Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trouble with my parents [bleep] computer part 2

Started by littledipper , Dec 22 2005 03:48 PM

  • This topic is locked This topic is locked

#1
littledipper
Posted 22 December 2005 - 03:48 PM

littledipper

    New Member

  • Member
  • Pip
  • 8 posts
I posted a few days ago, but I just cannot locate my original post, I'm not sure what happend.. so here is my hijack logfile once again, and thanks for helping... sorry if this post is pointless but i cannot find my other topic. Im not sure how many or what exactly is wrong with my parents computer, but im pretty certain it has numerous trojan viruses, etc.


Logfile of HijackThis v1.99.1
Scan saved at 4:48:02 PM, on 12/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\kwpvtdn.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\msreg.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Xxpfr\Tmvw.exe
C:\WINDOWS\System32\X1002142005.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Documents and Settings\All Users\Application Data\X2FF\xde14555.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\YKAPDLL.EXE
C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
C:\Program Files\BRP\brp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1104961665\EE\AOLHostManager.exe
C:\WINDOWS\wwzgytc.exe
C:\WINDOWS\uzgcsvc.exe
C:\WINDOWS\ixwcdll.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\fufdenc.exe
C:\Program Files\Common Files\AOL\1104961665\EE\AOLServiceHost.exe
C:\WINDOWS\System32\iyvipqrl.exe
C:\WINDOWS\system32\system.mcm
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://193.125.201.50
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 193.125.201.50 ie.search.msn.com
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nstA6D.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {72625A89-93F9-4DD0-BD11-2D16F2B6FB50} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\iraspxer.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsq539.dll
O2 - BHO: (no name) - {A26F838E-6DF7-4928-A39D-10FAF4B927DC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {A9E9CAA8-8AA1-4214-8850-52335556014B} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Xbrowse Class - {AC109D01-32D6-4EB5-8300-D3C5EBAC7C83} - C:\Documents and Settings\All Users\Application Data\X2FF\X2FF.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BE1F1A0C-1F78-488A-A2E4-64C055677C71} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MBKWBar - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - C:\Program Files\MBKWBar\IEToolBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8AA5-A930F887B531} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\msreg.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ajgy] C:\WINDOWS\System32\ssfzjiij.exe
O4 - HKLM\..\Run: [ymymhqa] C:\WINDOWS\System32\mxuviwyk.exe
O4 - HKLM\..\Run: [Xevnf] C:\Program Files\Xxpfr\Tmvw.exe
O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\System32\X1002142005.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104961665\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [2B6O] C:\WINDOWS\bwvrldmw.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Visual Element FX5] C:\Documents and Settings\All Users\Application Data\X2FF\xde14555.exe
O4 - HKLM\..\Run: [YKAPDLL] C:\WINDOWS\YKAPDLL.EXE
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Owner\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [BRP] "C:\Program Files\BRP\brp.exe"
O4 - HKLM\..\Run: [25nuj857] C:\Program Files\25nuj857\25nuj857.exe
O4 - HKLM\..\Run: [ngisenc] C:\WINDOWS\ngisenc.EXE
O4 - HKLM\..\Run: [t77i3tP] dbmvox.exe
O4 - HKLM\..\Run: [hgzfenc] C:\WINDOWS\hgzfenc.EXE
O4 - HKLM\..\Run: [djjudll] C:\WINDOWS\djjudll.EXE
O4 - HKLM\..\Run: [Microsoft Windows Application] system.mcm
O4 - HKLM\..\Run: [qnwmel] c:\windows\system32\uilezqi.exe
O4 - HKLM\..\Run: [od6vmv6r] C:\WINDOWS\System32\od6vmv6r.exe
O4 - HKLM\..\Run: [bO²ùð ×y-¯Œ] C:\WINDOWS\bwvrldmw.exe
O4 - HKLM\..\Run: [bO²ùõö/‚E%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\bwvrldmw.exe
O4 - HKLM\..\Run: [vhrwdto] C:\WINDOWS\vhrwdto.EXE
O4 - HKLM\..\Run: [6dpvripa] C:\WINDOWS\System32\6dpvripa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [xonodll] C:\WINDOWS\xonodll.exe
O4 - HKLM\..\Run: [ebkzenc] C:\WINDOWS\ebkzenc.exe
O4 - HKLM\..\Run: [sioadll] C:\WINDOWS\sioadll.exe
O4 - HKLM\..\Run: [zvksenc] C:\WINDOWS\zvksenc.exe
O4 - HKLM\..\Run: [qczgdll] C:\WINDOWS\qczgdll.exe
O4 - HKLM\..\Run: [azxeenc] C:\WINDOWS\azxeenc.exe
O4 - HKLM\..\Run: [qykfdll] C:\WINDOWS\qykfdll.exe
O4 - HKLM\..\Run: [kdnufrb] C:\WINDOWS\kdnufrb.exe
O4 - HKLM\..\Run: [uaekenc] C:\WINDOWS\uaekenc.exe
O4 - HKLM\..\Run: [vgyjdll] C:\WINDOWS\vgyjdll.exe
O4 - HKLM\..\Run: [vgyjenc] C:\WINDOWS\vgyjenc.exe
O4 - HKLM\..\Run: [vgyjgcy] C:\WINDOWS\vgyjgcy.exe
O4 - HKLM\..\Run: [fbvzdll] C:\WINDOWS\fbvzdll.exe
O4 - HKLM\..\Run: [impeenc] C:\WINDOWS\impeenc.exe
O4 - HKLM\..\Run: [fbvzxqv] C:\WINDOWS\fbvzxqv.exe
O4 - HKLM\..\Run: [ecztdll] C:\WINDOWS\ecztdll.exe
O4 - HKLM\..\Run: [ecztenc] C:\WINDOWS\ecztenc.exe
O4 - HKLM\..\Run: [ecztzih] C:\WINDOWS\ecztzih.exe
O4 - HKLM\..\Run: [wcyodll] C:\WINDOWS\wcyodll.exe
O4 - HKLM\..\Run: [zfatenc] C:\WINDOWS\zfatenc.exe
O4 - HKLM\..\Run: [wcyobat] C:\WINDOWS\wcyobat.exe
O4 - HKLM\..\Run: [kurmdll] C:\WINDOWS\kurmdll.exe
O4 - HKLM\..\Run: [kurmenc] C:\WINDOWS\kurmenc.exe
O4 - HKLM\..\Run: [kurmifn] C:\WINDOWS\kurmifn.exe
O4 - HKLM\..\Run: [guqsdll] C:\WINDOWS\guqsdll.EXE
O4 - HKLM\..\Run: [guqsenc] C:\WINDOWS\guqsenc.EXE
O4 - HKLM\..\Run: [guqsojj] C:\WINDOWS\guqsojj.EXE
O4 - HKLM\..\Run: [iraidll] C:\WINDOWS\iraidll.exe
O4 - HKLM\..\Run: [lbdoenc] C:\WINDOWS\lbdoenc.exe
O4 - HKLM\..\Run: [iraikxu] C:\WINDOWS\iraikxu.exe
O4 - HKLM\..\Run: [czpxdll] C:\WINDOWS\czpxdll.exe
O4 - HKLM\..\Run: [czpxenc] C:\WINDOWS\czpxenc.exe
O4 - HKLM\..\Run: [czpxymb] C:\WINDOWS\czpxymb.exe
O4 - HKLM\..\Run: [fpxzdll] C:\WINDOWS\fpxzdll.exe
O4 - HKLM\..\Run: [iszmenc] C:\WINDOWS\iszmenc.exe
O4 - HKLM\..\Run: [fpxzdyf] C:\WINDOWS\fpxzdyf.exe
O4 - HKLM\..\Run: [huugdll] C:\WINDOWS\huugdll.exe
O4 - HKLM\..\Run: [huugenc] C:\WINDOWS\huugenc.exe
O4 - HKLM\..\Run: [huugwji] C:\WINDOWS\huugwji.exe
O4 - HKLM\..\Run: [rktxdll] C:\WINDOWS\rktxdll.exe
O4 - HKLM\..\Run: [rktxenc] C:\WINDOWS\rktxenc.exe
O4 - HKLM\..\Run: [rktxcrd] C:\WINDOWS\rktxcrd.exe
O4 - HKLM\..\Run: [zudldll] C:\WINDOWS\zudldll.exe
O4 - HKLM\..\Run: [zudlenc] C:\WINDOWS\zudlenc.exe
O4 - HKLM\..\Run: [zudlvjs] C:\WINDOWS\zudlvjs.exe
O4 - HKLM\..\Run: [cqizdll] C:\WINDOWS\cqizdll.EXE
O4 - HKLM\..\Run: [cqizenc] C:\WINDOWS\cqizenc.EXE
O4 - HKLM\..\Run: [cqizorc] C:\WINDOWS\cqizorc.EXE
O4 - HKLM\..\Run: [nqyhdll] C:\WINDOWS\nqyhdll.exe
O4 - HKLM\..\Run: [nqyhenc] C:\WINDOWS\nqyhenc.exe
O4 - HKLM\..\Run: [nqyhmkd] C:\WINDOWS\nqyhmkd.exe
O4 - HKLM\..\Run: [sgwvdll] C:\WINDOWS\sgwvdll.exe
O4 - HKLM\..\Run: [sgwvenc] C:\WINDOWS\sgwvenc.exe
O4 - HKLM\..\Run: [sgwvlbw] C:\WINDOWS\sgwvlbw.exe
O4 - HKLM\..\Run: [pifrmpo] C:\WINDOWS\pifrmpo.exe
O4 - HKLM\..\Run: [sszxdll] C:\WINDOWS\sszxdll.exe
O4 - HKLM\..\Run: [sszxenc] C:\WINDOWS\sszxenc.exe
O4 - HKLM\..\Run: [bfozdll] C:\WINDOWS\bfozdll.exe
O4 - HKLM\..\Run: [bfozenc] C:\WINDOWS\bfozenc.exe
O4 - HKLM\..\Run: [bfozvht] C:\WINDOWS\bfozvht.exe
O4 - HKLM\..\Run: [mqhgdll] C:\WINDOWS\mqhgdll.exe
O4 - HKLM\..\Run: [pablenc] C:\WINDOWS\pablenc.exe
O4 - HKLM\..\Run: [mqhgdsk] C:\WINDOWS\mqhgdsk.exe
O4 - HKLM\..\Run: [ltee8ma6] C:\WINDOWS\System32\ltee8ma6.exe
O4 - HKLM\..\Run: [nhkddll] C:\WINDOWS\nhkddll.exe
O4 - HKLM\..\Run: [qkmienc] C:\WINDOWS\qkmienc.exe
O4 - HKLM\..\Run: [nhkdfxj] C:\WINDOWS\nhkdfxj.exe
O4 - HKLM\..\Run: [ckdozhk] C:\WINDOWS\ckdozhk.exe
O4 - HKLM\..\Run: [erjsdll] C:\WINDOWS\erjsdll.exe
O4 - HKLM\..\Run: [hblyenc] C:\WINDOWS\hblyenc.exe
O4 - HKLM\..\Run: [xdsudll] C:\WINDOWS\xdsudll.EXE
O4 - HKLM\..\Run: [anmzenc] C:\WINDOWS\anmzenc.EXE
O4 - HKLM\..\Run: [swmodll] C:\WINDOWS\swmodll.exe
O4 - HKLM\..\Run: [swmoenc] C:\WINDOWS\swmoenc.exe
O4 - HKLM\..\Run: [gqiddll] C:\WINDOWS\gqiddll.exe
O4 - HKLM\..\Run: [jbkienc] C:\WINDOWS\jbkienc.exe
O4 - HKLM\..\Run: [qxoddll] C:\WINDOWS\qxoddll.exe
O4 - HKLM\..\Run: [qxodenc] C:\WINDOWS\qxodenc.exe
O4 - HKLM\..\Run: [orrtdll] C:\WINDOWS\orrtdll.exe
O4 - HKLM\..\Run: [rbtyenc] C:\WINDOWS\rbtyenc.exe
O4 - HKLM\..\Run: [klqkdll] C:\WINDOWS\klqkdll.exe
O4 - HKLM\..\Run: [klqkenc] C:\WINDOWS\klqkenc.exe
O4 - HKLM\..\Run: [ufucdll] C:\WINDOWS\ufucdll.exe
O4 - HKLM\..\Run: [xpoienc] C:\WINDOWS\xpoienc.exe
O4 - HKLM\..\Run: [qvxcdll] C:\WINDOWS\qvxcdll.exe
O4 - HKLM\..\Run: [qvxcenc] C:\WINDOWS\qvxcenc.exe
O4 - HKLM\..\Run: [jiypdll] C:\WINDOWS\jiypdll.exe
O4 - HKLM\..\Run: [jiypenc] C:\WINDOWS\jiypenc.exe
O4 - HKLM\..\Run: [sthrdll] C:\WINDOWS\sthrdll.exe
O4 - HKLM\..\Run: [vwjwenc] C:\WINDOWS\vwjwenc.exe
O4 - HKLM\..\Run: [yrtmdll] C:\WINDOWS\yrtmdll.exe
O4 - HKLM\..\Run: [buvrenc] C:\WINDOWS\buvrenc.exe
O4 - HKLM\..\Run: [zhiqdll] C:\WINDOWS\zhiqdll.exe
O4 - HKLM\..\Run: [zhiqenc] C:\WINDOWS\zhiqenc.exe
O4 - HKLM\..\Run: [kozhdll] C:\WINDOWS\kozhdll.exe
O4 - HKLM\..\Run: [ejovenc] C:\WINDOWS\ejovenc.exe
O4 - HKLM\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - HKLM\..\Run: [rjesdll] C:\WINDOWS\rjesdll.exe
O4 - HKLM\..\Run: [umhyenc] C:\WINDOWS\umhyenc.exe
O4 - HKLM\..\Run: [wwzgytc] C:\WINDOWS\wwzgytc.exe
O4 - HKLM\..\Run: [vkepdll] C:\WINDOWS\vkepdll.exe
O4 - HKLM\..\Run: [yuyvenc] C:\WINDOWS\yuyvenc.exe
O4 - HKLM\..\Run: [npzodll] C:\WINDOWS\npzodll.exe
O4 - HKLM\..\Run: [npzoenc] C:\WINDOWS\npzoenc.exe
O4 - HKLM\..\Run: [vvhkdll] C:\WINDOWS\vvhkdll.exe
O4 - HKLM\..\Run: [biddenc] C:\WINDOWS\biddenc.exe
O4 - HKLM\..\Run: [tyjodll] C:\WINDOWS\tyjodll.exe
O4 - HKLM\..\Run: [xilbenc] C:\WINDOWS\xilbenc.exe
O4 - HKLM\..\Run: [whexdll] C:\WINDOWS\whexdll.exe
O4 - HKLM\..\Run: [zsycenc] C:\WINDOWS\zsycenc.exe
O4 - HKLM\..\Run: [pwztdll] C:\WINDOWS\pwztdll.exe
O4 - HKLM\..\Run: [pwztenc] C:\WINDOWS\pwztenc.exe
O4 - HKLM\..\Run: [gggudll] C:\WINDOWS\gggudll.exe
O4 - HKLM\..\Run: [jiazenc] C:\WINDOWS\jiazenc.exe
O4 - HKLM\..\Run: [sezmdll] C:\WINDOWS\sezmdll.exe
O4 - HKLM\..\Run: [sezmenc] C:\WINDOWS\sezmenc.exe
O4 - HKLM\..\Run: [azordll] C:\WINDOWS\azordll.exe
O4 - HKLM\..\Run: [hukkenc] C:\WINDOWS\hukkenc.exe
O4 - HKLM\..\Run: [sdzydll] C:\WINDOWS\sdzydll.exe
O4 - HKLM\..\Run: [sdzyenc] C:\WINDOWS\sdzyenc.EXE
O4 - HKLM\..\Run: [djqgdll] C:\WINDOWS\djqgdll.exe
O4 - HKLM\..\Run: [jypvdll] C:\WINDOWS\jypvdll.exe
O4 - HKLM\..\Run: [njraenc] C:\WINDOWS\njraenc.exe
O4 - HKLM\..\Run: [irjxdll] C:\WINDOWS\irjxdll.exe
O4 - HKLM\..\Run: [irjxenc] C:\WINDOWS\irjxenc.exe
O4 - HKLM\..\Run: [gozkdll] C:\WINDOWS\gozkdll.exe
O4 - HKLM\..\Run: [gozkenc] C:\WINDOWS\gozkenc.exe
O4 - HKLM\..\Run: [vzagdll] C:\WINDOWS\vzagdll.exe
O4 - HKLM\..\Run: [vzagenc] C:\WINDOWS\vzagenc.exe
O4 - HKLM\..\Run: [ejcgdll] C:\WINDOWS\ejcgdll.exe
O4 - HKLM\..\Run: [ohaeenc] C:\WINDOWS\ohaeenc.exe
O4 - HKLM\..\Run: [bqgpdll] C:\WINDOWS\bqgpdll.exe
O4 - HKLM\..\Run: [etacenc] C:\WINDOWS\etacenc.exe
O4 - HKLM\..\Run: [wzgkdll] C:\WINDOWS\wzgkdll.exe
O4 - HKLM\..\Run: [acapenc] C:\WINDOWS\acapenc.exe
O4 - HKLM\..\Run: [slqqdll] C:\WINDOWS\slqqdll.exe
O4 - HKLM\..\Run: [vwtvenc] C:\WINDOWS\vwtvenc.exe
O4 - HKLM\..\Run: [rukydll] C:\WINDOWS\rukydll.EXE
O4 - HKLM\..\Run: [vemdenc] C:\WINDOWS\vemdenc.EXE
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [bpscdll] C:\WINDOWS\bpscdll.exe
O4 - HKLM\..\Run: [ezuhenc] C:\WINDOWS\ezuhenc.exe
O4 - HKLM\..\Run: [lwsedll] C:\WINDOWS\lwsedll.exe
O4 - HKLM\..\Run: [oyujenc] C:\WINDOWS\oyujenc.exe
O4 - HKLM\..\Run: [zdridll] C:\WINDOWS\zdridll.EXE
O4 - HKLM\..\Run: [zdrienc] C:\WINDOWS\zdrienc.EXE
O4 - HKLM\..\Run: [spwadll] C:\WINDOWS\spwadll.exe
O4 - HKLM\..\Run: [vzqgenc] C:\WINDOWS\vzqgenc.exe
O4 - HKLM\..\Run: [nmphdll] C:\WINDOWS\nmphdll.exe
O4 - HKLM\..\Run: [rxrnenc] C:\WINDOWS\rxrnenc.exe
O4 - HKLM\..\Run: [ixwcdll] C:\WINDOWS\ixwcdll.EXE
O4 - HKLM\..\Run: [fufdenc] C:\WINDOWS\fufdenc.EXE
O4 - HKLM\..\Run: [cyghow] C:\WINDOWS\System32\kwpvtdn.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\iyvipqrl.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [cwosRjj3V] arprdssp.exe
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\System32\pshwr.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - Startup: ASE Scheduler.lnk = C:\RECYCLER\NPROTECT\00191847.EXE
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Music Communication Module.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{257C5C52-AB0D-4634-9371-694504BF0FF9}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{257C5C52-AB0D-4634-9371-694504BF0FF9}: NameServer = 205.188.146.145
O19 - User stylesheet: (file missing)
O19 - User stylesheet: (file missing) (HKLM)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\uzgcsvc.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 25 December 2005 - 05:09 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Dup post - http://www.geekstogo...ter-t86024.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP