Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware Problem [RESOLVED]


  • This topic is locked This topic is locked

#1
alkaisar

alkaisar

    Member

  • Member
  • PipPip
  • 10 posts
can someone please help me with my computer
I was away for four months and when i come back there is a black wallpaper saying i have spyware on my computer

I have followed all the possible procedures suggested by this website and the problem still remains

please help me

here is my hijackthislog

Logfile of HijackThis v1.99.1
Scan saved at 下午 03:56:55, on 2005/9/8
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\user1\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [boykysj] c:\windows\evtwxoj.exe
O4 - HKCU\..\Run: [tqwrxum] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [nuanueg] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [jyewgyq] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [wwkqlxb] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [thnkrkh] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [yiwjmkf] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [nmsrgda] c:\windows\trisvcg.exe
O4 - HKCU\..\Run: [nafvcly] c:\windows\trisvcg.exe
O4 - HKCU\..\Run: [jadtvjg] c:\windows\ndyximf.exe
O4 - HKCU\..\Run: [kdsktha] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [rhlstox] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [axloimu] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gvjpdpv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [sdxlbbg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dyumayr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ixyyams] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [qhjnxew] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [otngwqd] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tifvmlo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cecnhwk] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [pqywbsh] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [glqhctb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jdoslns] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cilmlhi] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dcmtndw] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dputwri] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [prhyoip] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bijpvvv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [pgoofcf] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ujnyjfb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [grwtpgq] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bomlfgy] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [fcqgxgb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cpcwips] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [kendhcb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [plovqqu] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [yyvsqah] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jycjvqv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [omwjovg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [trclaol] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [xmqmspl] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vqivdjs] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [veulyvv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [oaxybvp] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jjivyuo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [nignwdc] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [hawmnne] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [veftmpg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [boaoydr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [njxcmmv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vuhcdhw] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [uwsijci] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gcdbgor] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [hikvdgs] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tkjwrty] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [yuvobtm] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dwbajqv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tjtjaey] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [qsjchka] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jidhqcr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vxaughq] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ktlwnfx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [rlbojog] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [wtxsxqa] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [saqxgwk] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [sefrney] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vgnqanb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gafuuuf] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jtphiyx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [eiqpkxx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bnvixgo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [lqfvfam] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [arlwjlh] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gjqripj] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rohpvjh] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rilotlr] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [yggoosl] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rwaamnt] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [uwosgpc] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [houbcih] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [eotfabp] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [xysbhsc] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rxexsxd] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ubnboqm] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ohhskge] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [qqtibsk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [mmgwbel] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [tnyhvby] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ivrlslk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [jkcwfvi] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [pfuvxpk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [dbhntna] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [xbwekjx] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ideuhii] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [karsnjv] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [hxiksou] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [qeahmpa] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [dslmsid] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [mleljtr] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [mpnwmmw] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [lhltkpb] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [biogmbm] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ryphouy] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ducagos] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [snoqvor] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [hvgehca] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [cjdmysj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [wkvyhhb] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [thkhsix] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [mfoknbd] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ftmqobn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [jmuxjhc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ktnpoox] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xsiakku] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ajqmfpd] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [pugoajl] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [hlkriyc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ghsgncx] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [pakiddi] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [akbchbh] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ncbthys] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [evovpen] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [gbnnxai] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [bjwdbfu] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [wcjqboi] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [sgufohl] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [exohlww] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [jlubtuo] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [qinrjte] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xtynjqt] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [oacgrjn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [rrqdlre] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [kwoeiln] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xxoyboc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [oybiuuf] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [sfluoaj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [grojxbj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [tfnxocc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [dtkdcus] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ewyscfv] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [lelqidn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [mmsetwx] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [gjleahn] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [pgxwcum] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [innwtrf] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [pgtldoc] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [hvnuhup] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [fwkidpn] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [txlfxvj] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [ajonnit] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [vfcmlby] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [bnfepya] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [rtcaejh] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [vnwovnt] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [xfrcfcx] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [scdtbuj] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [iypxdoj] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [fskcfqu] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [efkexpo] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nejjsml] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [cifklln] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [ymukvkm] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nsqlcaq] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [cuagrri] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [bijdnxg] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [siraelu] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [pkomkbi] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [riyfpva] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [gfyrrks] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nesqlbi] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [gdgoqdp] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [wpjvkpr] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [hhkmdhc] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [rttdqjk] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [wnncawq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [losnybg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ibugbil] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fcfyyso] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [njcjkdq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qnrfmnc] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tckfuhf] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dgxblkj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ilqpnfd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qnwence] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [noytcrg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uyhaupt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ohixkmx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gcyhpye] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [phygpya] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [slujglt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xkhhmbt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rsflyyo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tjkfiru] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [moxmxwu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wqyfjog] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [beudcym] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [raydvwt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fusflwh] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jctnuuu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pimfbwv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pdvdxat] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [atvnfrx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uncdppm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lspnwaa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sfqpvjk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mxqixxk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xohkqfe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rqdoidx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pqlawcw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [agvxavj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bspeqhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dejixra] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pxokrnb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gcqbbkk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lqaglgk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [nnftpcb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jtriuhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [smtffqb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wlgfjmi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [cdtrerf] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ehqgdkw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [albnrqo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dqvywjs] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xxlhofv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mimmerl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [iwsnfaa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [eououot] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [nnawosq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hlgstth] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xceoiqa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ulsvxfy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bigtxbj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pidvfhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ppxuyky] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dotciby] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xtdndqv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vsemyfu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [btorvws] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [unlrvtq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [flpcmea] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jvitwwl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gpsrwxr] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rkrynyy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bkqgvjq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [slmbvgc] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bexcrmq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ayqrclw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bhdixio] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jbemybw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [oromxfu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ctvxhmj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wmtasti] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vcsxhcw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ouarveo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rkxnkxk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mhcucfi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [iddhyhb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uoefpls] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hspcshp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tfixvao] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dcvnwwe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [txtctdd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tbrjwep] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sdkyssu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xjahdus] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vrfnumw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pdbdhgq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fhvkgfi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mcdiepa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [utiqmgy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pqittnp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [durmqta] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wedpnuu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jjpyern] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ygfbqpb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [aqmwamd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xrhrfao] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lfxjlxm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [cqbtprb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ktdisii] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vyckadh] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [urmoobu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [taaksxd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [inyfdgs] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ksjvaph] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hcwysfd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qyxvgph] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ornmtno] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [piyrcoj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [kryfqav] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wxhdtet] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [kprguuj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xxwdgxp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rbtxwpb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gdbyupg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [unkiqlu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wudldsj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dekkjtm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uatqfnm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xttddpp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lgrtkfe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sneiwhl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hghmojn] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qswhfkp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ldlqgas] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tqhkjaq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vgxijyo] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [sjixxfm] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [rtgirct] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [gktgbld] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [wymsoqt] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [dscrxeg] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [exdopaq] c:\windows\jracbsg.exe
O4 - HKCU\..\Run: [agcwwgg] c:\windows\fscdcyx.exe
O4 - HKCU\..\Run: [avheibh] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [bfjoiwf] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [gthgkcw] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [xhuwein] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [tuuamna] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [hmcsngv] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [jmmnbkk] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [mpttvnd] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [cwoxgwn] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [dtjhttd] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [nrvadsa] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [oimisop] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [jfxeuqg] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [nmggsft] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [ucaaxir] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [uvceogs] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [gdrmdpn] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [nolmyjy] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [pokvrrd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ahomcbd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [qducjbc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ubvfunx] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [jnroqli] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [okdyvom] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [cawujoi] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [nvjdtff] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [riyudyc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [wgymvkn] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [oruscys] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [xrnxkwo] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [owugqyc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [xhqbkwh] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [hcboacu] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ybkqpfa] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [vihsmys] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [prtvixd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [jqdeybv] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [uqugstg] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [uvwibec] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [oonxfwf] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [gataypx] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [bmrwrmc] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [ihnforq] c:\windows\twqxtdm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 BitSpirit 下載 - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126204776218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78159854-0B81-00F6-95CD-50EB7F8554E8} - http://69.50.182.94/1/rdgCA1882.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EC79FEF-A1CA-11D4-940D-000021CA5F4D} (ImageUploaderCtrl Class) - http://www.staplesph...eUploader44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


and the trojan hunter program won't work, it says out of memory
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello and welcome to Geeks to Go:tazz:

I see you have been infected by malware. Lets get you fixed up.
Please follow the directions as closely as you can . Lets begin

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items, then click FIX CHECKED:

O4 - HKCU\..\Run: [boykysj] c:\windows\evtwxoj.exe
O4 - HKCU\..\Run: [tqwrxum] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [nuanueg] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [jyewgyq] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [wwkqlxb] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [thnkrkh] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [yiwjmkf] c:\windows\amyrfgb.exe
O4 - HKCU\..\Run: [nmsrgda] c:\windows\trisvcg.exe
O4 - HKCU\..\Run: [nafvcly] c:\windows\trisvcg.exe
O4 - HKCU\..\Run: [jadtvjg] c:\windows\ndyximf.exe
O4 - HKCU\..\Run: [kdsktha] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [rhlstox] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [axloimu] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gvjpdpv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [sdxlbbg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dyumayr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ixyyams] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [qhjnxew] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [otngwqd] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tifvmlo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cecnhwk] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [pqywbsh] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [glqhctb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jdoslns] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cilmlhi] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dcmtndw] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dputwri] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [prhyoip] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bijpvvv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [pgoofcf] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ujnyjfb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [grwtpgq] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bomlfgy] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [fcqgxgb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [cpcwips] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [kendhcb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [plovqqu] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [yyvsqah] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jycjvqv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [omwjovg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [trclaol] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [xmqmspl] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vqivdjs] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [veulyvv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [oaxybvp] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jjivyuo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [nignwdc] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [hawmnne] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [veftmpg] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [boaoydr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [njxcmmv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vuhcdhw] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [uwsijci] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gcdbgor] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [hikvdgs] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tkjwrty] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [yuvobtm] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [dwbajqv] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [tjtjaey] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [qsjchka] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jidhqcr] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vxaughq] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [ktlwnfx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [rlbojog] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [wtxsxqa] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [saqxgwk] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [sefrney] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [vgnqanb] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gafuuuf] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [jtphiyx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [eiqpkxx] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [bnvixgo] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [lqfvfam] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [arlwjlh] c:\windows\dcmqyxl.exe
O4 - HKCU\..\Run: [gjqripj] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rohpvjh] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rilotlr] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [yggoosl] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rwaamnt] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [uwosgpc] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [houbcih] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [eotfabp] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [xysbhsc] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [rxexsxd] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ubnboqm] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ohhskge] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [qqtibsk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [mmgwbel] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [tnyhvby] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ivrlslk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [jkcwfvi] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [pfuvxpk] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [dbhntna] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [xbwekjx] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [ideuhii] c:\windows\uuvhbfp.exe
O4 - HKCU\..\Run: [karsnjv] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [hxiksou] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [qeahmpa] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [dslmsid] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [mleljtr] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [mpnwmmw] c:\windows\jqiworj.exe
O4 - HKCU\..\Run: [lhltkpb] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [biogmbm] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ryphouy] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ducagos] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [snoqvor] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [hvgehca] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [cjdmysj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [wkvyhhb] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [thkhsix] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [mfoknbd] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ftmqobn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [jmuxjhc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ktnpoox] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xsiakku] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ajqmfpd] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [pugoajl] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [hlkriyc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ghsgncx] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [pakiddi] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [akbchbh] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ncbthys] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [evovpen] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [gbnnxai] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [bjwdbfu] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [wcjqboi] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [sgufohl] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [exohlww] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [jlubtuo] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [qinrjte] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xtynjqt] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [oacgrjn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [rrqdlre] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [kwoeiln] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [xxoyboc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [oybiuuf] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [sfluoaj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [grojxbj] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [tfnxocc] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [dtkdcus] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [ewyscfv] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [lelqidn] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [mmsetwx] c:\windows\rlpyuni.exe
O4 - HKCU\..\Run: [gjleahn] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [pgxwcum] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [innwtrf] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [pgtldoc] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [hvnuhup] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [fwkidpn] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [txlfxvj] c:\windows\ljpehrn.exe
O4 - HKCU\..\Run: [ajonnit] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [vfcmlby] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [bnfepya] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [rtcaejh] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [vnwovnt] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [xfrcfcx] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [scdtbuj] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [iypxdoj] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [fskcfqu] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [efkexpo] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nejjsml] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [cifklln] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [ymukvkm] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nsqlcaq] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [cuagrri] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [bijdnxg] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [siraelu] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [pkomkbi] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [riyfpva] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [gfyrrks] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [nesqlbi] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [gdgoqdp] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [wpjvkpr] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [hhkmdhc] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [rttdqjk] c:\windows\ipqcqbe.exe
O4 - HKCU\..\Run: [wnncawq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [losnybg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ibugbil] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fcfyyso] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [njcjkdq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qnrfmnc] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tckfuhf] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dgxblkj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ilqpnfd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qnwence] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [noytcrg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uyhaupt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ohixkmx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gcyhpye] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [phygpya] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [slujglt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xkhhmbt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rsflyyo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tjkfiru] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [moxmxwu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wqyfjog] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [beudcym] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [raydvwt] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fusflwh] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jctnuuu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pimfbwv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pdvdxat] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [atvnfrx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uncdppm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lspnwaa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sfqpvjk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mxqixxk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xohkqfe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rqdoidx] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pqlawcw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [agvxavj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bspeqhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dejixra] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pxokrnb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gcqbbkk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lqaglgk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [nnftpcb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jtriuhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [smtffqb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wlgfjmi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [cdtrerf] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ehqgdkw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [albnrqo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dqvywjs] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xxlhofv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mimmerl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [iwsnfaa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [eououot] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [nnawosq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hlgstth] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xceoiqa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ulsvxfy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bigtxbj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pidvfhd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ppxuyky] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dotciby] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xtdndqv] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vsemyfu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [btorvws] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [unlrvtq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [flpcmea] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jvitwwl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gpsrwxr] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rkrynyy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bkqgvjq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [slmbvgc] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bexcrmq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ayqrclw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [bhdixio] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jbemybw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [oromxfu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ctvxhmj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wmtasti] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vcsxhcw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ouarveo] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rkxnkxk] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mhcucfi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [iddhyhb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uoefpls] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hspcshp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tfixvao] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dcvnwwe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [txtctdd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tbrjwep] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sdkyssu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xjahdus] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vrfnumw] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pdbdhgq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [fhvkgfi] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [mcdiepa] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [utiqmgy] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [pqittnp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [durmqta] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wedpnuu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [jjpyern] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ygfbqpb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [aqmwamd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xrhrfao] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lfxjlxm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [cqbtprb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ktdisii] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vyckadh] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [urmoobu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [taaksxd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [inyfdgs] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ksjvaph] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hcwysfd] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qyxvgph] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ornmtno] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [piyrcoj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [kryfqav] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wxhdtet] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [kprguuj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xxwdgxp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [rbtxwpb] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [gdbyupg] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [unkiqlu] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [wudldsj] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [dekkjtm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [uatqfnm] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [xttddpp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [lgrtkfe] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [sneiwhl] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [hghmojn] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [qswhfkp] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [ldlqgas] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [tqhkjaq] c:\windows\xecjmin.exe
O4 - HKCU\..\Run: [vgxijyo] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [sjixxfm] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [rtgirct] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [gktgbld] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [wymsoqt] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [dscrxeg] c:\windows\caopyju.exe
O4 - HKCU\..\Run: [exdopaq] c:\windows\jracbsg.exe
O4 - HKCU\..\Run: [agcwwgg] c:\windows\fscdcyx.exe
O4 - HKCU\..\Run: [avheibh] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [bfjoiwf] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [gthgkcw] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [xhuwein] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [tuuamna] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [hmcsngv] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [jmmnbkk] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [mpttvnd] c:\windows\ienhiea.exe
O4 - HKCU\..\Run: [cwoxgwn] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [dtjhttd] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [nrvadsa] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [oimisop] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [jfxeuqg] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [nmggsft] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [ucaaxir] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [uvceogs] c:\windows\jqpbcby.exe
O4 - HKCU\..\Run: [gdrmdpn] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [nolmyjy] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [pokvrrd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ahomcbd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [qducjbc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ubvfunx] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [jnroqli] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [okdyvom] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [cawujoi] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [nvjdtff] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [riyudyc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [wgymvkn] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [oruscys] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [xrnxkwo] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [owugqyc] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [xhqbkwh] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [hcboacu] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [ybkqpfa] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [vihsmys] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [prtvixd] c:\windows\ncetetk.exe
O4 - HKCU\..\Run: [jqdeybv] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [uqugstg] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [uvwibec] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [oonxfwf] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [gataypx] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [bmrwrmc] c:\windows\twqxtdm.exe
O4 - HKCU\..\Run: [ihnforq] c:\windows\twqxtdm.exe


Close HiJackThis.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#3
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks for the advic

I have followed all the instructions

here is my smitfiles log


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :)


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

PSGuard spyware remover
PSGuard spyware remover.lnk
quick launch PSGuard spyware remover.lnk


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :tazz: Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~


my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 下午 05:22:31, on 2005/9/9
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user1\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 BitSpirit 下載 - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126204776218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78159854-0B81-00F6-95CD-50EB7F8554E8} - http://69.50.182.94/1/rdgCA1882.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EC79FEF-A1CA-11D4-940D-000021CA5F4D} (ImageUploaderCtrl Class) - http://www.staplesph...eUploader44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe (file missing)
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner - C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

and I tried using ewido, but when i finished with the program and try to save it illegaly quits itself

my wallpaper is still the same, hope I am not too far from getting rid of the problem
thanks
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz: ,we still have some work to do.

See if you can drag that wallpaper out of the way and close it out

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O9 - Extra button: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD01DBEB-7D4C-4BF0-B45C-8AF230352697} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab

Now close all windows other than HiJackThis, then click Fix Checked.

Now:

Click start then run and type in sc stop KDE

Click start then run and type in sc delete KDE

Now:

Click start then run and type in sc stop LAGOS

Click start then run and type in sc delete LAGOS

Open HiJackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

C:\WINDOWS\System32

And select the file

\conime.exe

Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.

Post a new hijack log and tell me how your system is running now.

Thanks :)

Edited by loophole, 09 September 2005 - 07:19 PM.

  • 0

#5
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I tried to move the wallpaper and close it, but fail to do so
here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 下午 11:54:12, on 2005/9/9
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\user1\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 BitSpirit 下載 - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126204776218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {78159854-0B81-00F6-95CD-50EB7F8554E8} - http://69.50.182.94/1/rdgCA1882.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EC79FEF-A1CA-11D4-940D-000021CA5F4D} (ImageUploaderCtrl Class) - http://www.staplesph...eUploader44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

thanks alot
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Check and then fix this entry

O16 - DPF: {78159854-0B81-00F6-95CD-50EB7F8554E8} - http://69.50.182.94/1/rdgCA1882.exe

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Thanks
  • 0

#7
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is my scan result

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, September 10, 2005 16:06:32
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/09/2005
Kaspersky Anti-Virus database records: 148750
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 42841
Number of viruses found: 29
Number of infected objects: 99
Number of suspicious objects: 2
Duration of the scan process: 1302 sec

Infected Object Name - Virus Name
C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-236362e7-51bb8846.RB0/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-236362e7-51bb8846.RB0 Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-236362e7-51bb8846.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k
C:\Documents and Settings\user1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-236362e7-51bb8846.zip Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\0C4B10C1 Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Norton AntiVirus\Quarantine\184D18F1.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\1F1B0AA2 Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Norton AntiVirus\Quarantine\2250313E.exe Infected: Trojan.Win32.StartPage.pc
C:\Program Files\Norton AntiVirus\Quarantine\234C64EC.htm Infected: Trojan-Downloader.JS.Weis.b
C:\Program Files\Norton AntiVirus\Quarantine\26DB5187.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\26DF7B83.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\26DF7B83.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\26DF7B83.php Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\26EC2375.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\31E76ECA.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\31EA18C6.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\321F388D.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\39CF6DF5.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\3A9856E5.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\48651AEE.htm Infected: Trojan-Clicker.JS.Linker.k
C:\Program Files\Norton AntiVirus\Quarantine\486F18E4.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.htm Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\487242E0.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\48756CDC.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp/web.exe Infected: Virus.Win32.Bube.k
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp/Counter.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp/VerifierBug.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp/Worker.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp/Xeyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\487916D9.tmp Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\487C40D5.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\53E17C3B.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\53E17C3B.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\53E17C3B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\53E17C3B.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\53E17C3B.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5E1576F0.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6BB5248F.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6BB5248F.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6BB5248F.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\6BB5248F.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\6BB5248F.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\71657F25 Infected: Trojan-Dropper.Win32.Small.lx
C:\Program Files\Norton AntiVirus\Quarantine\74A57EEA.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\7D7D44FE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7D7D44FE.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\7D7D44FE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\7D7D44FE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7D7D44FE.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7D8A6CEF.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7D8A6CEF.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\7D8A6CEF.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\7D8A6CEF.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\7D8A6CEF.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP249\A0022874.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP249\A0022889.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP249\A0022891.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP249\A0023232.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP249\A0023234.exe Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023294.dll Infected: Trojan-Clicker.Win32.Morwill.b
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023295.dll Infected: Trojan-Downloader.Win32.Adload.g
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023296.exe Infected: not-a-virus:AdWare.FindSpy.e
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023297.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023312.exe Infected: HackTool.Win32.John
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023314.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023315.exe Infected: Trojan-Dropper.Win32.Small.zp
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023316.exe Infected: Trojan-Clicker.Win32.Delf.ca
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023317.dll Infected: Trojan-Downloader.Win32.Adload.g
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023318.dll Infected: Trojan-Downloader.Win32.Agent.le
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023338.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023339.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023340.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023341.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023342.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023343.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023344.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023345.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023346.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023347.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023348.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023349.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023350.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023351.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023352.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023353.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023354.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023355.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP252\A0023356.exe Infected: Trojan.Win32.StartPage.he
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP253\A0023397.dll Infected: Trojan.Win32.Small.ev
C:\System Volume Information\_restore{E4195CD5-50A2-4D8A-9EA5-706D91A61ADA}\RP253\A0023525.old Infected: Virus.Win32.Nsag.b
C:\WINDOWS\system32\kbdnolsv.dll Infected: Backdoor.Win32.PPdoor.j
C:\WINDOWS\system32\netw1394.dll Infected: Backdoor.Win32.PPdoor.at
C:\WINDOWS\system32\pschouse.exe Infected: Backdoor.Win32.PPdoor.at
C:\WINDOWS\Web\desktop.html Infected: Trojan.Win32.TopAntiSpyware.a
E:\playstation\AGSetup0608.exe/fsg-ag.exe Infected: not-a-virus:AdWare.Gator.1050
E:\playstation\AGSetup0608.exe Infected: not-a-virus:AdWare.Gator.1050

Scan process completed.

thanks
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Good only a few files to get :tazz:

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Click here to download Pocket Killbox by Option^Explicit

Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there

C:\WINDOWS\system32\kbdnolsv.dll
C:\WINDOWS\system32\netw1394.dll
C:\WINDOWS\system32\pschouse.exe
C:\WINDOWS\Web\desktop.html


Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.

Post a new hijack log and tell me how your system is running now.

Thanks :)
  • 0

#9
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here is my new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:57:53 PM, on 10/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-tw\msntb.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用 BitSpirit 下載 - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java ¥D¥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126204776218
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (AI?O?iT?u?W??rμ{|!) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EC79FEF-A1CA-11D4-940D-000021CA5F4D} (ImageUploaderCtrl Class) - http://www.staplesph...eUploader44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

thanks
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Looks good :tazz: How is it running now?
  • 0

#11
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think it's running alright
nothing speical happened
thanks alot for your help
really really appriciate all the work
thanks so much
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Is that wallpaper gone?
  • 0

#13
alkaisar

alkaisar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes i managed to move it out of the way and closed it
  • 0

#14
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
your system is clean

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#15
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP