Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] Porn site son, hijack log
Cryostar
post Aug 20 2008, 06:32 PM
Post #1


New Member
*

Group: New Member
Posts: 11
Joined: 20-August 08
Member No.: 81,105
Operating System: XP
I'd appreciate some help. My son borrowed his sisters laptop and i'm sure he visited some porn sites and now it has a virus.

When the computer is started it comes up with a popup window that has C system 32 bla bla and won't let it go.

I installed Spybot and ran it and it said everything was clear. Still comes up with this during normal boot. I can boot only in safe mode. Please revew and help me so i can get her off to college.

Logfile of HijackThis v1.99.1
Scan saved at 7:07:43 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis!\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {2D304198-89AC-4B3A-906C-E08C43C10617} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: {8df8086e-ad5a-dbcb-40c4-219213d1b664} - {466b1d31-2912-4c04-bcbd-a5dae6808fd8} - C:\WINDOWS\system32\fhnvsw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79AE735F-9663-4B92-9602-39EB563FA30C} - C:\WINDOWS\system32\fccyvus.dll (file missing)
O2 - BHO: (no name) - {A3CA8F2C-0BA6-4430-A17A-137669ABB4FB} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A9C7EF9C-3C46-4C2E-98CE-F47630BCC4Ee} - C:\WINDOWS\system32\auhyksjm.dll (file missing)
O2 - BHO: (no name) - {AE9F64F6-C1B8-47A2-A3B9-1132F2B4B2F5} - C:\WINDOWS\system32\geedb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [d4c95283] rundll32.exe "C:\WINDOWS\system32\jscaasjc.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingC4834] cmd /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4325] command /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1142] cmd /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3394] command /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6818] cmd /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2093] command /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC384] cmd /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5752] command /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3588] cmd /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA417] command /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8548] cmd /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7795] command /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3966] cmd /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9407] command /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC441] cmd /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6032] command /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9236] cmd /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4412] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3626] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1278] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7985] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2133] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC264] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4522] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4638] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA651] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC832] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3781] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC380] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2463] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8226] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8641] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9990] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1116] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1881] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1411] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8900] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1652] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5718] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5730] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7017] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7210] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1895] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3038] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1839] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8150] command /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC887] cmd /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3523] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2448] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6797] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC950] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8514] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7293] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2615] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4130] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2880] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1441] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1382] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9938] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2128] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6245] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6458] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1037] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9826] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8296] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7881] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3214] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9551] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3984] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6585] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4400] command /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7137] cmd /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7340] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9967] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5257] command /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6778] cmd /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7679] command /c del "C:\WINDOWS\system32\gtnnfdoe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3379] cmd /c del "C:\WINDOWS\system32\gtnnfdoe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6187] command /c del "C:\WINDOWS\system32\cglqhuwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4461] cmd /c del "C:\WINDOWS\system32\cglqhuwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3254] command /c del "C:\WINDOWS\system32\dasupmbk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5697] cmd /c del "C:\WINDOWS\system32\dasupmbk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1739] command /c del "C:\WINDOWS\system32\djuotvko.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8746] cmd /c del "C:\WINDOWS\system32\djuotvko.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB553] command /c del "C:\WINDOWS\system32\dnxlikvn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7285] cmd /c del "C:\WINDOWS\system32\dnxlikvn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB225] command /c del "C:\WINDOWS\system32\earsnlww.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3689] cmd /c del "C:\WINDOWS\system32\earsnlww.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB208] command /c del "C:\WINDOWS\system32\flkshokp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6259] cmd /c del "C:\WINDOWS\system32\flkshokp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5737] command /c del "C:\WINDOWS\system32\gtfynauk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4277] cmd /c del "C:\WINDOWS\system32\gtfynauk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4410] command /c del "C:\WINDOWS\system32\hfxuhsya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8194] cmd /c del "C:\WINDOWS\system32\hfxuhsya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2860] command /c del "C:\WINDOWS\system32\itaodvcr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3622] cmd /c del "C:\WINDOWS\system32\itaodvcr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3859] command /c del "C:\WINDOWS\system32\iulewiis.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1372] cmd /c del "C:\WINDOWS\system32\iulewiis.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7711] command /c del "C:\WINDOWS\system32\ivqwgfya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3161] cmd /c del "C:\WINDOWS\system32\ivqwgfya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6441] command /c del "C:\WINDOWS\system32\mpjmyxur.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4386] cmd /c del "C:\WINDOWS\system32\mpjmyxur.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7234] command /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD94] cmd /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9024] command /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4887] cmd /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4740] command /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9940] cmd /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9209] command /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3157] cmd /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB359] command /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9810] cmd /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2660] command /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9715] cmd /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB879] command /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1890] cmd /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5144] command /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3111] cmd /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8680] command /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5422] cmd /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6637] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2024] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2733] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8459] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5238] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1659] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8799] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3826] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7742] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9734] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3754] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5688] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5489] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8466] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB481] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7885] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5796] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4536] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8211] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8032] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8496] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8995] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7724] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3642] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8407] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD544] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7748] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7651] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3512] command /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2617] cmd /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5650] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9752] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9822] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3683] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB470] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7297] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6568] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9768] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB39] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2952] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8802] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2189] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4463] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3392] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1401] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8780] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7517] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4708] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7919] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7720] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: fccyvus - fccyvus.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rqrppmn - rqrppmn.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Go to the top of the page
 
+Quote Post
LDTate
post Aug 20 2008, 06:48 PM
Post #2


Forum God
Group Icon

Group: Root Admin
Posts: 39,364
Joined: 23-September 04
From: Missouri, USA
Member No.: 15,276



Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
Go to the top of the page
 
+Quote Post
Cryostar
post Aug 21 2008, 02:30 PM
Post #3


New Member
*

Group: New Member
Posts: 11
Joined: 20-August 08
Member No.: 81,105
Operating System: XP
thanks for your help in advance. Tim

I followed your instructions:
My Computer - done
ATF download and ran - done
Anti-Malware download and ran copied results below - done
HiJackthis - downloaded and ran copied results below - done

Started computer normally and still end up with the popup window that has C system 32. I can start in safe mode only.

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

1:37:40 PM 8/21/2008
mbam-log-08-21-2008 (13-37-40).txt

Scan type: Quick Scan
Objects scanned: 41194
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{466b1d31-2912-4c04-bcbd-a5dae6808fd8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{466b1d31-2912-4c04-bcbd-a5dae6808fd8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79ae735f-9663-4b92-9602-39eb563fa30c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccyvus (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{79ae735f-9663-4b92-9602-39eb563fa30c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\malwarealarm.webinstall (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/conflict.1/webinst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\malwarealarm.webinstall.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spyshredder.webinstall (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spyshredder.webinstall.1 (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fca3958a-8d38-4d14-8b81-ccd7f68a8a01} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\CLSID\{182b90a3-f372-438a-800c-6814b4de417b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{4a3d609a-43b8-4406-b793-84f244246325} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\webinst.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webinst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fhnvsw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyvus.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jscaasjc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cjsaacsj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webinst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aeqjiijl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btnvqgge.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duwguxim.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frgqaz.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gymwqgmp.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irltogbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msmuobdk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfiagl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohjeyhlq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\ignored.lst (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\Program Files\VirusHeat 4.3\vpp.ini (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddayy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMd7fa611f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMd7fa611f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


Logfile of HijackThis v1.99.1
Scan saved at 7:07:43 PM, on 8/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis!\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {2D304198-89AC-4B3A-906C-E08C43C10617} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O2 - BHO: {8df8086e-ad5a-dbcb-40c4-219213d1b664} - {466b1d31-2912-4c04-bcbd-a5dae6808fd8} - C:\WINDOWS\system32\fhnvsw.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {79AE735F-9663-4B92-9602-39EB563FA30C} - C:\WINDOWS\system32\fccyvus.dll (file missing)
O2 - BHO: (no name) - {A3CA8F2C-0BA6-4430-A17A-137669ABB4FB} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A9C7EF9C-3C46-4C2E-98CE-F47630BCC4Ee} - C:\WINDOWS\system32\auhyksjm.dll (file missing)
O2 - BHO: (no name) - {AE9F64F6-C1B8-47A2-A3B9-1132F2B4B2F5} - C:\WINDOWS\system32\geedb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [d4c95283] rundll32.exe "C:\WINDOWS\system32\jscaasjc.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingC4834] cmd /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4325] command /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1142] cmd /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3394] command /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6818] cmd /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2093] command /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC384] cmd /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5752] command /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3588] cmd /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA417] command /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8548] cmd /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7795] command /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3966] cmd /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9407] command /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC441] cmd /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6032] command /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9236] cmd /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4412] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3626] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1278] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7985] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2133] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC264] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4522] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4638] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA651] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC832] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3781] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC380] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2463] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8226] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8641] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9990] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1116] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1881] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1411] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8900] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1652] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5718] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5730] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7017] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7210] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1895] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3038] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1839] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8150] command /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC887] cmd /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3523] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2448] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6797] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC950] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8514] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7293] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2615] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3934] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4130] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2880] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1441] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1382] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9938] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2128] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6245] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6458] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1037] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9826] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8296] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7881] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3214] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9551] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3984] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6585] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4400] command /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7137] cmd /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7340] command /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9967] cmd /c del "C:\WINDOWS\system32\fccyvus.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5257] command /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6778] cmd /c del "C:\WINDOWS\system32\geedb.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7679] command /c del "C:\WINDOWS\system32\gtnnfdoe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3379] cmd /c del "C:\WINDOWS\system32\gtnnfdoe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6187] command /c del "C:\WINDOWS\system32\cglqhuwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4461] cmd /c del "C:\WINDOWS\system32\cglqhuwa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3254] command /c del "C:\WINDOWS\system32\dasupmbk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5697] cmd /c del "C:\WINDOWS\system32\dasupmbk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1739] command /c del "C:\WINDOWS\system32\djuotvko.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8746] cmd /c del "C:\WINDOWS\system32\djuotvko.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB553] command /c del "C:\WINDOWS\system32\dnxlikvn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7285] cmd /c del "C:\WINDOWS\system32\dnxlikvn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB225] command /c del "C:\WINDOWS\system32\earsnlww.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3689] cmd /c del "C:\WINDOWS\system32\earsnlww.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB208] command /c del "C:\WINDOWS\system32\flkshokp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6259] cmd /c del "C:\WINDOWS\system32\flkshokp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5737] command /c del "C:\WINDOWS\system32\gtfynauk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4277] cmd /c del "C:\WINDOWS\system32\gtfynauk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4410] command /c del "C:\WINDOWS\system32\hfxuhsya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8194] cmd /c del "C:\WINDOWS\system32\hfxuhsya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2860] command /c del "C:\WINDOWS\system32\itaodvcr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3622] cmd /c del "C:\WINDOWS\system32\itaodvcr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3859] command /c del "C:\WINDOWS\system32\iulewiis.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1372] cmd /c del "C:\WINDOWS\system32\iulewiis.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7711] command /c del "C:\WINDOWS\system32\ivqwgfya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3161] cmd /c del "C:\WINDOWS\system32\ivqwgfya.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6441] command /c del "C:\WINDOWS\system32\mpjmyxur.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4386] cmd /c del "C:\WINDOWS\system32\mpjmyxur.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7234] command /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD94] cmd /c del "C:\WINDOWS\system32\nonrboct.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9024] command /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4887] cmd /c del "C:\WINDOWS\system32\onspomcn.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4740] command /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9940] cmd /c del "C:\WINDOWS\system32\pjdycipv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9209] command /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3157] cmd /c del "C:\WINDOWS\system32\qrvxodwk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB359] command /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9810] cmd /c del "C:\WINDOWS\system32\umcdabqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2660] command /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9715] cmd /c del "C:\WINDOWS\system32\wceixkpg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB879] command /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1890] cmd /c del "C:\WINDOWS\system32\auhyksjm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5144] command /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3111] cmd /c del "C:\WINDOWS\system32\bdrxuxnh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8680] command /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5422] cmd /c del "C:\WINDOWS\system32\bfyitoqr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6637] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2024] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2733] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8459] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5238] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1659] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8799] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3826] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7742] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9734] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3754] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5688] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5489] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8466] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB481] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7885] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5796] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4536] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8211] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8032] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8496] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8995] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7724] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3642] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8407] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD544] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7748] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7651] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3512] command /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2617] cmd /c del "C:\WINDOWS\system32\mobwkccg.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5650] command /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9752] cmd /c del "C:\WINDOWS\system32\bgtcowcj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9822] command /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3683] cmd /c del "C:\WINDOWS\system32\byltxwds.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB470] command /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7297] cmd /c del "C:\WINDOWS\system32\crbjlqjw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6568] command /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9768] cmd /c del "C:\WINDOWS\system32\daedgwug.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB39] command /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2952] cmd /c del "C:\WINDOWS\system32\ektvbkvw.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8802] command /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2189] cmd /c del "C:\WINDOWS\system32\hjonboqe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4463] command /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3392] cmd /c del "C:\WINDOWS\system32\ibrguwwy.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1401] command /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8780] cmd /c del "C:\WINDOWS\system32\kiqisawk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7517] command /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4708] cmd /c del "C:\WINDOWS\system32\knnbfapx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7919] command /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7720] cmd /c del "C:\WINDOWS\system32\kyojtumj.dll_old"
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: fccyvus - fccyvus.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rqrppmn - rqrppmn.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

This post has been edited by Cryostar: Aug 21 2008, 02:32 PM
Go to the top of the page
 
+Quote Post
LDTate
post Aug 21 2008, 02:51 PM
Post #4


Forum God
Group Icon

Group: Root Admin
Posts: 39,364
Joined: 23-September 04
From: Missouri, USA
Member No.: 15,276
Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish
Go to the top of the page
 
+Quote Post
Cryostar
post Aug 21 2008, 05:08 PM
Post #5


New Member
*

Group: New Member
Posts: 11
Joined: 20-August 08
Member No.: 81,105
Operating System: XP
Downloaded and ran Combofix and ran Hijack. Here are both the files. The computer booted up normally with Combofix. Again thanks.
ComboFix 08-08-21.01 - DANIEL RYAN 2008-08-21 17:46:04.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.790 [GMT -5:00]
Running from: C:\Documents and Settings\DANIEL RYAN\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\#SharedObjects\HVPP8JT4\interclick.com
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\#SharedObjects\HVPP8JT4\interclick.com\ud.sol
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\#SharedObjects\HVPP8JT4\www.broadcaster.com
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\#SharedObjects\HVPP8JT4\www.broadcaster.com\played_list.sol
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\#SharedObjects\HVPP8JT4\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\DANIEL RYAN\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\eodfnntg.ini
C:\WINDO