711.log:wmjcb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB891781.log:djmuo:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893066.log:bubll:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893086.log:eaehj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893803.log:fnskc:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893803.log:ptbhtz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB893803.log:sqrcn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB896358.log:mvvxy:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB896358.log:vtahjm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB896422.log:nloux:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB896428.log:okxnk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB896428.log:qayhf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB898458.log:banib:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB898458.log:fqkbr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB898458.log:mnmwh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB898461.log:avmsqu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB898461.log:pbpaf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB901214.log:ylisn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\KB903235.log:iarmz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB903235.log:rcjub:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\lpt$vpn.719:oxezn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\lpt$vpn.719:ynrft:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\mfcau.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcaw32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\mfccp.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\mfccp.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\mfcfb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcgu32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\mfcig32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcnx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcom.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcon.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\mfcot32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcqb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcrt.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfctj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcts.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mfcxk.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\mfcxl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ModemLog_Conexant 56K ACLink Modem.txt:fveaxz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ModemLog_Conexant 56K ACLink Modem.txt:oxcxe:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\msain.txt:fusla:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\msain.txt:nysph:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\msain.txt:sbbsb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msdfmap.ini:mbyax:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msdfmap.ini:svexsw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msdfmap.ini:yoapq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msei32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\msgsocm.log:aqgov:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msgsocm.log:dqqotb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msia.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\msje.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msjh32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msjj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msjm.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\msll32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msne.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\msrf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mstl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\mstv.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msvu.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\mswa32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\mswa32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\msyl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\msyn32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netcc.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netdj.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netfk.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netfl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\nethf32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netjz32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netlf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netmw.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netpe32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netpu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netrb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netrg.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netrr32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netuc32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\netvj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netyv32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\netzb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ntar.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ntaw32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntbtlog.txt:hrnun:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntbtlog.txt:qukru:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntbu32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntdtcsetup.log:cjqcjk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntmm.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntob.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntov32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntpo.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntqk32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ntrh32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\nttk32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ntxv32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\ntye32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\nueez.txt:iopltt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ocgen.log:dxhqor:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ocgen.log:rbxuw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ocgen.log:vyufq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ocmsn.log:ufesr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ocmsn.log:zzfpa:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ODBC.INI:ivvww:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ODBC.INI:wrrns:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ODBC.INI:yzwae:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ODBCINST.INI:jbhhq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ODBCINST.INI:rrzxe:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\OEWABLog.txt:tzyyp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\orun32.ini:bwojq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\orun32.isu:ccamk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\pwbdx.txt:gizri:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q819696.log:siqkw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\QT4HPOT.UNI:jmvts:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\QT4HPOT.UNI:oqtyt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\QT4HPOT.UNI:udsrm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\QT4HPOT.UNI:xhhjr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\REGLOCS.OLD:fehee:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\regopt.log:rjcbe:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Rhododendron.bmp:ujlii:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\RM_RESULT.DAT:zrtyf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Santa Fe Stucco.bmp:jkvpg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Santa Fe Stucco.bmp:vjbut:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\SchedLgU.Txt:mkevc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdkci.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdkeq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdker32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sdkkf.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sdkkh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sdkmb.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdknj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdkns32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdkoj.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sdkpx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sdkue.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sessmgr.setup.log:bqjdv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\sessmgr.setup.log:iikuo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sessmgr.setup.log:mnzmp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setupact.log:ekbgm:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setupact.log:jlpwj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setupact.log:mjyyy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setupapi.log:kswqb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setupapi.log:rsuit:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setuperr.log:bnixh:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setuperr.log:fkids:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setuperr.log:zygnx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setuplog.txt:ekvnr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\setuplog.txt:maxpfm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\smscfg.ini:mkasl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Soap Bubbles.bmp:lobdb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Soap Bubbles.bmp:plmrb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Soap Bubbles.bmp:qmyjo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\spupdsvc.log:xlbim:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Sti_Trace.log:ixmaj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Sti_Trace.log:uuxaq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Sti_Trace.log:zrlks:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Sti_Trace.log:zrmeqe:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\svcpack.log:eotqd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\SynInst.log:hmwwd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\SynInst.log:qluwo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysap.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sysat.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysbh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\syscl32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysjh.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\syskn.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysnf.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sysny.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\sysrw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\syssr.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addcc.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\adddr.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\adddv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addfq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addiv.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addiw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addje32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addln32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addls.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addmw.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addmy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addoj32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\addpf32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addqs32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\addye32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addzw.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apiae.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apiej.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apihh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apiit32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apims32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apimu.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apina.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apisj32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apisl32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\apisl32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apisn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apivk32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\apivm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apivz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apiwb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apiwc32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apiyf.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apizp32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appam32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appcd32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\appcd32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appcf.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appdk32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appfq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appfr.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appgq.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\appgq.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appgw.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\appja.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appjd.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appkn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appll32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appme32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\apppf32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\apprh32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appuj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appuo32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\appuq.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appxi.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appym32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\appzp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlcs.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlcv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlcx32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atldd.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atldg.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlkp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlla.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\atlmy.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\atltu32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atluj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\atluw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlvf.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlvn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlxx.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\atlxx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\crat.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crbm.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crdl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\creo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crfb32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\crgs.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crjj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\crng.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crnh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crnr32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\crnx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crpj.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crrc.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\cruo.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crvg.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\crvl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3bp.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3cv.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3fw.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\d3fw.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3gw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3iu.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3js.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3le32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3oy.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3qx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3rw.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3sx32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\d3tn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3ud32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3uw.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\d3uz.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3vp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3yi32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\d3zi32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iean32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iebq.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iece32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iecz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iefw32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iejq.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iekm32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ielv32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iemw.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ieop32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iepc.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ieqe.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ieqy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ierb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iewi32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iezd32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ipao32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipcv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipfj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\iphu.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipjg.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipkc.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\iply.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ipmo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipnm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipol32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\ippp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ippy.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iprl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iptq.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\iput32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ipuv.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ipxe.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ipxj.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\ipxj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ipxr.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\javaag32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javabi32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javafp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javagr.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javaho.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javaik32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javaip.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javald32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javamn.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javann.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javaqh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javaqi.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javaqq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javasl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javatx32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javayp32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\javazw32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\mfcan32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcbh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfchc32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfchd32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mfche.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mfckk.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfckk32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcmq.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mfcmr.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mfcnq.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcny32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mfcwa.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfcwo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\msam32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mscd32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\msdn32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\msec.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mshj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mshk.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mshu.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\msji32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mskb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mspo.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\msra32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mstb.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\mstl.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\msug32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\msuq32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\msuq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\msuy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\msuz.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\msyb32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\netcv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netee32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\netee32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netgp32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netif32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netiq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netjb.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netjp.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netnz32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netoi32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\netqp.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netry32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netvl.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netvy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntcs.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntjg32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\ntkg32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntlv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntov.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntqi.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntuo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntvf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntwm32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntxd32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\ntyy32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkgh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkhb.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkhd.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkho32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sdkih.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkkb32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkln.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkmr32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdknf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkpp32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkqj32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\sdkqv.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sdkrt32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sdkuv.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkvh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sdkwt32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sysbw.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sysby32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sysca32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sysci32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sysgl32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sysgw.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\syslz.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\sysni.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\syspa.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\syspj32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\syssq32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sysss32.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\system32\sysss32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\sysuq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winay32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winaz.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\wineh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winey32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winfc.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winfi32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winhj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winio.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winkv32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winnj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winoh32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winoq32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winuf32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\winvj32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winvo.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winwh.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\system32\winzx.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\syswh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\syswz.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysyl32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\sysym.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\syszr.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\TMADCE.ptn:dayst:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\TMVAINFO.xml:rrzwf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\TSC.ini:soipz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\tsoc.log:lactv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\tvnwv.txt:ffevb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\tvnwv.txt:mkses:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\updspapi.log:mbnhb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\updspapi.log:qqaxmi:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\vb.ini:aozbx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\vb.ini:ktwvg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\vbaddin.ini:ygxjd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\vwqgr.txt:qhhox:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wiadebug.log:wmdop:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wiaservc.log:fqkbr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wiaservc.log:wbfls:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\win.ini:jhatz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\win.ini:xdqrq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wincj.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wincy.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\Windows Update.log:noguj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\windv32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winga32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\wingd.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wingn.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wingp.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winhx.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winip32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winle.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winnh.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winnt.bmp:ygzgw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\winnt.bmp:yoqsu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winnt256.bmp:amhhcs:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winnt256.bmp:rpzkg:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\winru.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winrx32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winvr32.exe Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\winxt.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winyo32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winza32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\wmsetup.log:qrnto:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\wmsetup10.log:iaoat:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\wmsetup10.log:loibh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\WMSysPr9.prx:galak:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\WMSysPr9.prx:ypjng:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\WMSysPrx.prx:aebbi:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xpsp1hfm.log:bahgn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xpsp1hfm.log:bzlrk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xpsp1hfm.log:kvcxv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ygxgz.log:cilvd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ypubk.dat:tbztp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\ywygk.log:vjvif:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\Zapotec.bmp:iksbm:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:
  • 0

#7
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And Highjackthis file...

Logfile of HijackThis v1.99.1
Scan saved at 1:23:25 AM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\syssq32.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {007B911E-5570-A396-6F4A-A0CC235143DC} - C:\WINDOWS\d3dn.dll
O2 - BHO: Class - {00A88ECE-D542-06D0-B1E9-091150D86D41} - C:\WINDOWS\system32\msyb32.dll
O2 - BHO: Class - {10093460-6F53-E394-D35F-77E61A43FF4C} - C:\WINDOWS\system32\appgq.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Class - {143CE5E6-B0AC-4914-AA2E-624EF574EB4D} - C:\WINDOWS\ipna.dll
O2 - BHO: Class - {18A23373-407C-5064-29FC-1C2D804594FA} - C:\WINDOWS\ipyn32.dll
O2 - BHO: Class - {274A509F-0F00-989C-5FD2-C372C9375F32} - C:\WINDOWS\apipy.dll
O2 - BHO: Class - {28749852-4EA9-0662-286C-D43C4474D30C} - C:\WINDOWS\system32\ipxj.dll
O2 - BHO: Class - {2CF3F7AD-CB85-FA6A-FA52-E649A865235B} - C:\WINDOWS\system32\sysss32.dll
O2 - BHO: Class - {2FBFD3DB-44BC-5682-6544-30AA6B08CA27} - C:\WINDOWS\system32\msuq32.dll
O2 - BHO: Class - {32011C7F-3430-3AF2-DD1F-0049908763E5} - C:\WINDOWS\ipzl.dll
O2 - BHO: Class - {3376A8DD-F7C4-77CF-6511-9B4C70AC5C19} - C:\WINDOWS\mfccp.dll
O2 - BHO: Class - {38D7B7AF-8225-46C7-D3F6-14944118DEB3} - C:\WINDOWS\crpa.dll
O2 - BHO: Class - {3BAA12D3-D817-0626-D1DF-41175C0B6EAB} - C:\WINDOWS\ieal.dll
O2 - BHO: Class - {3D1F3C37-49CA-66D3-9877-04375ADE521D} - C:\WINDOWS\appac32.dll
O2 - BHO: Class - {4763166E-429C-B5AF-C8E8-C91F5368F74C} - C:\WINDOWS\msvu.dll
O2 - BHO: Class - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syspj32.dll
O2 - BHO: Class - {6E088D4B-521B-1676-CDD6-EC121DD3C210} - C:\WINDOWS\addys32.dll
O2 - BHO: Class - {709EE32C-77FF-291F-529C-369850DB1D21} - C:\WINDOWS\system32\appgw.dll
O2 - BHO: Class - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\atlqy.dll
O2 - BHO: Class - {7878CA0E-A0AB-130C-1F20-66B2AB298226} - C:\WINDOWS\d3hf32.dll
O2 - BHO: Class - {7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} - C:\WINDOWS\system32\d3fw.dll
O2 - BHO: Class - {A43797D8-6CEB-05DC-43B9-29CDA766A2BF} - C:\WINDOWS\addmh32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AB9DB4E2-75EB-16A7-E1F0-71015153AF1C} - C:\WINDOWS\appen.dll
O2 - BHO: Class - {ABE47D97-A0E4-6AFF-425A-480B402A89B8} - C:\WINDOWS\system32\ipol32.dll
O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\mswa32.dll
O2 - BHO: Class - {BA766B06-F528-DA73-2252-17372A2B1F55} - C:\WINDOWS\system32\javazw32.dll
O2 - BHO: Class - {C19B9125-B9FB-3BFD-7568-61F62B879410} - C:\WINDOWS\system32\apisl32.dll
O2 - BHO: Class - {C19C3C4F-004E-8C8D-A093-AB7AC41004E0} - C:\WINDOWS\system32\appcd32.dll
O2 - BHO: Class - {C75F302C-5DED-C090-F779-5337D7567BC3} - C:\WINDOWS\system32\crnr32.dll
O2 - BHO: Class - {CD0109D6-A18C-B80E-FAF2-55938C44BD61} - C:\WINDOWS\system32\netee32.dll
O2 - BHO: Class - {D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} - C:\WINDOWS\appep.dll
O2 - BHO: Class - {EB7A738C-0CE4-D731-5E60-6A46C953396F} - C:\WINDOWS\iecu.dll
O2 - BHO: Class - {EC0DCF51-1005-877B-C873-10B3F0156A8C} - C:\WINDOWS\system32\addoj32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [syssq32.exe] C:\WINDOWS\system32\syssq32.exe
O4 - HKLM\..\RunOnce: [atlmq.exe] C:\WINDOWS\atlmq.exe
O4 - HKLM\..\RunOnce: [iean32.exe] C:\WINDOWS\system32\iean32.exe
O4 - HKLM\..\RunOnce: [sdkgh.exe] C:\WINDOWS\system32\sdkgh.exe
O4 - HKLM\..\RunOnce: [javadn.exe] C:\WINDOWS\javadn.exe
O4 - HKLM\..\RunOnce: [d3cv.exe] C:\WINDOWS\system32\d3cv.exe
O4 - HKLM\..\RunOnce: [javasa32.exe] C:\WINDOWS\javasa32.exe
O4 - HKLM\..\RunOnce: [mfcmr.exe] C:\WINDOWS\system32\mfcmr.exe
O4 - HKLM\..\RunOnce: [iert32.exe] C:\WINDOWS\iert32.exe
O4 - HKLM\..\RunOnce: [winle.exe] C:\WINDOWS\winle.exe
O4 - HKLM\..\RunOnce: [d3js.exe] C:\WINDOWS\system32\d3js.exe
O4 - HKLM\..\RunOnce: [mstb.exe] C:\WINDOWS\system32\mstb.exe
O4 - HKLM\..\RunOnce: [ipqo.exe] C:\WINDOWS\ipqo.exe
O4 - HKLM\..\RunOnce: [mfckk.exe] C:\WINDOWS\system32\mfckk.exe
O4 - HKLM\..\RunOnce: [ipre32.exe] C:\WINDOWS\ipre32.exe
O4 - HKLM\..\RunOnce: [ipuv.exe] C:\WINDOWS\system32\ipuv.exe
O4 - HKLM\..\RunOnce: [appzp32.exe] C:\WINDOWS\system32\appzp32.exe
O4 - HKLM\..\RunOnce: [iphu.exe] C:\WINDOWS\system32\iphu.exe
O4 - HKLM\..\RunOnce: [winvr32.exe] C:\WINDOWS\winvr32.exe
O4 - HKLM\..\RunOnce: [mfcon.exe] C:\WINDOWS\mfcon.exe
O4 - HKLM\..\RunOnce: [sysuq32.exe] C:\WINDOWS\system32\sysuq32.exe
O4 - HKLM\..\RunOnce: [apimu.exe] C:\WINDOWS\system32\apimu.exe
O4 - HKLM\..\RunOnce: [sysgl32.exe] C:\WINDOWS\system32\sysgl32.exe
O4 - HKLM\..\RunOnce: [addfz.exe] C:\WINDOWS\addfz.exe
O4 - HKLM\..\RunOnce: [atlvn.exe] C:\WINDOWS\system32\atlvn.exe
O4 - HKLM\..\RunOnce: [syszr.exe] C:\WINDOWS\syszr.exe
O4 - HKLM\..\RunOnce: [netgp32.exe] C:\WINDOWS\system32\netgp32.exe
O4 - HKLM\..\RunOnce: [ipbf32.exe] C:\WINDOWS\ipbf32.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\javaoh32.exe
O4 - HKLM\..\RunOnce: [sdkuv.exe] C:\WINDOWS\system32\sdkuv.exe
O4 - HKLM\..\RunOnce: [mfchd32.exe] C:\WINDOWS\system32\mfchd32.exe
O4 - HKLM\..\RunOnce: [addmk.exe] C:\WINDOWS\addmk.exe
O4 - HKLM\..\RunOnce: [crbl32.exe] C:\WINDOWS\crbl32.exe
O4 - HKLM\..\RunOnce: [addzw.exe] C:\WINDOWS\system32\addzw.exe
O4 - HKLM\..\RunOnce: [sdker32.exe] C:\WINDOWS\sdker32.exe
O4 - HKLM\..\RunOnce: [ntov.exe] C:\WINDOWS\system32\ntov.exe
O4 - HKLM\..\RunOnce: [iead32.exe] C:\WINDOWS\iead32.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [mstl.exe] C:\WINDOWS\mstl.exe
O4 - HKLM\..\RunOnce: [apinw.exe] C:\WINDOWS\apinw.exe
O4 - HKLM\..\RunOnce: [appts.exe] C:\WINDOWS\appts.exe
O4 - HKLM\..\RunOnce: [d3ud32.exe] C:\WINDOWS\system32\d3ud32.exe
O4 - HKLM\..\RunOnce: [d3tn.exe] C:\WINDOWS\system32\d3tn.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\system32\ipcv.exe
O4 - HKLM\..\RunOnce: [sysbh32.exe] C:\WINDOWS\sysbh32.exe
O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe
O4 - HKLM\..\RunOnce: [winga32.exe] C:\WINDOWS\winga32.exe
O4 - HKLM\..\RunOnce: [crng.exe] C:\WINDOWS\system32\crng.exe
O4 - HKLM\..\RunOnce: [sdkkb32.exe] C:\WINDOWS\system32\sdkkb32.exe
O4 - HKLM\..\RunOnce: [sysbw.exe] C:\WINDOWS\system32\sysbw.exe
O4 - HKLM\..\RunOnce: [msuy32.exe] C:\WINDOWS\system32\msuy32.exe
O4 - HKLM\..\RunOnce: [winza32.exe] C:\WINDOWS\winza32.exe
O4 - HKLM\..\RunOnce: [ntlv.exe] C:\WINDOWS\system32\ntlv.exe
O4 - HKLM\..\RunOnce: [javann.exe] C:\WINDOWS\system32\javann.exe
O4 - HKLM\..\RunOnce: [msne.exe] C:\WINDOWS\msne.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\system32\iece32.exe
O4 - HKLM\..\RunOnce: [appja.exe] C:\WINDOWS\system32\appja.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [adddv.exe] C:\WINDOWS\system32\adddv.exe
O4 - HKLM\..\RunOnce: [mfcts.exe] C:\WINDOWS\mfcts.exe
O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
O4 - HKLM\..\RunOnce: [apizo32.exe] C:\WINDOWS\apizo32.exe
O4 - HKLM\..\RunOnce: [javacx32.exe] C:\WINDOWS\system32\javacx32.exe
O4 - HKLM\..\RunOnce: [netph32.exe] C:\WINDOWS\system32\netph32.exe
O4 - HKLM\..\RunOnce: [d3sr.exe] C:\WINDOWS\d3sr.exe
O4 - HKLM\..\RunOnce: [ipse32.exe] C:\WINDOWS\ipse32.exe
O4 - HKLM\..\RunOnce: [apiqz.exe] C:\WINDOWS\apiqz.exe
O4 - HKLM\..\RunOnce: [netcq.exe] C:\WINDOWS\system32\netcq.exe
O4 - HKLM\..\RunOnce: [netqn.exe] C:\WINDOWS\netqn.exe
O4 - HKLM\..\RunOnce: [ntqt32.exe] C:\WINDOWS\system32\ntqt32.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\msir.exe
O4 - HKLM\..\RunOnce: [crxm.exe] C:\WINDOWS\crxm.exe
O4 - HKLM\..\RunOnce: [d3lj32.exe] C:\WINDOWS\d3lj32.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [javaev32.exe] C:\WINDOWS\system32\javaev32.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\sdkew.exe
O4 - HKLM\..\RunOnce: [javanz32.exe] C:\WINDOWS\system32\javanz32.exe
O4 - HKLM\..\RunOnce: [mfcbs32.exe] C:\WINDOWS\system32\mfcbs32.exe
O4 - HKLM\..\RunOnce: [crrn32.exe] C:\WINDOWS\crrn32.exe
O4 - HKLM\..\RunOnce: [ipwx32.exe] C:\WINDOWS\ipwx32.exe
O4 - HKLM\..\RunOnce: [mszg32.exe] C:\WINDOWS\mszg32.exe
O4 - HKLM\..\RunOnce: [crdq32.exe] C:\WINDOWS\crdq32.exe
O4 - HKLM\..\RunOnce: [ipud32.exe] C:\WINDOWS\system32\ipud32.exe
O4 - HKLM\..\RunOnce: [javahf.exe] C:\WINDOWS\system32\javahf.exe
O4 - HKLM\..\RunOnce: [appqm32.exe] C:\WINDOWS\appqm32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\atlmq.exe" /s (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe


I don't know if the Krapersky scan posted all the way. I tried looking for the spot it stopped posting, but I couldn't quite find it, so I can try again if you really need the rest of the info.

Thanks!
  • 0

#8
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya heavenwaits :tazz:

can you tell me whether you deleted the files found by the kaspersky online scanner? If you didnt, or if you have rebooted your PC since your last post,then please run the Kaspersky scan again and delete the files found this time round. After that, please rescan with HJT and post a new log for me here.

One more thing, and this is important, This infection changes its filenames each time you reboot, so please do not reboot your PC after posting your next log and leave it switched on until I have worked out the fix and you have applied it.

Good luck

UKBiker
  • 0

#9
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Two questions...

I've re-done the scan, but how do I delete all of those files? Do I have to go through and do it all manually?

Also, my computer is a laptop that has a tendency to overheat, so I don't know how long I can leave it on. Is it okay for me to put it in Standby mode?

And now my McAfee is popping up with a new virus... Generic Downloader.f.
  • 0

#10
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

after running the scan, the kaspersky application gives you the option of deleting the files.

I will ask whether standby mode will be ok

UKBiker
  • 0

Advertisements


#11
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I ran a scan with Trendmicro and deleted all the files it found. Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:28:45 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\winzi32.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {007B911E-5570-A396-6F4A-A0CC235143DC} - C:\WINDOWS\d3dn.dll
O2 - BHO: Class - {00A88ECE-D542-06D0-B1E9-091150D86D41} - C:\WINDOWS\system32\msyb32.dll
O2 - BHO: Class - {10093460-6F53-E394-D35F-77E61A43FF4C} - C:\WINDOWS\system32\appgq.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Class - {143CE5E6-B0AC-4914-AA2E-624EF574EB4D} - C:\WINDOWS\ipna.dll
O2 - BHO: Class - {18A23373-407C-5064-29FC-1C2D804594FA} - C:\WINDOWS\ipyn32.dll
O2 - BHO: Class - {274A509F-0F00-989C-5FD2-C372C9375F32} - C:\WINDOWS\apipy.dll
O2 - BHO: Class - {28749852-4EA9-0662-286C-D43C4474D30C} - C:\WINDOWS\system32\ipxj.dll
O2 - BHO: Class - {2CF3F7AD-CB85-FA6A-FA52-E649A865235B} - C:\WINDOWS\system32\sysss32.dll
O2 - BHO: Class - {2FBFD3DB-44BC-5682-6544-30AA6B08CA27} - C:\WINDOWS\system32\msuq32.dll
O2 - BHO: Class - {32011C7F-3430-3AF2-DD1F-0049908763E5} - C:\WINDOWS\ipzl.dll
O2 - BHO: Class - {3376A8DD-F7C4-77CF-6511-9B4C70AC5C19} - C:\WINDOWS\mfccp.dll
O2 - BHO: Class - {38D7B7AF-8225-46C7-D3F6-14944118DEB3} - C:\WINDOWS\crpa.dll
O2 - BHO: Class - {3BAA12D3-D817-0626-D1DF-41175C0B6EAB} - C:\WINDOWS\ieal.dll
O2 - BHO: Class - {3D1F3C37-49CA-66D3-9877-04375ADE521D} - C:\WINDOWS\appac32.dll
O2 - BHO: Class - {4763166E-429C-B5AF-C8E8-C91F5368F74C} - C:\WINDOWS\msvu.dll
O2 - BHO: Class - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syspj32.dll
O2 - BHO: Class - {64B26103-2B1C-551B-4BBE-4C0B592B4757} - C:\WINDOWS\system32\d3ih32.dll
O2 - BHO: Class - {6E088D4B-521B-1676-CDD6-EC121DD3C210} - C:\WINDOWS\addys32.dll
O2 - BHO: Class - {709EE32C-77FF-291F-529C-369850DB1D21} - C:\WINDOWS\system32\appgw.dll
O2 - BHO: Class - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\atlqy.dll
O2 - BHO: Class - {7878CA0E-A0AB-130C-1F20-66B2AB298226} - C:\WINDOWS\d3hf32.dll
O2 - BHO: Class - {7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} - C:\WINDOWS\system32\d3fw.dll
O2 - BHO: Class - {A43797D8-6CEB-05DC-43B9-29CDA766A2BF} - C:\WINDOWS\addmh32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AB9DB4E2-75EB-16A7-E1F0-71015153AF1C} - C:\WINDOWS\appen.dll
O2 - BHO: Class - {ABE47D97-A0E4-6AFF-425A-480B402A89B8} - C:\WINDOWS\system32\ipol32.dll
O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\mswa32.dll
O2 - BHO: Class - {BA766B06-F528-DA73-2252-17372A2B1F55} - C:\WINDOWS\system32\javazw32.dll
O2 - BHO: Class - {C19B9125-B9FB-3BFD-7568-61F62B879410} - C:\WINDOWS\system32\apisl32.dll
O2 - BHO: Class - {C19C3C4F-004E-8C8D-A093-AB7AC41004E0} - C:\WINDOWS\system32\appcd32.dll
O2 - BHO: Class - {C75F302C-5DED-C090-F779-5337D7567BC3} - C:\WINDOWS\system32\crnr32.dll
O2 - BHO: Class - {CD0109D6-A18C-B80E-FAF2-55938C44BD61} - C:\WINDOWS\system32\netee32.dll
O2 - BHO: Class - {D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} - C:\WINDOWS\appep.dll
O2 - BHO: Class - {EB7A738C-0CE4-D731-5E60-6A46C953396F} - C:\WINDOWS\iecu.dll
O2 - BHO: Class - {EC0DCF51-1005-877B-C873-10B3F0156A8C} - C:\WINDOWS\system32\addoj32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [syssq32.exe] C:\WINDOWS\system32\syssq32.exe
O4 - HKLM\..\Run: [ntwh.exe] C:\WINDOWS\system32\ntwh.exe
O4 - HKLM\..\Run: [javasw32.exe] C:\WINDOWS\system32\javasw32.exe
O4 - HKLM\..\Run: [winzi32.exe] C:\WINDOWS\system32\winzi32.exe
O4 - HKLM\..\RunOnce: [atlmq.exe] C:\WINDOWS\atlmq.exe
O4 - HKLM\..\RunOnce: [iean32.exe] C:\WINDOWS\system32\iean32.exe
O4 - HKLM\..\RunOnce: [sdkgh.exe] C:\WINDOWS\system32\sdkgh.exe
O4 - HKLM\..\RunOnce: [javasa32.exe] C:\WINDOWS\javasa32.exe
O4 - HKLM\..\RunOnce: [ipuv.exe] C:\WINDOWS\system32\ipuv.exe
O4 - HKLM\..\RunOnce: [syszr.exe] C:\WINDOWS\syszr.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\javaoh32.exe
O4 - HKLM\..\RunOnce: [ntov.exe] C:\WINDOWS\system32\ntov.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [mstl.exe] C:\WINDOWS\mstl.exe
O4 - HKLM\..\RunOnce: [apinw.exe] C:\WINDOWS\apinw.exe
O4 - HKLM\..\RunOnce: [appts.exe] C:\WINDOWS\appts.exe
O4 - HKLM\..\RunOnce: [d3ud32.exe] C:\WINDOWS\system32\d3ud32.exe
O4 - HKLM\..\RunOnce: [d3tn.exe] C:\WINDOWS\system32\d3tn.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\system32\ipcv.exe
O4 - HKLM\..\RunOnce: [sysbh32.exe] C:\WINDOWS\sysbh32.exe
O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe
O4 - HKLM\..\RunOnce: [winga32.exe] C:\WINDOWS\winga32.exe
O4 - HKLM\..\RunOnce: [crng.exe] C:\WINDOWS\system32\crng.exe
O4 - HKLM\..\RunOnce: [sdkkb32.exe] C:\WINDOWS\system32\sdkkb32.exe
O4 - HKLM\..\RunOnce: [sysbw.exe] C:\WINDOWS\system32\sysbw.exe
O4 - HKLM\..\RunOnce: [msuy32.exe] C:\WINDOWS\system32\msuy32.exe
O4 - HKLM\..\RunOnce: [winza32.exe] C:\WINDOWS\winza32.exe
O4 - HKLM\..\RunOnce: [ntlv.exe] C:\WINDOWS\system32\ntlv.exe
O4 - HKLM\..\RunOnce: [javann.exe] C:\WINDOWS\system32\javann.exe
O4 - HKLM\..\RunOnce: [msne.exe] C:\WINDOWS\msne.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\system32\iece32.exe
O4 - HKLM\..\RunOnce: [appja.exe] C:\WINDOWS\system32\appja.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [adddv.exe] C:\WINDOWS\system32\adddv.exe
O4 - HKLM\..\RunOnce: [mfcts.exe] C:\WINDOWS\mfcts.exe
O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
O4 - HKLM\..\RunOnce: [netph32.exe] C:\WINDOWS\system32\netph32.exe
O4 - HKLM\..\RunOnce: [d3sr.exe] C:\WINDOWS\d3sr.exe
O4 - HKLM\..\RunOnce: [ipse32.exe] C:\WINDOWS\ipse32.exe
O4 - HKLM\..\RunOnce: [apiqz.exe] C:\WINDOWS\apiqz.exe
O4 - HKLM\..\RunOnce: [netcq.exe] C:\WINDOWS\system32\netcq.exe
O4 - HKLM\..\RunOnce: [netqn.exe] C:\WINDOWS\netqn.exe
O4 - HKLM\..\RunOnce: [ntqt32.exe] C:\WINDOWS\system32\ntqt32.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\msir.exe
O4 - HKLM\..\RunOnce: [d3lj32.exe] C:\WINDOWS\d3lj32.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\sdkew.exe
O4 - HKLM\..\RunOnce: [javanz32.exe] C:\WINDOWS\system32\javanz32.exe
O4 - HKLM\..\RunOnce: [mfcbs32.exe] C:\WINDOWS\system32\mfcbs32.exe
O4 - HKLM\..\RunOnce: [crrn32.exe] C:\WINDOWS\crrn32.exe
O4 - HKLM\..\RunOnce: [ipwx32.exe] C:\WINDOWS\ipwx32.exe
O4 - HKLM\..\RunOnce: [mszg32.exe] C:\WINDOWS\mszg32.exe
O4 - HKLM\..\RunOnce: [crdq32.exe] C:\WINDOWS\crdq32.exe
O4 - HKLM\..\RunOnce: [ipud32.exe] C:\WINDOWS\system32\ipud32.exe
O4 - HKLM\..\RunOnce: [javahf.exe] C:\WINDOWS\system32\javahf.exe
O4 - HKLM\..\RunOnce: [appqm32.exe] C:\WINDOWS\appqm32.exe
O4 - HKLM\..\RunOnce: [ipji.exe] C:\WINDOWS\ipji.exe
O4 - HKLM\..\RunOnce: [sysxg32.exe] C:\WINDOWS\sysxg32.exe
O4 - HKLM\..\RunOnce: [sdkuk32.exe] C:\WINDOWS\system32\sdkuk32.exe
O4 - HKLM\..\RunOnce: [winhy.exe] C:\WINDOWS\winhy.exe
O4 - HKLM\..\RunOnce: [mfcxn32.exe] C:\WINDOWS\mfcxn32.exe
O4 - HKLM\..\RunOnce: [ntrs32.exe] C:\WINDOWS\ntrs32.exe
O4 - HKLM\..\RunOnce: [appzn32.exe] C:\WINDOWS\system32\appzn32.exe
O4 - HKLM\..\RunOnce: [javapc32.exe] C:\WINDOWS\javapc32.exe
O4 - HKLM\..\RunOnce: [ieds32.exe] C:\WINDOWS\system32\ieds32.exe
O4 - HKLM\..\RunOnce: [appwp.exe] C:\WINDOWS\appwp.exe
O4 - HKLM\..\RunOnce: [crzm32.exe] C:\WINDOWS\system32\crzm32.exe
O4 - HKLM\..\RunOnce: [netdu32.exe] C:\WINDOWS\system32\netdu32.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\nettt32.exe
O4 - HKLM\..\RunOnce: [netqw.exe] C:\WINDOWS\system32\netqw.exe
O4 - HKLM\..\RunOnce: [javadg32.exe] C:\WINDOWS\javadg32.exe
O4 - HKLM\..\RunOnce: [criu32.exe] C:\WINDOWS\system32\criu32.exe
O4 - HKLM\..\RunOnce: [mfckg32.exe] C:\WINDOWS\system32\mfckg32.exe
O4 - HKLM\..\RunOnce: [winym.exe] C:\WINDOWS\system32\winym.exe
O4 - HKLM\..\RunOnce: [javahd32.exe] C:\WINDOWS\system32\javahd32.exe
O4 - HKLM\..\RunOnce: [apiop.exe] C:\WINDOWS\system32\apiop.exe
O4 - HKLM\..\RunOnce: [atllg32.exe] C:\WINDOWS\atllg32.exe
O4 - HKLM\..\RunOnce: [addcx32.exe] C:\WINDOWS\system32\addcx32.exe
O4 - HKLM\..\RunOnce: [msbk32.exe] C:\WINDOWS\msbk32.exe
O4 - HKLM\..\RunOnce: [crbx.exe] C:\WINDOWS\system32\crbx.exe
O4 - HKLM\..\RunOnce: [apiyd32.exe] C:\WINDOWS\apiyd32.exe
O4 - HKLM\..\RunOnce: [winjm.exe] C:\WINDOWS\winjm.exe
O4 - HKLM\..\RunOnce: [nttq32.exe] C:\WINDOWS\nttq32.exe
O4 - HKLM\..\RunOnce: [ntby32.exe] C:\WINDOWS\system32\ntby32.exe
O4 - HKLM\..\RunOnce: [syswh32.exe] C:\WINDOWS\system32\syswh32.exe
O4 - HKLM\..\RunOnce: [javapg32.exe] C:\WINDOWS\javapg32.exe
O4 - HKLM\..\RunOnce: [ipui.exe] C:\WINDOWS\system32\ipui.exe
O4 - HKLM\..\RunOnce: [ntuy32.exe] C:\WINDOWS\system32\ntuy32.exe
O4 - HKLM\..\RunOnce: [atlck.exe] C:\WINDOWS\system32\atlck.exe
O4 - HKLM\..\RunOnce: [addli.exe] C:\WINDOWS\addli.exe
O4 - HKLM\..\RunOnce: [netps32.exe] C:\WINDOWS\netps32.exe
O4 - HKLM\..\RunOnce: [mfchy32.exe] C:\WINDOWS\system32\mfchy32.exe
O4 - HKLM\..\RunOnce: [javadi32.exe] C:\WINDOWS\system32\javadi32.exe
O4 - HKLM\..\RunOnce: [ntgr32.exe] C:\WINDOWS\system32\ntgr32.exe
O4 - HKLM\..\RunOnce: [mfcff32.exe] C:\WINDOWS\mfcff32.exe
O4 - HKLM\..\RunOnce: [iewh.exe] C:\WINDOWS\system32\iewh.exe
O4 - HKLM\..\RunOnce: [d3tc.exe] C:\WINDOWS\system32\d3tc.exe
O4 - HKLM\..\RunOnce: [ntes32.exe] C:\WINDOWS\system32\ntes32.exe
O4 - HKLM\..\RunOnce: [sdkng.exe] C:\WINDOWS\system32\sdkng.exe
O4 - HKLM\..\RunOnce: [atlmu32.exe] C:\WINDOWS\system32\atlmu32.exe
O4 - HKLM\..\RunOnce: [mfcnk32.exe] C:\WINDOWS\system32\mfcnk32.exe
O4 - HKLM\..\RunOnce: [winlx32.exe] C:\WINDOWS\winlx32.exe
O4 - HKLM\..\RunOnce: [d3kk32.exe] C:\WINDOWS\d3kk32.exe
O4 - HKLM\..\RunOnce: [crnj32.exe] C:\WINDOWS\system32\crnj32.exe
O4 - HKLM\..\RunOnce: [atlsk.exe] C:\WINDOWS\system32\atlsk.exe
O4 - HKLM\..\RunOnce: [mfckt.exe] C:\WINDOWS\system32\mfckt.exe
O4 - HKLM\..\RunOnce: [javadb.exe] C:\WINDOWS\system32\javadb.exe
O4 - HKLM\..\RunOnce: [iefz32.exe] C:\WINDOWS\system32\iefz32.exe
O4 - HKLM\..\RunOnce: [msdh.exe] C:\WINDOWS\msdh.exe
O4 - HKLM\..\RunOnce: [ntkn.exe] C:\WINDOWS\system32\ntkn.exe
O4 - HKLM\..\RunOnce: [crse.exe] C:\WINDOWS\crse.exe
O4 - HKLM\..\RunOnce: [apigj32.exe] C:\WINDOWS\system32\apigj32.exe
O4 - HKLM\..\RunOnce: [ieli.exe] C:\WINDOWS\ieli.exe
O4 - HKLM\..\RunOnce: [mfcrb.exe] C:\WINDOWS\mfcrb.exe
O4 - HKLM\..\RunOnce: [iefb32.exe] C:\WINDOWS\iefb32.exe
O4 - HKLM\..\RunOnce: [mfcem32.exe] C:\WINDOWS\system32\mfcem32.exe
O4 - HKLM\..\RunOnce: [sdktd32.exe] C:\WINDOWS\sdktd32.exe
O4 - HKLM\..\RunOnce: [sysvc32.exe] C:\WINDOWS\system32\sysvc32.exe
O4 - HKLM\..\RunOnce: [atlob32.exe] C:\WINDOWS\atlob32.exe
O4 - HKLM\..\RunOnce: [netha32.exe] C:\WINDOWS\system32\netha32.exe
O4 - HKLM\..\RunOnce: [d3sw32.exe] C:\WINDOWS\d3sw32.exe
O4 - HKLM\..\RunOnce: [netut.exe] C:\WINDOWS\netut.exe
O4 - HKLM\..\RunOnce: [winnm32.exe] C:\WINDOWS\system32\winnm32.exe
O4 - HKLM\..\RunOnce: [crso32.exe] C:\WINDOWS\crso32.exe
O4 - HKLM\..\RunOnce: [winlk.exe] C:\WINDOWS\winlk.exe
O4 - HKLM\..\RunOnce: [sdkrp.exe] C:\WINDOWS\sdkrp.exe
O4 - HKLM\..\RunOnce: [mfcwj32.exe] C:\WINDOWS\mfcwj32.exe
O4 - HKLM\..\RunOnce: [atlte.exe] C:\WINDOWS\system32\atlte.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [ntsz32.exe] C:\WINDOWS\system32\ntsz32.exe
O4 - HKLM\..\RunOnce: [appxt32.exe] C:\WINDOWS\appxt32.exe
O4 - HKLM\..\RunOnce: [atlxj32.exe] C:\WINDOWS\system32\atlxj32.exe
O4 - HKLM\..\RunOnce: [ieke.exe] C:\WINDOWS\ieke.exe
O4 - HKLM\..\RunOnce: [apiui32.exe] C:\WINDOWS\system32\apiui32.exe
O4 - HKLM\..\RunOnce: [sdkkp.exe] C:\WINDOWS\sdkkp.exe
O4 - HKLM\..\RunOnce: [apijc.exe] C:\WINDOWS\system32\apijc.exe
O4 - HKLM\..\RunOnce: [sysof32.exe] C:\WINDOWS\system32\sysof32.exe
O4 - HKLM\..\RunOnce: [ntof.exe] C:\WINDOWS\ntof.exe
O4 - HKLM\..\RunOnce: [msgb32.exe] C:\WINDOWS\system32\msgb32.exe
O4 - HKLM\..\RunOnce: [mfcqh.exe] C:\WINDOWS\system32\mfcqh.exe
O4 - HKLM\..\RunOnce: [sysfl32.exe] C:\WINDOWS\sysfl32.exe
O4 - HKLM\..\RunOnce: [d3pr.exe] C:\WINDOWS\system32\d3pr.exe
O4 - HKLM\..\RunOnce: [msvo32.exe] C:\WINDOWS\msvo32.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\system32\d3jd32.exe
O4 - HKLM\..\RunOnce: [sysjq.exe] C:\WINDOWS\sysjq.exe
O4 - HKLM\..\RunOnce: [d3yx.exe] C:\WINDOWS\d3yx.exe
O4 - HKLM\..\RunOnce: [sysli.exe] C:\WINDOWS\system32\sysli.exe
O4 - HKLM\..\RunOnce: [winvp.exe] C:\WINDOWS\system32\winvp.exe
O4 - HKLM\..\RunOnce: [appux.exe] C:\WINDOWS\appux.exe
O4 - HKLM\..\RunOnce: [netny.exe] C:\WINDOWS\netny.exe
O4 - HKLM\..\RunOnce: [addyo32.exe] C:\WINDOWS\system32\addyo32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [atlmr.exe] C:\WINDOWS\system32\atlmr.exe
O4 - HKLM\..\RunOnce: [winbg.exe] C:\WINDOWS\system32\winbg.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\crmz32.exe
O4 - HKLM\..\RunOnce: [ipkm32.exe] C:\WINDOWS\system32\ipkm32.exe
O4 - HKLM\..\RunOnce: [sdkex32.exe] C:\WINDOWS\system32\sdkex32.exe
O4 - HKLM\..\RunOnce: [atlju32.exe] C:\WINDOWS\atlju32.exe
O4 - HKLM\..\RunOnce: [netxa.exe] C:\WINDOWS\system32\netxa.exe
O4 - HKLM\..\RunOnce: [crte32.exe] C:\WINDOWS\system32\crte32.exe
O4 - HKLM\..\RunOnce: [ntgj32.exe] C:\WINDOWS\system32\ntgj32.exe
O4 - HKLM\..\RunOnce: [wingj.exe] C:\WINDOWS\wingj.exe
O4 - HKLM\..\RunOnce: [mskv.exe] C:\WINDOWS\system32\mskv.exe
O4 - HKLM\..\RunOnce: [javauu.exe] C:\WINDOWS\system32\javauu.exe
O4 - HKLM\..\RunOnce: [sdkdu32.exe] C:\WINDOWS\sdkdu32.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\system32\ntrr.exe
O4 - HKLM\..\RunOnce: [sdkxo.exe] C:\WINDOWS\system32\sdkxo.exe
O4 - HKLM\..\RunOnce: [applk.exe] C:\WINDOWS\applk.exe
O4 - HKLM\..\RunOnce: [mfcdg.exe] C:\WINDOWS\mfcdg.exe
O4 - HKLM\..\RunOnce: [msdl.exe] C:\WINDOWS\system32\msdl.exe
O4 - HKLM\..\RunOnce: [ipkb32.exe] C:\WINDOWS\system32\ipkb32.exe
O4 - HKLM\..\RunOnce: [crva32.exe] C:\WINDOWS\crva32.exe
O4 - HKLM\..\RunOnce: [d3ol32.exe] C:\WINDOWS\system32\d3ol32.exe
O4 - HKLM\..\RunOnce: [ipth32.exe] C:\WINDOWS\system32\ipth32.exe
O4 - HKLM\..\RunOnce: [sysik.exe] C:\WINDOWS\system32\sysik.exe
O4 - HKLM\..\RunOnce: [winoh32.exe] C:\WINDOWS\winoh32.exe
O4 - HKLM\..\RunOnce: [crli.exe] C:\WINDOWS\crli.exe
O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\system32\ieky.exe
O4 - HKLM\..\RunOnce: [addcr.exe] C:\WINDOWS\system32\addcr.exe
O4 - HKLM\..\RunOnce: [atloi.exe] C:\WINDOWS\system32\atloi.exe
O4 - HKLM\..\RunOnce: [apinq.exe] C:\WINDOWS\apinq.exe
O4 - HKLM\..\RunOnce: [atlll32.exe] C:\WINDOWS\atlll32.exe
O4 - HKLM\..\RunOnce: [javaaa.exe] C:\WINDOWS\javaaa.exe
O4 - HKLM\..\RunOnce: [ipej32.exe] C:\WINDOWS\ipej32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\ntea.exe
O4 - HKLM\..\RunOnce: [netna.exe] C:\WINDOWS\netna.exe
O4 - HKLM\..\RunOnce: [d3cp32.exe] C:\WINDOWS\d3cp32.exe
O4 - HKLM\..\RunOnce: [addmn.exe] C:\WINDOWS\addmn.exe
O4 - HKLM\..\RunOnce: [ieqr.exe] C:\WINDOWS\ieqr.exe
O4 - HKLM\..\RunOnce: [atlfp32.exe] C:\WINDOWS\system32\atlfp32.exe
O4 - HKLM\..\RunOnce: [ntpf32.exe] C:\WINDOWS\ntpf32.exe
O4 - HKLM\..\RunOnce: [syssr32.exe] C:\WINDOWS\system32\syssr32.exe
O4 - HKLM\..\RunOnce: [sdkse32.exe] C:\WINDOWS\system32\sdkse32.exe
O4 - HKLM\..\RunOnce: [atllf32.exe] C:\WINDOWS\atllf32.exe
O4 - HKLM\..\RunOnce: [javait.exe] C:\WINDOWS\system32\javait.exe
O4 - HKLM\..\RunOnce: [wingq32.exe] C:\WINDOWS\system32\wingq32.exe
O4 - HKLM\..\RunOnce: [crrh32.exe] C:\WINDOWS\crrh32.exe
O4 - HKLM\..\RunOnce: [javafd32.exe] C:\WINDOWS\system32\javafd32.exe
O4 - HKLM\..\RunOnce: [syspu.exe] C:\WINDOWS\syspu.exe
O4 - HKLM\..\RunOnce: [atliv32.exe] C:\WINDOWS\atliv32.exe
O4 - HKLM\..\RunOnce: [netyc.exe] C:\WINDOWS\netyc.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3wg32.exe] C:\WINDOWS\d3wg32.exe
O4 - HKLM\..\RunOnce: [ipkq32.exe] C:\WINDOWS\ipkq32.exe
O4 - HKLM\..\RunOnce: [sdkfk.exe] C:\WINDOWS\system32\sdkfk.exe
O4 - HKLM\..\RunOnce: [netks.exe] C:\WINDOWS\system32\netks.exe
O4 - HKLM\..\RunOnce: [mfctq.exe] C:\WINDOWS\mfctq.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\system32\nter32.exe
O4 - HKLM\..\RunOnce: [netht32.exe] C:\WINDOWS\netht32.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\ntbm.exe
O4 - HKLM\..\RunOnce: [d3xq.exe] C:\WINDOWS\system32\d3xq.exe
O4 - HKLM\..\RunOnce: [javaul.exe] C:\WINDOWS\system32\javaul.exe
O4 - HKLM\..\RunOnce: [crai32.exe] C:\WINDOWS\system32\crai32.exe
O4 - HKLM\..\RunOnce: [cryg32.exe] C:\WINDOWS\cryg32.exe
O4 - HKLM\..\RunOnce: [appmd.exe] C:\WINDOWS\appmd.exe
O4 - HKLM\..\RunOnce: [mfcll.exe] C:\WINDOWS\system32\mfcll.exe
O4 - HKLM\..\RunOnce: [ntwm.exe] C:\WINDOWS\system32\ntwm.exe
O4 - HKLM\..\RunOnce: [appvl32.exe] C:\WINDOWS\system32\appvl32.exe
O4 - HKLM\..\RunOnce: [atlpc32.exe] C:\WINDOWS\atlpc32.exe
O4 - HKLM\..\RunOnce: [atlvz32.exe] C:\WINDOWS\system32\atlvz32.exe
O4 - HKLM\..\RunOnce: [msav32.exe] C:\WINDOWS\system32\msav32.exe
O4 - HKLM\..\RunOnce: [cryq.exe] C:\WINDOWS\system32\cryq.exe
O4 - HKLM\..\RunOnce: [apixy32.exe] C:\WINDOWS\system32\apixy32.exe
O4 - HKLM\..\RunOnce: [netzq32.exe] C:\WINDOWS\netzq32.exe
O4 - HKLM\..\RunOnce: [mfcct32.exe] C:\WINDOWS\mfcct32.exe
O4 - HKLM\..\RunOnce: [d3xd.exe] C:\WINDOWS\system32\d3xd.exe
O4 - HKLM\..\RunOnce: [iphw32.exe] C:\WINDOWS\iphw32.exe
O4 - HKLM\..\RunOnce: [sdkbp.exe] C:\WINDOWS\sdkbp.exe
O4 - HKLM\..\RunOnce: [apirc32.exe] C:\WINDOWS\system32\apirc32.exe
O4 - HKLM\..\RunOnce: [syswy32.exe] C:\WINDOWS\syswy32.exe
O4 - HKLM\..\RunOnce: [apizk.exe] C:\WINDOWS\system32\apizk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\atlmq.exe" /s (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

#12
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya

OK I am working on this one now, its a mess so it will take a while but i will post as soon as i can

UKBiker
  • 0

#13
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hiya Heavenwaits

Ok then here we go, it may take a few tries to get this right, but we will get there.

Preparation

print this out, you will need to refer to it later. It is a lengthy and complex fix and you cannot afford any mistakes here!

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

For anyone using Windows XP, 'Search' will not automatically show hidden files even if your folder options settings are set to do that. Do this so you can see hidden files and folders - click here http://www.davehigha...ds/xphidden.zip to download xphidden.zip. Extract xphidden.reg from the zip file and save it to the desktop. When done, double-click the xphidden.reg and when asked to merge say yes.


Here's the fix:

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Network Security Service (NSS)


When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you dont find this service listed go ahead with the next steps.

2. Reboot into SafeMode. <---MAKE SURE YOU KNOW HOW TO DO THIS!!

3. Press Ctrl+Alt+Delete once => Click Task Manager => Click the Processes tab => Double-click the Image Name column header to alphabetically sort the processes => Scroll through the list and look for:

winzi32.exe
atlmq.exe
If you find the files, click on them, and then click End Process => Exit the Task Manager.

4. CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This, then use HijackThis to delete the bad service. You do it like this - click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then paste in the text below and then press OK.

NSS

4. Next, go back to the HJT scan you have just done and put checks next to all the following if they are there, then click "Fix Checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {007B911E-5570-A396-6F4A-A0CC235143DC} - C:\WINDOWS\d3dn.dll
O2 - BHO: Class - {00A88ECE-D542-06D0-B1E9-091150D86D41} - C:\WINDOWS\system32\msyb32.dll
O2 - BHO: Class - {10093460-6F53-E394-D35F-77E61A43FF4C} - C:\WINDOWS\system32\appgq.dll
O2 - BHO: Class - {143CE5E6-B0AC-4914-AA2E-624EF574EB4D} - C:\WINDOWS\ipna.dll
O2 - BHO: Class - {18A23373-407C-5064-29FC-1C2D804594FA} - C:\WINDOWS\ipyn32.dll
O2 - BHO: Class - {274A509F-0F00-989C-5FD2-C372C9375F32} - C:\WINDOWS\apipy.dll
O2 - BHO: Class - {28749852-4EA9-0662-286C-D43C4474D30C} - C:\WINDOWS\system32\ipxj.dll
O2 - BHO: Class - {2CF3F7AD-CB85-FA6A-FA52-E649A865235B} - C:\WINDOWS\system32\sysss32.dll
O2 - BHO: Class - {2FBFD3DB-44BC-5682-6544-30AA6B08CA27} - C:\WINDOWS\system32\msuq32.dll
O2 - BHO: Class - {32011C7F-3430-3AF2-DD1F-0049908763E5} - C:\WINDOWS\ipzl.dll
O2 - BHO: Class - {3376A8DD-F7C4-77CF-6511-9B4C70AC5C19} - C:\WINDOWS\mfccp.dll
O2 - BHO: Class - {38D7B7AF-8225-46C7-D3F6-14944118DEB3} - C:\WINDOWS\crpa.dll
O2 - BHO: Class - {3BAA12D3-D817-0626-D1DF-41175C0B6EAB} - C:\WINDOWS\ieal.dll
O2 - BHO: Class - {3D1F3C37-49CA-66D3-9877-04375ADE521D} - C:\WINDOWS\appac32.dll
O2 - BHO: Class - {4763166E-429C-B5AF-C8E8-C91F5368F74C} - C:\WINDOWS\msvu.dll
O2 - BHO: Class - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syspj32.dll
O2 - BHO: Class - {64B26103-2B1C-551B-4BBE-4C0B592B4757} - C:\WINDOWS\system32\d3ih32.dll
O2 - BHO: Class - {6E088D4B-521B-1676-CDD6-EC121DD3C210} - C:\WINDOWS\addys32.dll
O2 - BHO: Class - {709EE32C-77FF-291F-529C-369850DB1D21} - C:\WINDOWS\system32\appgw.dll
O2 - BHO: Class - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\atlqy.dll
O2 - BHO: Class - {7878CA0E-A0AB-130C-1F20-66B2AB298226} - C:\WINDOWS\d3hf32.dll
O2 - BHO: Class - {7C5CF0D8-6AA4-2FDF-1323-0AC6A9822AA3} - C:\WINDOWS\system32\d3fw.dll
O2 - BHO: Class - {A43797D8-6CEB-05DC-43B9-29CDA766A2BF} - C:\WINDOWS\addmh32.dll
O2 - BHO: Class - {AB9DB4E2-75EB-16A7-E1F0-71015153AF1C} - C:\WINDOWS\appen.dll
O2 - BHO: Class - {ABE47D97-A0E4-6AFF-425A-480B402A89B8} - C:\WINDOWS\system32\ipol32.dll
O2 - BHO: Class - {B37338CB-DC89-F6A6-BA8B-AEF4D740566E} - C:\WINDOWS\mswa32.dll
O2 - BHO: Class - {BA766B06-F528-DA73-2252-17372A2B1F55} - C:\WINDOWS\system32\javazw32.dll
O2 - BHO: Class - {C19B9125-B9FB-3BFD-7568-61F62B879410} - C:\WINDOWS\system32\apisl32.dll
O2 - BHO: Class - {C19C3C4F-004E-8C8D-A093-AB7AC41004E0} - C:\WINDOWS\system32\appcd32.dll
O2 - BHO: Class - {C75F302C-5DED-C090-F779-5337D7567BC3} - C:\WINDOWS\system32\crnr32.dll
O2 - BHO: Class - {CD0109D6-A18C-B80E-FAF2-55938C44BD61} - C:\WINDOWS\system32\netee32.dll
O2 - BHO: Class - {D7AC65FF-C9B6-66D9-0935-85FAF279CD1E} - C:\WINDOWS\appep.dll
O2 - BHO: Class - {EB7A738C-0CE4-D731-5E60-6A46C953396F} - C:\WINDOWS\iecu.dll
O2 - BHO: Class - {EC0DCF51-1005-877B-C873-10B3F0156A8C} - C:\WINDOWS\system32\addoj32.dll
O4 - HKLM\..\Run: [syssq32.exe] C:\WINDOWS\system32\syssq32.exe
O4 - HKLM\..\Run: [ntwh.exe] C:\WINDOWS\system32\ntwh.exe
O4 - HKLM\..\Run: [javasw32.exe] C:\WINDOWS\system32\javasw32.exe
O4 - HKLM\..\Run: [winzi32.exe] C:\WINDOWS\system32\winzi32.exe
O4 - HKLM\..\RunOnce: [atlmq.exe] C:\WINDOWS\atlmq.exe
O4 - HKLM\..\RunOnce: [iean32.exe] C:\WINDOWS\system32\iean32.exe
O4 - HKLM\..\RunOnce: [sdkgh.exe] C:\WINDOWS\system32\sdkgh.exe
O4 - HKLM\..\RunOnce: [javasa32.exe] C:\WINDOWS\javasa32.exe
O4 - HKLM\..\RunOnce: [ipuv.exe] C:\WINDOWS\system32\ipuv.exe
O4 - HKLM\..\RunOnce: [syszr.exe] C:\WINDOWS\syszr.exe
O4 - HKLM\..\RunOnce: [javaoh32.exe] C:\WINDOWS\javaoh32.exe
O4 - HKLM\..\RunOnce: [ntov.exe] C:\WINDOWS\system32\ntov.exe
O4 - HKLM\..\RunOnce: [javaqq32.exe] C:\WINDOWS\system32\javaqq32.exe
O4 - HKLM\..\RunOnce: [mstl.exe] C:\WINDOWS\mstl.exe
O4 - HKLM\..\RunOnce: [apinw.exe] C:\WINDOWS\apinw.exe
O4 - HKLM\..\RunOnce: [appts.exe] C:\WINDOWS\appts.exe
O4 - HKLM\..\RunOnce: [d3ud32.exe] C:\WINDOWS\system32\d3ud32.exe
O4 - HKLM\..\RunOnce: [d3tn.exe] C:\WINDOWS\system32\d3tn.exe
O4 - HKLM\..\RunOnce: [ipcv.exe] C:\WINDOWS\system32\ipcv.exe
O4 - HKLM\..\RunOnce: [sysbh32.exe] C:\WINDOWS\sysbh32.exe
O4 - HKLM\..\RunOnce: [mfcqb.exe] C:\WINDOWS\mfcqb.exe
O4 - HKLM\..\RunOnce: [winga32.exe] C:\WINDOWS\winga32.exe
O4 - HKLM\..\RunOnce: [crng.exe] C:\WINDOWS\system32\crng.exe
O4 - HKLM\..\RunOnce: [sdkkb32.exe] C:\WINDOWS\system32\sdkkb32.exe
O4 - HKLM\..\RunOnce: [sysbw.exe] C:\WINDOWS\system32\sysbw.exe
O4 - HKLM\..\RunOnce: [msuy32.exe] C:\WINDOWS\system32\msuy32.exe
O4 - HKLM\..\RunOnce: [winza32.exe] C:\WINDOWS\winza32.exe
O4 - HKLM\..\RunOnce: [ntlv.exe] C:\WINDOWS\system32\ntlv.exe
O4 - HKLM\..\RunOnce: [javann.exe] C:\WINDOWS\system32\javann.exe
O4 - HKLM\..\RunOnce: [msne.exe] C:\WINDOWS\msne.exe
O4 - HKLM\..\RunOnce: [iece32.exe] C:\WINDOWS\system32\iece32.exe
O4 - HKLM\..\RunOnce: [appja.exe] C:\WINDOWS\system32\appja.exe
O4 - HKLM\..\RunOnce: [wingp.exe] C:\WINDOWS\wingp.exe
O4 - HKLM\..\RunOnce: [adddv.exe] C:\WINDOWS\system32\adddv.exe
O4 - HKLM\..\RunOnce: [mfcts.exe] C:\WINDOWS\mfcts.exe
O4 - HKLM\..\RunOnce: [winrx32.exe] C:\WINDOWS\winrx32.exe
O4 - HKLM\..\RunOnce: [netph32.exe] C:\WINDOWS\system32\netph32.exe
O4 - HKLM\..\RunOnce: [d3sr.exe] C:\WINDOWS\d3sr.exe
O4 - HKLM\..\RunOnce: [ipse32.exe] C:\WINDOWS\ipse32.exe
O4 - HKLM\..\RunOnce: [apiqz.exe] C:\WINDOWS\apiqz.exe
O4 - HKLM\..\RunOnce: [netcq.exe] C:\WINDOWS\system32\netcq.exe
O4 - HKLM\..\RunOnce: [netqn.exe] C:\WINDOWS\netqn.exe
O4 - HKLM\..\RunOnce: [ntqt32.exe] C:\WINDOWS\system32\ntqt32.exe
O4 - HKLM\..\RunOnce: [msir.exe] C:\WINDOWS\msir.exe
O4 - HKLM\..\RunOnce: [d3lj32.exe] C:\WINDOWS\d3lj32.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\mslp32.exe
O4 - HKLM\..\RunOnce: [sysal.exe] C:\WINDOWS\system32\sysal.exe
O4 - HKLM\..\RunOnce: [sdkew.exe] C:\WINDOWS\sdkew.exe
O4 - HKLM\..\RunOnce: [javanz32.exe] C:\WINDOWS\system32\javanz32.exe
O4 - HKLM\..\RunOnce: [mfcbs32.exe] C:\WINDOWS\system32\mfcbs32.exe
O4 - HKLM\..\RunOnce: [crrn32.exe] C:\WINDOWS\crrn32.exe
O4 - HKLM\..\RunOnce: [ipwx32.exe] C:\WINDOWS\ipwx32.exe
O4 - HKLM\..\RunOnce: [mszg32.exe] C:\WINDOWS\mszg32.exe
O4 - HKLM\..\RunOnce: [crdq32.exe] C:\WINDOWS\crdq32.exe
O4 - HKLM\..\RunOnce: [ipud32.exe] C:\WINDOWS\system32\ipud32.exe
O4 - HKLM\..\RunOnce: [javahf.exe] C:\WINDOWS\system32\javahf.exe
O4 - HKLM\..\RunOnce: [appqm32.exe] C:\WINDOWS\appqm32.exe
O4 - HKLM\..\RunOnce: [ipji.exe] C:\WINDOWS\ipji.exe
O4 - HKLM\..\RunOnce: [sysxg32.exe] C:\WINDOWS\sysxg32.exe
O4 - HKLM\..\RunOnce: [sdkuk32.exe] C:\WINDOWS\system32\sdkuk32.exe
O4 - HKLM\..\RunOnce: [winhy.exe] C:\WINDOWS\winhy.exe
O4 - HKLM\..\RunOnce: [mfcxn32.exe] C:\WINDOWS\mfcxn32.exe
O4 - HKLM\..\RunOnce: [ntrs32.exe] C:\WINDOWS\ntrs32.exe
O4 - HKLM\..\RunOnce: [appzn32.exe] C:\WINDOWS\system32\appzn32.exe
O4 - HKLM\..\RunOnce: [javapc32.exe] C:\WINDOWS\javapc32.exe
O4 - HKLM\..\RunOnce: [ieds32.exe] C:\WINDOWS\system32\ieds32.exe
O4 - HKLM\..\RunOnce: [appwp.exe] C:\WINDOWS\appwp.exe
O4 - HKLM\..\RunOnce: [crzm32.exe] C:\WINDOWS\system32\crzm32.exe
O4 - HKLM\..\RunOnce: [netdu32.exe] C:\WINDOWS\system32\netdu32.exe
O4 - HKLM\..\RunOnce: [nettt32.exe] C:\WINDOWS\nettt32.exe
O4 - HKLM\..\RunOnce: [netqw.exe] C:\WINDOWS\system32\netqw.exe
O4 - HKLM\..\RunOnce: [javadg32.exe] C:\WINDOWS\javadg32.exe
O4 - HKLM\..\RunOnce: [criu32.exe] C:\WINDOWS\system32\criu32.exe
O4 - HKLM\..\RunOnce: [mfckg32.exe] C:\WINDOWS\system32\mfckg32.exe
O4 - HKLM\..\RunOnce: [winym.exe] C:\WINDOWS\system32\winym.exe
O4 - HKLM\..\RunOnce: [javahd32.exe] C:\WINDOWS\system32\javahd32.exe
O4 - HKLM\..\RunOnce: [apiop.exe] C:\WINDOWS\system32\apiop.exe
O4 - HKLM\..\RunOnce: [atllg32.exe] C:\WINDOWS\atllg32.exe
O4 - HKLM\..\RunOnce: [addcx32.exe] C:\WINDOWS\system32\addcx32.exe
O4 - HKLM\..\RunOnce: [msbk32.exe] C:\WINDOWS\msbk32.exe
O4 - HKLM\..\RunOnce: [crbx.exe] C:\WINDOWS\system32\crbx.exe
O4 - HKLM\..\RunOnce: [apiyd32.exe] C:\WINDOWS\apiyd32.exe
O4 - HKLM\..\RunOnce: [winjm.exe] C:\WINDOWS\winjm.exe
O4 - HKLM\..\RunOnce: [nttq32.exe] C:\WINDOWS\nttq32.exe
O4 - HKLM\..\RunOnce: [ntby32.exe] C:\WINDOWS\system32\ntby32.exe
O4 - HKLM\..\RunOnce: [syswh32.exe] C:\WINDOWS\system32\syswh32.exe
O4 - HKLM\..\RunOnce: [javapg32.exe] C:\WINDOWS\javapg32.exe
O4 - HKLM\..\RunOnce: [ipui.exe] C:\WINDOWS\system32\ipui.exe
O4 - HKLM\..\RunOnce: [ntuy32.exe] C:\WINDOWS\system32\ntuy32.exe
O4 - HKLM\..\RunOnce: [atlck.exe] C:\WINDOWS\system32\atlck.exe
O4 - HKLM\..\RunOnce: [addli.exe] C:\WINDOWS\addli.exe
O4 - HKLM\..\RunOnce: [netps32.exe] C:\WINDOWS\netps32.exe
O4 - HKLM\..\RunOnce: [mfchy32.exe] C:\WINDOWS\system32\mfchy32.exe
O4 - HKLM\..\RunOnce: [javadi32.exe] C:\WINDOWS\system32\javadi32.exe
O4 - HKLM\..\RunOnce: [ntgr32.exe] C:\WINDOWS\system32\ntgr32.exe
O4 - HKLM\..\RunOnce: [mfcff32.exe] C:\WINDOWS\mfcff32.exe
O4 - HKLM\..\RunOnce: [iewh.exe] C:\WINDOWS\system32\iewh.exe
O4 - HKLM\..\RunOnce: [d3tc.exe] C:\WINDOWS\system32\d3tc.exe
O4 - HKLM\..\RunOnce: [ntes32.exe] C:\WINDOWS\system32\ntes32.exe
O4 - HKLM\..\RunOnce: [sdkng.exe] C:\WINDOWS\system32\sdkng.exe
O4 - HKLM\..\RunOnce: [atlmu32.exe] C:\WINDOWS\system32\atlmu32.exe
O4 - HKLM\..\RunOnce: [mfcnk32.exe] C:\WINDOWS\system32\mfcnk32.exe
O4 - HKLM\..\RunOnce: [winlx32.exe] C:\WINDOWS\winlx32.exe
O4 - HKLM\..\RunOnce: [d3kk32.exe] C:\WINDOWS\d3kk32.exe
O4 - HKLM\..\RunOnce: [crnj32.exe] C:\WINDOWS\system32\crnj32.exe
O4 - HKLM\..\RunOnce: [atlsk.exe] C:\WINDOWS\system32\atlsk.exe
O4 - HKLM\..\RunOnce: [mfckt.exe] C:\WINDOWS\system32\mfckt.exe
O4 - HKLM\..\RunOnce: [javadb.exe] C:\WINDOWS\system32\javadb.exe
O4 - HKLM\..\RunOnce: [iefz32.exe] C:\WINDOWS\system32\iefz32.exe
O4 - HKLM\..\RunOnce: [msdh.exe] C:\WINDOWS\msdh.exe
O4 - HKLM\..\RunOnce: [ntkn.exe] C:\WINDOWS\system32\ntkn.exe
O4 - HKLM\..\RunOnce: [crse.exe] C:\WINDOWS\crse.exe
O4 - HKLM\..\RunOnce: [apigj32.exe] C:\WINDOWS\system32\apigj32.exe
O4 - HKLM\..\RunOnce: [ieli.exe] C:\WINDOWS\ieli.exe
O4 - HKLM\..\RunOnce: [mfcrb.exe] C:\WINDOWS\mfcrb.exe
O4 - HKLM\..\RunOnce: [iefb32.exe] C:\WINDOWS\iefb32.exe
O4 - HKLM\..\RunOnce: [mfcem32.exe] C:\WINDOWS\system32\mfcem32.exe
O4 - HKLM\..\RunOnce: [sdktd32.exe] C:\WINDOWS\sdktd32.exe
O4 - HKLM\..\RunOnce: [sysvc32.exe] C:\WINDOWS\system32\sysvc32.exe
O4 - HKLM\..\RunOnce: [atlob32.exe] C:\WINDOWS\atlob32.exe
O4 - HKLM\..\RunOnce: [netha32.exe] C:\WINDOWS\system32\netha32.exe
O4 - HKLM\..\RunOnce: [d3sw32.exe] C:\WINDOWS\d3sw32.exe
O4 - HKLM\..\RunOnce: [netut.exe] C:\WINDOWS\netut.exe
O4 - HKLM\..\RunOnce: [winnm32.exe] C:\WINDOWS\system32\winnm32.exe
O4 - HKLM\..\RunOnce: [crso32.exe] C:\WINDOWS\crso32.exe
O4 - HKLM\..\RunOnce: [winlk.exe] C:\WINDOWS\winlk.exe
O4 - HKLM\..\RunOnce: [sdkrp.exe] C:\WINDOWS\sdkrp.exe
O4 - HKLM\..\RunOnce: [mfcwj32.exe] C:\WINDOWS\mfcwj32.exe
O4 - HKLM\..\RunOnce: [atlte.exe] C:\WINDOWS\system32\atlte.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [ntsz32.exe] C:\WINDOWS\system32\ntsz32.exe
O4 - HKLM\..\RunOnce: [appxt32.exe] C:\WINDOWS\appxt32.exe
O4 - HKLM\..\RunOnce: [atlxj32.exe] C:\WINDOWS\system32\atlxj32.exe
O4 - HKLM\..\RunOnce: [ieke.exe] C:\WINDOWS\ieke.exe
O4 - HKLM\..\RunOnce: [apiui32.exe] C:\WINDOWS\system32\apiui32.exe
O4 - HKLM\..\RunOnce: [sdkkp.exe] C:\WINDOWS\sdkkp.exe
O4 - HKLM\..\RunOnce: [apijc.exe] C:\WINDOWS\system32\apijc.exe
O4 - HKLM\..\RunOnce: [sysof32.exe] C:\WINDOWS\system32\sysof32.exe
O4 - HKLM\..\RunOnce: [ntof.exe] C:\WINDOWS\ntof.exe
O4 - HKLM\..\RunOnce: [msgb32.exe] C:\WINDOWS\system32\msgb32.exe
O4 - HKLM\..\RunOnce: [mfcqh.exe] C:\WINDOWS\system32\mfcqh.exe
O4 - HKLM\..\RunOnce: [sysfl32.exe] C:\WINDOWS\sysfl32.exe
O4 - HKLM\..\RunOnce: [d3pr.exe] C:\WINDOWS\system32\d3pr.exe
O4 - HKLM\..\RunOnce: [msvo32.exe] C:\WINDOWS\msvo32.exe
O4 - HKLM\..\RunOnce: [d3jd32.exe] C:\WINDOWS\system32\d3jd32.exe
O4 - HKLM\..\RunOnce: [sysjq.exe] C:\WINDOWS\sysjq.exe
O4 - HKLM\..\RunOnce: [d3yx.exe] C:\WINDOWS\d3yx.exe
O4 - HKLM\..\RunOnce: [sysli.exe] C:\WINDOWS\system32\sysli.exe
O4 - HKLM\..\RunOnce: [winvp.exe] C:\WINDOWS\system32\winvp.exe
O4 - HKLM\..\RunOnce: [appux.exe] C:\WINDOWS\appux.exe
O4 - HKLM\..\RunOnce: [netny.exe] C:\WINDOWS\netny.exe
O4 - HKLM\..\RunOnce: [addyo32.exe] C:\WINDOWS\system32\addyo32.exe
O4 - HKLM\..\RunOnce: [addml32.exe] C:\WINDOWS\addml32.exe
O4 - HKLM\..\RunOnce: [atlmr.exe] C:\WINDOWS\system32\atlmr.exe
O4 - HKLM\..\RunOnce: [winbg.exe] C:\WINDOWS\system32\winbg.exe
O4 - HKLM\..\RunOnce: [crmz32.exe] C:\WINDOWS\crmz32.exe
O4 - HKLM\..\RunOnce: [ipkm32.exe] C:\WINDOWS\system32\ipkm32.exe
O4 - HKLM\..\RunOnce: [sdkex32.exe] C:\WINDOWS\system32\sdkex32.exe
O4 - HKLM\..\RunOnce: [atlju32.exe] C:\WINDOWS\atlju32.exe
O4 - HKLM\..\RunOnce: [netxa.exe] C:\WINDOWS\system32\netxa.exe
O4 - HKLM\..\RunOnce: [crte32.exe] C:\WINDOWS\system32\crte32.exe
O4 - HKLM\..\RunOnce: [ntgj32.exe] C:\WINDOWS\system32\ntgj32.exe
O4 - HKLM\..\RunOnce: [wingj.exe] C:\WINDOWS\wingj.exe
O4 - HKLM\..\RunOnce: [mskv.exe] C:\WINDOWS\system32\mskv.exe
O4 - HKLM\..\RunOnce: [javauu.exe] C:\WINDOWS\system32\javauu.exe
O4 - HKLM\..\RunOnce: [sdkdu32.exe] C:\WINDOWS\sdkdu32.exe
O4 - HKLM\..\RunOnce: [ntrr.exe] C:\WINDOWS\system32\ntrr.exe
O4 - HKLM\..\RunOnce: [sdkxo.exe] C:\WINDOWS\system32\sdkxo.exe
O4 - HKLM\..\RunOnce: [applk.exe] C:\WINDOWS\applk.exe
O4 - HKLM\..\RunOnce: [mfcdg.exe] C:\WINDOWS\mfcdg.exe
O4 - HKLM\..\RunOnce: [msdl.exe] C:\WINDOWS\system32\msdl.exe
O4 - HKLM\..\RunOnce: [ipkb32.exe] C:\WINDOWS\system32\ipkb32.exe
O4 - HKLM\..\RunOnce: [crva32.exe] C:\WINDOWS\crva32.exe
O4 - HKLM\..\RunOnce: [d3ol32.exe] C:\WINDOWS\system32\d3ol32.exe
O4 - HKLM\..\RunOnce: [ipth32.exe] C:\WINDOWS\system32\ipth32.exe
O4 - HKLM\..\RunOnce: [sysik.exe] C:\WINDOWS\system32\sysik.exe
O4 - HKLM\..\RunOnce: [winoh32.exe] C:\WINDOWS\winoh32.exe
O4 - HKLM\..\RunOnce: [crli.exe] C:\WINDOWS\crli.exe
O4 - HKLM\..\RunOnce: [ieky.exe] C:\WINDOWS\system32\ieky.exe
O4 - HKLM\..\RunOnce: [addcr.exe] C:\WINDOWS\system32\addcr.exe
O4 - HKLM\..\RunOnce: [atloi.exe] C:\WINDOWS\system32\atloi.exe
O4 - HKLM\..\RunOnce: [apinq.exe] C:\WINDOWS\apinq.exe
O4 - HKLM\..\RunOnce: [atlll32.exe] C:\WINDOWS\atlll32.exe
O4 - HKLM\..\RunOnce: [javaaa.exe] C:\WINDOWS\javaaa.exe
O4 - HKLM\..\RunOnce: [ipej32.exe] C:\WINDOWS\ipej32.exe
O4 - HKLM\..\RunOnce: [ntea.exe] C:\WINDOWS\ntea.exe
O4 - HKLM\..\RunOnce: [netna.exe] C:\WINDOWS\netna.exe
O4 - HKLM\..\RunOnce: [d3cp32.exe] C:\WINDOWS\d3cp32.exe
O4 - HKLM\..\RunOnce: [addmn.exe] C:\WINDOWS\addmn.exe
O4 - HKLM\..\RunOnce: [ieqr.exe] C:\WINDOWS\ieqr.exe
O4 - HKLM\..\RunOnce: [atlfp32.exe] C:\WINDOWS\system32\atlfp32.exe
O4 - HKLM\..\RunOnce: [ntpf32.exe] C:\WINDOWS\ntpf32.exe
O4 - HKLM\..\RunOnce: [syssr32.exe] C:\WINDOWS\system32\syssr32.exe
O4 - HKLM\..\RunOnce: [sdkse32.exe] C:\WINDOWS\system32\sdkse32.exe
O4 - HKLM\..\RunOnce: [atllf32.exe] C:\WINDOWS\atllf32.exe
O4 - HKLM\..\RunOnce: [javait.exe] C:\WINDOWS\system32\javait.exe
O4 - HKLM\..\RunOnce: [wingq32.exe] C:\WINDOWS\system32\wingq32.exe
O4 - HKLM\..\RunOnce: [crrh32.exe] C:\WINDOWS\crrh32.exe
O4 - HKLM\..\RunOnce: [javafd32.exe] C:\WINDOWS\system32\javafd32.exe
O4 - HKLM\..\RunOnce: [syspu.exe] C:\WINDOWS\syspu.exe
O4 - HKLM\..\RunOnce: [atliv32.exe] C:\WINDOWS\atliv32.exe
O4 - HKLM\..\RunOnce: [netyc.exe] C:\WINDOWS\netyc.exe
O4 - HKLM\..\RunOnce: [crug32.exe] C:\WINDOWS\crug32.exe
O4 - HKLM\..\RunOnce: [d3wg32.exe] C:\WINDOWS\d3wg32.exe
O4 - HKLM\..\RunOnce: [ipkq32.exe] C:\WINDOWS\ipkq32.exe
O4 - HKLM\..\RunOnce: [sdkfk.exe] C:\WINDOWS\system32\sdkfk.exe
O4 - HKLM\..\RunOnce: [netks.exe] C:\WINDOWS\system32\netks.exe
O4 - HKLM\..\RunOnce: [mfctq.exe] C:\WINDOWS\mfctq.exe
O4 - HKLM\..\RunOnce: [nter32.exe] C:\WINDOWS\system32\nter32.exe
O4 - HKLM\..\RunOnce: [netht32.exe] C:\WINDOWS\netht32.exe
O4 - HKLM\..\RunOnce: [ntbm.exe] C:\WINDOWS\ntbm.exe
O4 - HKLM\..\RunOnce: [d3xq.exe] C:\WINDOWS\system32\d3xq.exe
O4 - HKLM\..\RunOnce: [javaul.exe] C:\WINDOWS\system32\javaul.exe
O4 - HKLM\..\RunOnce: [crai32.exe] C:\WINDOWS\system32\crai32.exe
O4 - HKLM\..\RunOnce: [cryg32.exe] C:\WINDOWS\cryg32.exe
O4 - HKLM\..\RunOnce: [appmd.exe] C:\WINDOWS\appmd.exe
O4 - HKLM\..\RunOnce: [mfcll.exe] C:\WINDOWS\system32\mfcll.exe
O4 - HKLM\..\RunOnce: [ntwm.exe] C:\WINDOWS\system32\ntwm.exe
O4 - HKLM\..\RunOnce: [appvl32.exe] C:\WINDOWS\system32\appvl32.exe
O4 - HKLM\..\RunOnce: [atlpc32.exe] C:\WINDOWS\atlpc32.exe
O4 - HKLM\..\RunOnce: [atlvz32.exe] C:\WINDOWS\system32\atlvz32.exe
O4 - HKLM\..\RunOnce: [msav32.exe] C:\WINDOWS\system32\msav32.exe
O4 - HKLM\..\RunOnce: [cryq.exe] C:\WINDOWS\system32\cryq.exe
O4 - HKLM\..\RunOnce: [apixy32.exe] C:\WINDOWS\system32\apixy32.exe
O4 - HKLM\..\RunOnce: [netzq32.exe] C:\WINDOWS\netzq32.exe
O4 - HKLM\..\RunOnce: [mfcct32.exe] C:\WINDOWS\mfcct32.exe
O4 - HKLM\..\RunOnce: [d3xd.exe] C:\WINDOWS\system32\d3xd.exe
O4 - HKLM\..\RunOnce: [iphw32.exe] C:\WINDOWS\iphw32.exe
O4 - HKLM\..\RunOnce: [sdkbp.exe] C:\WINDOWS\sdkbp.exe
O4 - HKLM\..\RunOnce: [apirc32.exe] C:\WINDOWS\system32\apirc32.exe
O4 - HKLM\..\RunOnce: [syswy32.exe] C:\WINDOWS\syswy32.exe
O4 - HKLM\..\RunOnce: [apizk.exe] C:\WINDOWS\system32\apizk.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\atlmq.exe" /s (file missing)


Click on Fix Checked when finished and exit HijackThis.


5. Use Windows Explorer to delete the following files if present:
If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

C:\WINDOWS\system32\winzi32.exe
C:\WINDOWS\atlmq.exe
(and any other files with the same name that end in .dll, .exe or .dat, you may find them right next to each other, example - nnnnnn.exe, nnnnn.dll, nnnnnn.dat)


6. Scan with AdAware and let it remove any bad files found.

7. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

11. Reboot into normal mode.

12. Download and run this online virus scan:
http://housecall.tre.../start_corp.asp
Make sure you check "AutoClean"

then reboot and post a fresh Hijack This log to see how we did.

Good Luck :tazz:

UKBiker
  • 0

#14
heavenwaits

heavenwaits

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, so I did everything. When I re-booted into normal mode after the virus scan my computer yelled at me for missing about 8 files, but otherwise booted up normally.

Also, just to let you know I'm going out of town for a couple of days, so if I'm gone it's not because I'm giving up, I'm just out, but I will be back. :tazz:

Okay, here's my hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 10:18:02 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\addvo.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: Class - {21EADA2E-FF24-A508-1802-13989D825ABA} - C:\WINDOWS\system32\appnu.dll
O2 - BHO: Class - {36A77E45-4040-B13E-8BF8-9085B4CC38C6} - C:\WINDOWS\ipgj32.dll
O2 - BHO: Class - {5B52EF97-ABD3-9E08-6196-8F72B312FA3A} - C:\WINDOWS\apiww.dll
O2 - BHO: Class - {5FF9D913-AF6D-6D79-5A3A-75BA7425C8DF} - C:\WINDOWS\d3rf32.dll
O2 - BHO: Class - {6BA6773B-A8AF-70D0-7147-7C6CE7CCFF4C} - C:\WINDOWS\system32\sysxf32.dll
O2 - BHO: Class - {979ED9FE-798C-77B1-BF79-A3BC1983DD6E} - C:\WINDOWS\atlzf32.dll
O2 - BHO: Class - {A3F9FD31-3DFB-13C1-8E7D-BCEAF75A15DA} - C:\WINDOWS\appqb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {AEC12FD1-2D85-624B-3CFF-BAD55B99B1F3} - C:\WINDOWS\apppw.dll
O2 - BHO: Class - {BC871140-5119-C1BF-54EE-A8EE8A1643B6} - C:\WINDOWS\system32\ntkc32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mfcuu.exe] C:\WINDOWS\system32\mfcuu.exe
O4 - HKLM\..\Run: [addvo.exe] C:\WINDOWS\addvo.exe
O4 - HKLM\..\RunOnce: [sdkch.exe] C:\WINDOWS\system32\sdkch.exe
O4 - HKLM\..\RunOnce: [netgk32.exe] C:\WINDOWS\system32\netgk32.exe
O4 - HKLM\..\RunOnce: [appkx.exe] C:\WINDOWS\appkx.exe
O4 - HKLM\..\RunOnce: [apixk.exe] C:\WINDOWS\apixk.exe
O4 - HKLM\..\RunOnce: [crgn.exe] C:\WINDOWS\system32\crgn.exe
O4 - HKLM\..\RunOnce: [atlkq32.exe] C:\WINDOWS\system32\atlkq32.exe
O4 - HKLM\..\RunOnce: [sysbx32.exe] C:\WINDOWS\system32\sysbx32.exe
O4 - HKLM\..\RunOnce: [crwg.exe] C:\WINDOWS\crwg.exe
O4 - HKLM\..\RunOnce: [apigd32.exe] C:\WINDOWS\apigd32.exe
O4 - HKLM\..\RunOnce: [atlvu.exe] C:\WINDOWS\atlvu.exe
O4 - HKLM\..\RunOnce: [msjx32.exe] C:\WINDOWS\system32\msjx32.exe
O4 - HKLM\..\RunOnce: [d3nm.exe] C:\WINDOWS\d3nm.exe
O4 - HKLM\..\RunOnce: [winro.exe] C:\WINDOWS\winro.exe
O4 - HKLM\..\RunOnce: [javagw32.exe] C:\WINDOWS\system32\javagw32.exe
O4 - HKLM\..\RunOnce: [crpi.exe] C:\WINDOWS\system32\crpi.exe
O4 - HKLM\..\RunOnce: [d3cf32.exe] C:\WINDOWS\system32\d3cf32.exe
O4 - HKLM\..\RunOnce: [netiz32.exe] C:\WINDOWS\netiz32.exe
O4 - HKLM\..\RunOnce: [sdkep32.exe] C:\WINDOWS\sdkep32.exe
O4 - HKLM\..\RunOnce: [iepm.exe] C:\WINDOWS\system32\iepm.exe
O4 - HKLM\..\RunOnce: [crtn32.exe] C:\WINDOWS\crtn32.exe
O4 - HKLM\..\RunOnce: [d3bd32.exe] C:\WINDOWS\d3bd32.exe
O4 - HKLM\..\RunOnce: [netgy32.exe] C:\WINDOWS\netgy32.exe
O4 - HKLM\..\RunOnce: [mskh.exe] C:\WINDOWS\mskh.exe
O4 - HKLM\..\RunOnce: [sdktm32.exe] C:\WINDOWS\sdktm32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\javayf32.exe" /s (file missing)
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  • 0

#15
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There

well we got some of it but it has changed its name again, never mind. As you are going away for a few days, just post a message here when you get back and we will carry on.

UKBiker
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP