Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

iSearch, ICanNews, UCMore, and others [RESOLVED]


  • This topic is locked This topic is locked

#1
jurgel4880

jurgel4880

    New Member

  • Member
  • Pip
  • 9 posts
Hi. This is my first time in this forum. I heard about this place from a friend, but anyways. My computer is slowing down because of spyware such as those I have listed in my title. I currently use Lavasoft Ad-Aware and Microsoft Antispyware to get rid of such malware. Unfortunately, they seem to never leave. They, you can kind of say, regenerate. Can someone help me please?

Here is my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:03:08 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
Logfile of HijackThis v1.99.1
Scan saved at 6:03:08 PM, on 7/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20013\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ododou] C:\WINDOWS\System32\ododou.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116433623499
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: ShellBot - C:\WINDOWS\system32\srbcsp.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\notmsg.dll
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

Advertisements


#2
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi jurgel4880 and welcome to Geeks To Go. :tazz:

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I have finally updated my computer with Windows SP2.

Here is my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:42:30 AM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Jay'z Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ododou] C:\WINDOWS\System32\ododou.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\notmsg.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\notmsg.dll
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#4
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi Jurjel :tazz:

Please go here and complete these steps.

http://www.geekstogo..._Log-t2852.html

Repost a hijack log after this is done. ;)
  • 0

#5
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK. I have followed all the directions on the post that u gave me a link for. Here is my HijackThis log and, also, my Ewido Scan Report. Thank you for all your assistance. It is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:34:43 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Jay'z Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20013\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ododou] C:\WINDOWS\System32\ododou.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\notmsg.dll
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Owner\Desktop\CWShredder.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:12:51 PM, 7/12/2005
+ Report-Checksum: CDA1FF99

+ Scan result:

HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Spyware.Look2Me : Cleaned with backup
HKU\S-1-5-21-1426590395-1260927497-516276246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1426590395-1260927497-516276246-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1426590395-1260927497-516276246-1003\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
C:\Documents and Settings\Administrator\~update.exe -> Trojan.Lopata : Cleaned with backup
C:\Documents and Settings\Default User\1.exe -> Trojan.Lopata : Cleaned with backup
C:\Documents and Settings\Default User\~update.exe -> Trojan.Lopata : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4X8HC90J\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KJCZQ7OD\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\ihsahqs.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\orzbbhk.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\pozgi.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\qstitk.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\txmcovjz.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temp\uqzlfh.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\PauL\Local Settings\Temporary Internet Files\Content.IE5\K77FAWH1\rwdlsys[1].exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\1.exe -> Trojan.Lopata : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\DWXP2OMK\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\DWXP2OMK\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\FP80AB3V\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\KATLS5US\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\SDI7GPE7\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\Local Settings\Temporary Internet Files\Content.IE5\SDI7GPE7\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Paul.URGEL\~update.exe -> Trojan.Lopata : Cleaned with backup
C:\Program Files\ArcSoft\My Photo Center\PhotoStudio\config\BONONSKI_PauL_PSTUDIO.INI:vojwz -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Internet Explorer\tkxpurrb.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\Program Files\Internet Explorer\tmblxrqb.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\Program Files\Internet Explorer\uyskinki.exe -> Trojan.Starter : Cleaned with backup
C:\Program Files\Internet Explorer\xbfmlqzh.exe -> Trojan.Starter : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\158FE0FD-8902-4C3A-BDE8-C19FA5\7BE025DA-E38F-4734-8592-1CE92E -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2E1E18A7-D69B-4FDD-80CC-1F4609\205E2B28-92E0-4D30-9865-AF7A3E -> TrojanDownloader.Small.abd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6240DC7B-28A7-4E64-A8EA-522A8B\AC1A92C3-5B5C-47E6-862B-5C91C2 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6240DC7B-28A7-4E64-A8EA-522A8B\DEB30BDD-F949-4FEB-8AC2-8F059F -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7B242E82-7D82-4C80-88BB-83BEC8\BBA5E4EB-6D1D-455D-B684-7B3671 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D789492-6D32-45C4-A8DE-59448E\1BA3E16E-D265-4D22-88DD-20751E -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D789492-6D32-45C4-A8DE-59448E\2564CDFA-08DE-4D3C-8E57-D1B147 -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D789492-6D32-45C4-A8DE-59448E\448755ED-0942-456A-B142-745671 -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D789492-6D32-45C4-A8DE-59448E\7D08899E-F678-4435-BE88-C8C298 -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D789492-6D32-45C4-A8DE-59448E\A84A691C-B801-46B3-A6E8-DFD030 -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CEDB435E-F720-46F8-8F86-072833\51649968-E168-4242-858E-4B5ACE -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E8B971AC-A384-4FEC-B05C-2A51A0\9EB80B6A-1DBE-4201-A26C-29BC5F -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc181\3.00.05.dll -> Spyware.Ihbo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc187.dll -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc191.dll -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc192.dll -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc193.ini:coqvqb -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc194.ini:roxqoz -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc198.ini:wfawqw -> Spyware.SearchPage : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc211.dll -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc212.ini:kbpxb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:digfcg -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:dtygox -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:dybuzo -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:guuxs -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:hromkv -> Spyware.Ipyn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:kioaiw -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:mgtuy -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:mnrqak -> Trojan.Agent.bi : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:rzzsmr -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:tfiiz -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:upibll -> Spyware.SearchPage : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:vtjlqh -> Spyware.Ipyn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:wokduu -> Spyware.Ipyn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc219.pif:zydov -> Spyware.Ipyn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc220.txt:tlqkv -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc307.dll -> TrojanDropper.Small.tn : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc311.dll -> TrojanSpy.Agent.dt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc312.dll -> TrojanProxy.Agent.dt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc321.exe -> TrojanSpy.Agent.dt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1815002781-270800707-2247778763-1003\Dc342.exe -> Trojan.PdPinch : Cleaned with backup
C:\RECYCLER\svchost.dll -> TrojanProxy.Agent.ex : Cleaned with backup
C:\RECYCLER\svchost.exe -> TrojanDropper.Agent.kz : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP13\A0002777.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP13\A0002833.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0002863.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003117.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003148.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003159.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003201.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003203.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003203.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003206.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003208.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003216.exe -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003226.exe -> TrojanDownloader.Small.aut : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003231.exe -> TrojanDownloader.Delf.nl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003232.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003235.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003236.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003238.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003239.exe -> TrojanDownloader.Small.mx : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003240.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003241.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003244.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003246.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003247.exe -> Trojan.LowZones.y : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP14\A0003248.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP15\A0003315.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003839.exe -> TrojanDownloader.Agent.js : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003843.exe -> Backdoor.Haxdoor : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003844.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003845.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003846.sys -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP21\A0003847.sys -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP22\A0005943.exe -> TrojanDropper.Delf.ev : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP23\A0006088.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP23\A0006121.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP23\A0006213.exe -> TrojanDownloader.Agent.js : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP29\A0008795.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP29\A0008796.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP29\A0008799.exe -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP29\A0008800.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP29\A0008801.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP35\A0011261.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP35\A0011262.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP35\A0011298.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP35\A0011299.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP35\A0011300.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011302.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011309.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011317.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011330.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011338.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP36\A0011347.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011372.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011382.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011389.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011406.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011410.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011436.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011443.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP37\A0011444.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP38\A0011460.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP38\A0011461.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP38\A0011462.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP38\A0011463.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP44\A0012201.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP50\A0013056.exe -> TrojanDropper.Delf.ev : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP50\A0013077.dll -> Spyware.Quick : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP50\A0013091.exe -> Trojan.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP55\A0013412.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP55\A0013413.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP56\A0015117.exe -> Trojan.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP6\A0000823.exe -> TrojanSpy.Agent.dq : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP6\A0000824.exe -> TrojanDownloader.Small.aub : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP6\A0000843.exe -> Spyware.Spywad : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP6\A0000846.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP6\A0000881.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP63\A0015703.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP63\A0015705.exe -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP63\A0015707.exe -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP63\A0015892.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP64\A0016953.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP65\A0017024.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP67\A0018116.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP68\A0018184.exe -> TrojanDropper.Delf.ev : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP68\A0018199.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP68\A0018200.sys -> Backdoor.Haxdoor : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020291.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020292.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020293.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020293.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020297.dll -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020301.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020304.exe -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020305.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP69\A0020306.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001655.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001658.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001658.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001660.exe -> Spyware.Spywad : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001671.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001672.exe -> TrojanDownloader.Small.mx : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001673.exe -> Spyware.Spywad : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001675.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001676.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001680.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001681.exe -> Spyware.Spywad : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001685.exe -> Spyware.Spywad : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP7\A0001696.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020649.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020664.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020682.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020683.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020684.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP71\A0020685.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020752.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020765.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020783.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020808.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020810.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020812.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020820.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020821.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020822.dll -> Spyware.Winsta : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020823.exe -> TrojanDownloader.Lastad.p : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020836.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020846.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020847.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP72\A0020865.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP73\A0020901.exe -> TrojanDropper.Delf.ev : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP73\A0020926.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0020969.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0020970.exe -> TrojanDownloader.Small.aal : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0020983.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021091.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021129.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021130.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021131.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021132.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021133.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0021134.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP74\A0023995.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024009.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024019.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024608.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024623.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024717.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024784.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024812.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024831.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024832.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024833.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024837.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP75\A0024838.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024944.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024953.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024957.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024967.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024968.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024969.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024970.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024974.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024975.exe -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024976.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024977.dll -> Spyware.Winsta : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024978.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024979.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024980.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024981.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024982.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP76\A0024994.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP77\A0025041.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025106.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025135.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025161.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025166.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025167.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025834.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025845.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025848.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025849.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025850.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025854.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025855.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025964.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025965.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0025979.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP78\A0026023.exe -> Trojan.Lopata : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP79\A0026080.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP79\A0026102.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP79\A0026211.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP79\A0026331.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP80\A0026824.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP80\A0026846.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP80\A0026873.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP95\A0031801.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP95\A0031814.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP95\A0031843.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP96\A0031862.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP96\A0031878.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0031986.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0031987.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0031988.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0031992.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0031993.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0032016.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP97\A0032023.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\tkxpurrb.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\tmblxrqb.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\WINDOWS\iNetPal\EZThemes_m3tsp8.exe -> TrojanDownloader.Agent.er : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM\svchost.dll -> TrojanProxy.Agent.ex : Cleaned with backup
C:\WINDOWS\SYSTEM\svchost.exe -> TrojanDropper.Agent.kz : Cleaned with backup
C:\WINDOWS\SYSTEM32:vtaa.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\1.exe -> Trojan.Lopata : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\owner@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\ajdnjh.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\config\systemprofile\~update.exe -> Trojan.Lopata : Cleaned with backup
C:\WINDOWS\SYSTEM32\drivers\ykfdchln.sys -> Trojan.Agent.aw : Cleaned with backup
C:\WINDOWS\SYSTEM32\hz.sys -> Backdoor.Haxdoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\iHshlpr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ll433.dll -> TrojanDownloader.Small.acw : Cleaned with backup
C:\WINDOWS\SYSTEM32\nctapi32.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ododouaeg05.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\ohuninst.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\r42rf.dll -> TrojanDownloader.Small.acw : Cleaned with backup
C:\WINDOWS\SYSTEM32\wtta.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\xserv\wupoddpo.exe -> TrojanProxy.Agemt.ei : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Error during cleaning


::Report End
  • 0

#6
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi Jay ;)

Been busy the last few days, haven't had any real time to do any logs, but you have been waiting the longest, so you will be done first :tazz:

I need you to get this application and run it please.

Download CwShredder from this location. Here

Please run Cwshredder. Once downloaded, open it and hit the "Fix ->" button. Wait while it scans your PC. It will then list what you're infected with. Hit "Next" Again and you're finished.

As i see you have no anti virus on board lets get you a good free one.

AVG Free Edition

Download it, set it up how you like and make sure it runs full time. Please run a full scan with this, before replying back.

And at least two on-line anti virus scans would be a good idea at this time.

Rav Online Scan
(Click "Continue without subscribing" ,middle of page.)
Please Tick off Auto Clean when at the site.

Panda Activescan Tick sanatize and have it scan my computer.

After these are done please reboot and send me a panda scan results as well as a new hijack log. ;)
  • 0

#7
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry, I was on vacation so I could not follow the directions you have plotted out in your reply as soon as I could have done. Well, I have scanned my computer with the following applications and have saved a Panda Scan Results sheet on notepad as well as a fresh HijackThis Log. I will add an attachment of my Panda Scan Results sheet because when I add it in my reply it just kind of looks a little funky so yeah. I will add that attachment at the bottom of this reply.

Logfile of HijackThis v1.99.1
Scan saved at 10:13:34 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\SRN Micro\SoloSent.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Attached Files


Edited by jurgel4880, 18 July 2005 - 08:22 PM.

  • 0

#8
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Welcome back from vacation, i trust you had a good time?

That panda scan was very informative :tazz: I need you to run this tool please.


Ok, download L2MFix from
Here
and Save the file to your Desktop; double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your Desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy the contents of that log and paste it into your next post here. Do a new scan with HijackThis!, and post the new log as well.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Edited by John_L, 18 July 2005 - 09:34 PM.

  • 0

#9
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes I had a great time during my vacation. I had a lot of fun :tazz:. I have scanned my computer with the L2MFix and saved a report and also reran the HijackThis app.

Logfile of HijackThis v1.99.1
Scan saved at 2:58:07 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] immkui.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\Documents and Settings\Paul.URGEL\cxtpls_loader.EXE" /HideUninstall /HideDir /PC= CP.AOP /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\kjdgkl.dll
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

-----------------------------------------------------------------------------------------------

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kjdgkl.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4AC20AE2-EBBF-4DED-E776-A25E44D7E505}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BEE81355-614F-4392-8C74-54096E1974A2}"=""
"{4236642A-0741-4206-8336-AEA19B0EADD0}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BEE81355-614F-4392-8C74-54096E1974A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEE81355-614F-4392-8C74-54096E1974A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEE81355-614F-4392-8C74-54096E1974A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEE81355-614F-4392-8C74-54096E1974A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\dusec.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4236642A-0741-4206-8336-AEA19B0EADD0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4236642A-0741-4206-8336-AEA19B0EADD0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4236642A-0741-4206-8336-AEA19B0EADD0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4236642A-0741-4206-8336-AEA19B0EADD0}\InprocServer32]
@="C:\\WINDOWS\\system32\\mviseq.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Directory Listing of system files:
Volume in drive C is HP_PAVILION
Volume Serial Number is B0C2-AC79

Directory of C:\WINDOWS\System32

07/19/2005 12:57 PM 417,792 dusec.dll
07/17/2005 04:10 PM <DIR> dllcache
07/16/2005 02:38 PM 417,792 mviseq.dll
07/15/2005 12:55 AM 417,792 wP2topl.dll
07/13/2005 06:16 PM 417,792 wicsvc.dll
07/11/2005 10:59 PM 417,792 dqvacm.dll
07/11/2005 07:38 PM 417,792 wrdconns.dll
07/11/2005 06:43 PM 417,792 rqm.dll
07/11/2005 06:43 PM 417,792 rechost.dll
07/11/2005 06:12 PM 417,792 djtrans.dll
07/11/2005 05:30 PM 417,792 srbcsp.dll
07/11/2005 05:29 PM 417,792 notmsg.dll
07/11/2005 04:47 PM 417,792 guard.tmp
01/25/2005 10:41 AM 3,567 wyati.txt
12/31/2004 05:19 AM <DIR> Microsoft
08/04/2004 03:56 AM 11,776 regsvr32.exe
08/04/2004 03:56 AM 83,456 olepro32.dll
08/04/2004 03:56 AM 553,472 oleaut32.dll
08/04/2004 03:56 AM 54,784 msvcirt.dll
08/04/2004 03:56 AM 343,040 msvcrt.dll
08/04/2004 03:56 AM 413,696 msvcp60.dll
08/04/2004 03:56 AM 1,028,096 mfc42.dll
20 File(s) 7,505,391 bytes
2 Dir(s) 21,579,640,832 bytes free
  • 0

#10
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Good job :tazz:

Now i need you to run portion 2.

Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your Desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing Enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, Notepad will
open with a log. Copy the contents of that log and paste it back into this thread, along with a new Hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!
  • 0

Advertisements


#11
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK i ran option #2 and hijackthis and have saved reports for each app.

L2Mfix 1.03a

Running From:
C:\Documents and Settings\Owner\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Owner\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Owner\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1756 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 304 'rundll32.exe'
Killing PID 304 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\ccosys.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\ccosys.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djtrans.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\djtrans.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqmstor.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqmstor.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvacm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dqvacm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dusec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\dusec.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fvscfgwz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\fvscfgwz.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\HTL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\HTL.DLL
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdgkl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\kjdgkl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\notmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\notmsg.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rechost.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rechost.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rqm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\rqm.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdcurity.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\sdcurity.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\srbcsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\srbcsp.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wicsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wicsvc.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wP2topl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wP2topl.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wrdconns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wrdconns.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINDOWS\system32\ccosys.dll
Successfully Deleted: C:\WINDOWS\system32\ccosys.dll
deleting: C:\WINDOWS\system32\ccosys.dll
Successfully Deleted: C:\WINDOWS\system32\ccosys.dll
deleting: C:\WINDOWS\system32\djtrans.dll
Successfully Deleted: C:\WINDOWS\system32\djtrans.dll
deleting: C:\WINDOWS\system32\djtrans.dll
Successfully Deleted: C:\WINDOWS\system32\djtrans.dll
deleting: C:\WINDOWS\system32\dqmstor.dll
Successfully Deleted: C:\WINDOWS\system32\dqmstor.dll
deleting: C:\WINDOWS\system32\dqmstor.dll
Successfully Deleted: C:\WINDOWS\system32\dqmstor.dll
deleting: C:\WINDOWS\system32\dqvacm.dll
Successfully Deleted: C:\WINDOWS\system32\dqvacm.dll
deleting: C:\WINDOWS\system32\dqvacm.dll
Successfully Deleted: C:\WINDOWS\system32\dqvacm.dll
deleting: C:\WINDOWS\system32\dusec.dll
Successfully Deleted: C:\WINDOWS\system32\dusec.dll
deleting: C:\WINDOWS\system32\dusec.dll
Successfully Deleted: C:\WINDOWS\system32\dusec.dll
deleting: C:\WINDOWS\system32\fvscfgwz.dll
Successfully Deleted: C:\WINDOWS\system32\fvscfgwz.dll
deleting: C:\WINDOWS\system32\fvscfgwz.dll
Successfully Deleted: C:\WINDOWS\system32\fvscfgwz.dll
deleting: C:\WINDOWS\system32\HTL.DLL
Successfully Deleted: C:\WINDOWS\system32\HTL.DLL
deleting: C:\WINDOWS\system32\HTL.DLL
Successfully Deleted: C:\WINDOWS\system32\HTL.DLL
deleting: C:\WINDOWS\system32\kjdgkl.dll
Successfully Deleted: C:\WINDOWS\system32\kjdgkl.dll
deleting: C:\WINDOWS\system32\kjdgkl.dll
Successfully Deleted: C:\WINDOWS\system32\kjdgkl.dll
deleting: C:\WINDOWS\system32\notmsg.dll
Successfully Deleted: C:\WINDOWS\system32\notmsg.dll
deleting: C:\WINDOWS\system32\notmsg.dll
Successfully Deleted: C:\WINDOWS\system32\notmsg.dll
deleting: C:\WINDOWS\system32\rechost.dll
Successfully Deleted: C:\WINDOWS\system32\rechost.dll
deleting: C:\WINDOWS\system32\rechost.dll
Successfully Deleted: C:\WINDOWS\system32\rechost.dll
deleting: C:\WINDOWS\system32\rqm.dll
Successfully Deleted: C:\WINDOWS\system32\rqm.dll
deleting: C:\WINDOWS\system32\rqm.dll
Successfully Deleted: C:\WINDOWS\system32\rqm.dll
deleting: C:\WINDOWS\system32\sdcurity.dll
Successfully Deleted: C:\WINDOWS\system32\sdcurity.dll
deleting: C:\WINDOWS\system32\sdcurity.dll
Successfully Deleted: C:\WINDOWS\system32\sdcurity.dll
deleting: C:\WINDOWS\system32\srbcsp.dll
Successfully Deleted: C:\WINDOWS\system32\srbcsp.dll
deleting: C:\WINDOWS\system32\srbcsp.dll
Successfully Deleted: C:\WINDOWS\system32\srbcsp.dll
deleting: C:\WINDOWS\system32\wicsvc.dll
Successfully Deleted: C:\WINDOWS\system32\wicsvc.dll
deleting: C:\WINDOWS\system32\wicsvc.dll
Successfully Deleted: C:\WINDOWS\system32\wicsvc.dll
deleting: C:\WINDOWS\system32\wP2topl.dll
Successfully Deleted: C:\WINDOWS\system32\wP2topl.dll
deleting: C:\WINDOWS\system32\wP2topl.dll
Successfully Deleted: C:\WINDOWS\system32\wP2topl.dll
deleting: C:\WINDOWS\system32\wrdconns.dll
Successfully Deleted: C:\WINDOWS\system32\wrdconns.dll
deleting: C:\WINDOWS\system32\wrdconns.dll
Successfully Deleted: C:\WINDOWS\system32\wrdconns.dll
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp
deleting: C:\WINDOWS\system32\guard.tmp
Successfully Deleted: C:\WINDOWS\system32\guard.tmp


Zipping up files for submission:
adding: ccosys.dll (188 bytes security) (deflated 48%)
adding: djtrans.dll (188 bytes security) (deflated 48%)
adding: dqmstor.dll (188 bytes security) (deflated 48%)
adding: dqvacm.dll (188 bytes security) (deflated 48%)
adding: dusec.dll (188 bytes security) (deflated 48%)
adding: fvscfgwz.dll (188 bytes security) (deflated 48%)
adding: HTL.DLL (188 bytes security) (deflated 48%)
adding: kjdgkl.dll (188 bytes security) (deflated 48%)
adding: notmsg.dll (188 bytes security) (deflated 48%)
adding: rechost.dll (188 bytes security) (deflated 48%)
adding: rqm.dll (188 bytes security) (deflated 48%)
adding: sdcurity.dll (188 bytes security) (deflated 48%)
adding: srbcsp.dll (188 bytes security) (deflated 48%)
adding: wicsvc.dll (188 bytes security) (deflated 48%)
adding: wP2topl.dll (188 bytes security) (deflated 48%)
adding: wrdconns.dll (188 bytes security) (deflated 48%)
adding: guard.tmp (188 bytes security) (deflated 48%)
adding: clear.reg (188 bytes security) (deflated 36%)
adding: echo.reg (188 bytes security) (deflated 9%)
adding: direct.txt (188 bytes security) (stored 0%)
adding: lo2.txt (188 bytes security) (deflated 87%)
adding: readme.txt (188 bytes security) (deflated 49%)
adding: test.txt (188 bytes security) (deflated 88%)
adding: test2.txt (188 bytes security) (deflated 17%)
adding: test3.txt (188 bytes security) (deflated 17%)
adding: test5.txt (188 bytes security) (deflated 17%)
adding: xfind.txt (188 bytes security) (deflated 85%)
adding: backregs/4236642A-0741-4206-8336-AEA19B0EADD0.reg (188 bytes security) (deflated 70%)
adding: backregs/BEE81355-614F-4392-8C74-54096E1974A2.reg (188 bytes security) (deflated 70%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: ccosys.dll
deleting local copy: ccosys.dll
deleting local copy: djtrans.dll
deleting local copy: djtrans.dll
deleting local copy: dqmstor.dll
deleting local copy: dqmstor.dll
deleting local copy: dqvacm.dll
deleting local copy: dqvacm.dll
deleting local copy: dusec.dll
deleting local copy: dusec.dll
deleting local copy: fvscfgwz.dll
deleting local copy: fvscfgwz.dll
deleting local copy: HTL.DLL
deleting local copy: HTL.DLL
deleting local copy: kjdgkl.dll
deleting local copy: kjdgkl.dll
deleting local copy: notmsg.dll
deleting local copy: notmsg.dll
deleting local copy: rechost.dll
deleting local copy: rechost.dll
deleting local copy: rqm.dll
deleting local copy: rqm.dll
deleting local copy: sdcurity.dll
deleting local copy: sdcurity.dll
deleting local copy: srbcsp.dll
deleting local copy: srbcsp.dll
deleting local copy: wicsvc.dll
deleting local copy: wicsvc.dll
deleting local copy: wP2topl.dll
deleting local copy: wP2topl.dll
deleting local copy: wrdconns.dll
deleting local copy: wrdconns.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\ccosys.dll
C:\WINDOWS\system32\ccosys.dll
C:\WINDOWS\system32\djtrans.dll
C:\WINDOWS\system32\djtrans.dll
C:\WINDOWS\system32\dqmstor.dll
C:\WINDOWS\system32\dqmstor.dll
C:\WINDOWS\system32\dqvacm.dll
C:\WINDOWS\system32\dqvacm.dll
C:\WINDOWS\system32\dusec.dll
C:\WINDOWS\system32\dusec.dll
C:\WINDOWS\system32\fvscfgwz.dll
C:\WINDOWS\system32\fvscfgwz.dll
C:\WINDOWS\system32\HTL.DLL
C:\WINDOWS\system32\HTL.DLL
C:\WINDOWS\system32\kjdgkl.dll
C:\WINDOWS\system32\kjdgkl.dll
C:\WINDOWS\system32\notmsg.dll
C:\WINDOWS\system32\notmsg.dll
C:\WINDOWS\system32\rechost.dll
C:\WINDOWS\system32\rechost.dll
C:\WINDOWS\system32\rqm.dll
C:\WINDOWS\system32\rqm.dll
C:\WINDOWS\system32\sdcurity.dll
C:\WINDOWS\system32\sdcurity.dll
C:\WINDOWS\system32\srbcsp.dll
C:\WINDOWS\system32\srbcsp.dll
C:\WINDOWS\system32\wicsvc.dll
C:\WINDOWS\system32\wicsvc.dll
C:\WINDOWS\system32\wP2topl.dll
C:\WINDOWS\system32\wP2topl.dll
C:\WINDOWS\system32\wrdconns.dll
C:\WINDOWS\system32\wrdconns.dll
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BEE81355-614F-4392-8C74-54096E1974A2}"=-
"{4236642A-0741-4206-8336-AEA19B0EADD0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BEE81355-614F-4392-8C74-54096E1974A2}]
[-HKEY_CLASSES_ROOT\CLSID\{4236642A-0741-4206-8336-AEA19B0EADD0}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


Logfile of HijackThis v1.99.1
Scan saved at 3:54:42 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE SP2 AddOn - {1B347980-8AF1-4C62-8504-54D245EBFADC} - C:\WINDOWS\System32\spgdy.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\lkj22AD.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {62A8755F-3D98-406D-ACEF-DCEE6E4FF809} - C:\WINDOWS\System32\fkbe.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: ActiveX Control - {C437B46F-B843-4BFB-865A-CCB22708A66F} - C:\WINDOWS\System32\msdbm.dll (file missing)
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#12
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi jurjel :tazz:

I'm going to send you for the most powerful virus scanner that i know of.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is 9.55MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files. By default, the update process creates a folder on the root of the C:\drive called Downloads. This is where the updated files are placed.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", click any key to close the screen. Now, copy and paste the new updated signature files from the C:\Downloads folder to the C:\Kaspersky folder where eScan originally extracted the antivirus program files.

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Please reboot into Safe Mode.

Reboot your computer in safe mode

Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that the boxes under Scan Option, Memory, Registry, Startup Folders, System Folders, Services, are checked.

4.) Check the Drive box, this will create a another Drive box below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean (or Scan) button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed.

And thanks to SirJon for this great writeup.

After this is done please reboot back to normal mode and send me a new log please. ;)
  • 0

#13
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ran the eScan in safe mode and did everything you told me to. Here is a new log: :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:09 PM, on 7/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#14
John_L

John_L

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,398 posts
Hi Jurjel ;)

Excellent job of getting all this stuff taken care of :tazz:

The rest of this fix will be taking place in safe mode.

Please ensure this is done before going to safe mode.

See hidden folders and files

PLEASE PRINT THE REST OF THESE INSTRUCTIONS OUT OR SAVE TO A NOTPAD FILE AS THERE WEILL BE NO USING THIS PAGE FOR REFERENCE WHEN IN SAFE MODE

Fire up hijack this, press scan only and place checks next to these.

O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [syshb.exe] C:\WINDOWS\system32\syshb.exe
O4 - HKLM\..\Run: [iejr.exe] C:\WINDOWS\system32\iejr.exe
O4 - HKLM\..\Run: [netba32.exe] C:\WINDOWS\system32\netba32.exe
O4 - HKLM\..\Run: [mfcyb.exe] C:\WINDOWS\system32\mfcyb.exe
O4 - HKLM\..\Run: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\Run: [SYSDEX3] winsys3.exe
O4 - HKLM\..\Run: [AVShell] C:\WINDOWS\System32\loader.exe
O4 - HKLM\..\Run: [msnp32.exe] C:\WINDOWS\system32\msnp32.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\system32\winqo32.exe
O4 - HKLM\..\Run: [d3sm32.exe] C:\WINDOWS\system32\d3sm32.exe
O4 - HKLM\..\Run: [ucdfdw] c:\windows\system32\ucjbygu.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft Service] winsrv.exe
O4 - HKLM\..\RunServices: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [Iw29RkH4P] rsvdinfo.exe
O4 - HKCU\..\Run: [Microsoft Service] winsrv.exe
O4 - HKCU\..\Run: [SYSDEX3] winsys3.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\wtta.exe


Close all browsers and click fix on hijack this.

Find your way to these files while still in safe and delete if found.

C:\WINDOWS\system32\syshb.exe<---This file
C:\WINDOWS\system32\iejr.exe<---This file
C:\WINDOWS\system32\netba32.exe<---This file
C:\WINDOWS\system32\mfcyb.exe<---This file
C:\WINDOWS\System32\loader.exe<---This file
C:\WINDOWS\system32\msnp32.exe<---This file
C:\WINDOWS\system32\winqo32.exe<---This file
C:\WINDOWS\system32\d3sm32.exe<---This file
C:\windows\system32\ucjbygu.exe<---This file
C:\WINDOWS\System32\wi32.exe<---This file
C:\Documents and Settings\Owner\Application Data\wtta.exe<---This file

Reboot back to normal mode and send me a new log please. ;)
  • 0

#15
jurgel4880

jurgel4880

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is my new log:

Logfile of HijackThis v1.99.1
Scan saved at 5:25:20 PM, on 7/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20013\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HP\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iewi.exe] C:\WINDOWS\system32\iewi.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [37tV3qj] s3gndmgr.exe
O4 - HKLM\..\Run: [d3pp.exe] C:\WINDOWS\system32\d3pp.exe
O4 - HKLM\..\Run: [atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
O4 - HKLM\..\Run: [crez.exe] C:\WINDOWS\system32\crez.exe
O4 - HKLM\..\Run: [ipjf.exe] C:\WINDOWS\system32\ipjf.exe
O4 - HKLM\..\Run: [WinDEX3] windex3.exe
O4 - HKLM\..\Run: [Microsoft Service] winsrv.exe
O4 - HKLM\..\Run: [crdd32.exe] C:\WINDOWS\system32\crdd32.exe
O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys005.exe
O4 - HKLM\..\Run: [16cgftv7] C:\WINDOWS\System32\16cgftv7.exe
O4 - HKLM\..\Run: [d3ze.exe] C:\WINDOWS\system32\d3ze.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [raifd264] C:\WINDOWS\System32\raifd264.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SECURITY.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{02C629C1-E69F-45D5-AF54-11E9A39F5AFE}\SVCHOST.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [WinDEX3] windex3.exe
O4 - HKLM\..\RunServices: [Indexing UDLsass] uddexini.exe
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Windows Manager] C:\WINDOWS\system32\winsrv.exe
O4 - HKCU\..\Run: [WinDEX3] windex3.exe
O4 - HKCU\..\Run: [Vgbuuagn] C:\WINDOWS\System32\W?nSxS\explorer.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121125939342
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6FA9E5B-3DB6-448C-B520-735ECC28F5F1}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: systemp - {B9EE5BB9-2AF7-45CC-9ACF-F0107DA9E718} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP