WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Don't know what happening on my computer, help

Started by dmar10s , Jan 20 2006 01:28 PM

This topic is locked

16 replies to this topic

#1 dmar10s

New Member

Authentic Member
11 posts

Posted 20 January 2006 - 01:28 PM

Logfile of HijackThis v1.99.0
Scan saved at 1:10:27 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\scvhost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
C:\windows\system32\rkdsregn.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\mwinlsap.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\program files\common files\aol\1134782023\ee\aexplore.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\common files\aol\1134782023\ee\aexplore.exe
C:\Hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\tbu00193\freeprod.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: (no name) - {E3CA4F33-81FD-FE5B-FC36-F0EA19BB7AB5} - C:\WINDOWS\system32\txqn.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvtu.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ctdegtorjqkl] C:\WINDOWS\System32\owcfiwurmvfuet.exe
O4 - HKLM\..\Run: [gvkbyrkr] C:\WINDOWS\gvkbyrkr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [sPIYG] C:\WINDOWS\aaonv.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [\SWO] C:\WINDOWS\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\WINDOWS\mrjj.exe
O4 - HKLM\..\Run: [noC=] C:\WINDOWS\mrjj.exe
O4 - HKLM\..\Run: [Java] C:\WINDOWS\LLIQ4.EXE
O4 - HKLM\..\Run: [{FB-BE-E1-12-ZN}] C:\windows\system32\rkdsregn.exe FI002
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinlsap.exe FI002
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [ctdegtorjqkl] C:\WINDOWS\System32\owcfiwurmvfuet.exe
O4 - HKLM\..\RunServices: [MNCA1] C:\WINDOWS\MNCA1.EXE
O4 - HKLM\..\RunServices: [EEOS2] C:\WINDOWS\EEOS2.EXE
O4 - HKLM\..\RunServices: [DGEK1] C:\WINDOWS\DGEK1.EXE
O4 - HKLM\..\RunServices: [PGCC2] C:\WINDOWS\PGCC2.EXE
O4 - HKLM\..\RunServices: [ONAS1] C:\WINDOWS\ONAS1.EXE
O4 - HKLM\..\RunServices: [JNXP2] C:\WINDOWS\JNXP2.EXE
O4 - HKLM\..\RunServices: [SBSK1] C:\WINDOWS\SBSK1.EXE
O4 - HKLM\..\RunServices: [TTWU2] C:\WINDOWS\TTWU2.EXE
O4 - HKLM\..\RunServices: [TBNV1] C:\WINDOWS\TBNV1.EXE
O4 - HKLM\..\RunServices: [SFVE2] C:\WINDOWS\SFVE2.EXE
O4 - HKLM\..\RunServices: [CMXE1] C:\WINDOWS\CMXE1.EXE
O4 - HKLM\..\RunServices: [RCCV2] C:\WINDOWS\RCCV2.EXE
O4 - HKLM\..\RunServices: [LRFF1] C:\WINDOWS\LRFF1.EXE
O4 - HKLM\..\RunServices: [LUSC2] C:\WINDOWS\LUSC2.EXE
O4 - HKLM\..\RunServices: [XKFJ1] C:\WINDOWS\XKFJ1.EXE
O4 - HKLM\..\RunServices: [KIMW2] C:\WINDOWS\KIMW2.EXE
O4 - HKLM\..\RunServices: [EXGD1] C:\WINDOWS\EXGD1.EXE
O4 - HKLM\..\RunServices: [AGGX2] C:\WINDOWS\AGGX2.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinlsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: Belkin 54g Wireless USB Network Adapter - Unknown - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service - Unknown - C:\WINDOWS\scvhost.exe
O23 - Service: Network Monitor - Unknown - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Advertisements

Register to Remove

#2 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 20 January 2006 - 06:49 PM

Hello dmar10s and Welcome to Tom Coyote,

Your hijackthis version is out-of-date. Please follow the instructions found on the link below and post a new hijackthis log here using Post Reply. You will see the hijackthis downloads in the left-hand column.
http://tomcoyote.org/hjt/

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 dmar10s

New Member

Authentic Member
11 posts

Posted 20 January 2006 - 07:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:59:55 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\ZGVsbCA\command.exe
C:\WINDOWS\scvhost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\windows\winsysban.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\mrtMngr.EXE
c:\windows\system32\rkdsregn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack\HijackThis.exe
C:\Program Files\Common Files\AOL\1134782023\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Documents and Settings\Dave\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\geeda.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - blank (file missing)
O2 - BHO: (no name) - {E3CA4F33-81FD-FE5B-FC36-F0EA19BB7AB5} - C:\WINDOWS\system32\txqn.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvtu.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinlsap.exe FI002
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [{FB-BE-E1-12-ZN}] c:\windows\system32\rkdsregn.exe FI002
O4 - HKLM\..\RunServices: [MNCA1] C:\WINDOWS\MNCA1.EXE
O4 - HKLM\..\RunServices: [EEOS2] C:\WINDOWS\EEOS2.EXE
O4 - HKLM\..\RunServices: [DGEK1] C:\WINDOWS\DGEK1.EXE
O4 - HKLM\..\RunServices: [PGCC2] C:\WINDOWS\PGCC2.EXE
O4 - HKLM\..\RunServices: [ONAS1] C:\WINDOWS\ONAS1.EXE
O4 - HKLM\..\RunServices: [JNXP2] C:\WINDOWS\JNXP2.EXE
O4 - HKLM\..\RunServices: [SBSK1] C:\WINDOWS\SBSK1.EXE
O4 - HKLM\..\RunServices: [TTWU2] C:\WINDOWS\TTWU2.EXE
O4 - HKLM\..\RunServices: [TBNV1] C:\WINDOWS\TBNV1.EXE
O4 - HKLM\..\RunServices: [SFVE2] C:\WINDOWS\SFVE2.EXE
O4 - HKLM\..\RunServices: [CMXE1] C:\WINDOWS\CMXE1.EXE
O4 - HKLM\..\RunServices: [RCCV2] C:\WINDOWS\RCCV2.EXE
O4 - HKLM\..\RunServices: [XKFJ1] C:\WINDOWS\XKFJ1.EXE
O4 - HKLM\..\RunServices: [KIMW2] C:\WINDOWS\KIMW2.EXE
O4 - HKLM\..\RunServices: [EXGD1] C:\WINDOWS\EXGD1.EXE
O4 - HKLM\..\RunServices: [AGGX2] C:\WINDOWS\AGGX2.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinlsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload197a.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: awvtu - C:\WINDOWS\SYSTEM32\awvtu.dll
O20 - Winlogon Notify: geeda - C:\WINDOWS\system32\geeda.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmkjg - C:\WINDOWS\SYSTEM32\pmkjg.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVsbCA\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#4 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 21 January 2006 - 07:04 AM

Hello dmar10s,

Please do the following:

STEP 1.
======
WinsockXPfix
Download WinsockXPfix
Do Not use it yet!
Later if you encounter problems connecting to the Internet, run this WinsockXPfix. You may not even need to do this but I want you to be aware of this fix if for some reason you cannot connect after rebooting.
Locate the Winsockxpfix.exe and double click and click Run.
The VB_WinFix Win 1.2 window will appear.
Click Fix

STEP 2.
======
Please open Add/Remove programs and uninstall New.Net or NewDotNet. If it is not listed, follow these instructions:

From a computer that has Internet access, click on NewDotNet Removal
If you get "the page cannot be displayed" when clicking on the removal link.
You may have winhelp's mvps hosts file installed, as www.newdotnet.com is a blocked site
Download and save uninstall6_90.exe (New.Net/Support/Uninstall exe file) to the Desktop.
Go to the Desktop and double-click on uninstall6_90.exe
Click on the OK button.
After removal, reboot.

STEP 3.
======
Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt

STEP 4.
======
Online Virus Scans

Use IE to run at least two of these online virus scans (Or more if you wish.), Reboot after each scan:

Bitdefender
Add a check by 'Autoclean'.
eTrust
'Cure' whatever is found, then delete if unsuccessful
Housecall
Put on 'Autoclean' and delete what it can't clean.
Panda ActiveScan
Accept default settings

If the above find things to clean, please re-run them to be sure the infections are gone. If not, please tell me what could not be cleared out.

Please post a new hijackthis log.

Edited by Susan528, 21 January 2006 - 07:12 AM.

#5 dmar10s

New Member

Authentic Member
11 posts

Posted 21 January 2006 - 10:18 AM

WOW, much improvement. Running online scanns..................you are GREAT!!!!! Dave PS Thank You :wavey:

VundoFix V4.0 Listing files found while scanning.... C:\WINDOWS\system32\pmkjg.dll C:\WINDOWS\system32\awvtu.dll C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak2 C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak2 C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\geeda.dll Attempting to delete C:\WINDOWS\system32\pmkjg.dll C:\WINDOWS\system32\pmkjg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\awvtu.dll C:\WINDOWS\system32\awvtu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.bak2 C:\WINDOWS\system32\adeeg.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\adeeg.ini2 Has been deleted! Performing Repairs to the registry. Done!

#6 dmar10s

New Member

Authentic Member
11 posts

Posted 21 January 2006 - 10:43 AM

Last Hijack scann, Panda found lots of "problems", throw up an ad t o purchase product, did it clean or not? I don't know. Will try another. I run PC Chillen, do not all pructucts find same problems, Panda seemed to find tons of issues.

Dave

Logfile of HijackThis v1.99.1
Scan saved at 10:38:50 AM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\ZGVsbCA\command.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
C:\windows\winsysban.exe
C:\windows\system32\rkdsregn.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - blank (file missing)
O2 - BHO: (no name) - {E3CA4F33-81FD-FE5B-FC36-F0EA19BB7AB5} - C:\WINDOWS\system32\txqn.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinlsap.exe FI002
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [{FB-BE-E1-12-ZN}] C:\windows\system32\rkdsregn.exe FI002
O4 - HKLM\..\RunServices: [MNCA1] C:\WINDOWS\MNCA1.EXE
O4 - HKLM\..\RunServices: [EEOS2] C:\WINDOWS\EEOS2.EXE
O4 - HKLM\..\RunServices: [DGEK1] C:\WINDOWS\DGEK1.EXE
O4 - HKLM\..\RunServices: [PGCC2] C:\WINDOWS\PGCC2.EXE
O4 - HKLM\..\RunServices: [ONAS1] C:\WINDOWS\ONAS1.EXE
O4 - HKLM\..\RunServices: [JNXP2] C:\WINDOWS\JNXP2.EXE
O4 - HKLM\..\RunServices: [SBSK1] C:\WINDOWS\SBSK1.EXE
O4 - HKLM\..\RunServices: [TTWU2] C:\WINDOWS\TTWU2.EXE
O4 - HKLM\..\RunServices: [TBNV1] C:\WINDOWS\TBNV1.EXE
O4 - HKLM\..\RunServices: [SFVE2] C:\WINDOWS\SFVE2.EXE
O4 - HKLM\..\RunServices: [CMXE1] C:\WINDOWS\CMXE1.EXE
O4 - HKLM\..\RunServices: [RCCV2] C:\WINDOWS\RCCV2.EXE
O4 - HKLM\..\RunServices: [XKFJ1] C:\WINDOWS\XKFJ1.EXE
O4 - HKLM\..\RunServices: [KIMW2] C:\WINDOWS\KIMW2.EXE
O4 - HKLM\..\RunServices: [EXGD1] C:\WINDOWS\EXGD1.EXE
O4 - HKLM\..\RunServices: [AGGX2] C:\WINDOWS\AGGX2.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinlsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload197a.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVsbCA\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#7 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 21 January 2006 - 02:51 PM

Hello dave,
Please do the following:

STEP 1.
======
Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\windows\system32\rkdsregn.exe
Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.

STEP 1.
======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

STEP 2.
======
Let’s check for Malware/Spyware on your computer which is best dealt with by spyware-removal programs used one after the other.

Spybot: Search and Destroy:

1.Download 'Spybot: Search And Destroy'.
2. Install it according to the instructions in 'How To Setup Spybot SD and Ad-Aware SE'.
3. Next, 'Search for Updates' as the definitions are not likely to be up-to-date.
4. Close ALL windows except Spybot SD
5. Click the "Check for Problems" button
6. Click 'Fix Selected Problems' and fix only the RED items.
7. REBOOT to finish removing what Spybot SD found and clear memory

Ad-Aware SE by Lavasoft:

1. Download 'Ad-Aware SE'.
2. Install according to the instructions in "How To Setup Spybot SD and Ad-Aware SE"
3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.
4. Install the updates.
5. Close ALL windows except Ad-Aware SE
6. Click on 'Start' and choose 'full scan' for a full scan.
7. Quarantine anything that it finds and SAVE the log file.
8.REBOOT to finish removing what Ad-Aware SE found and clear memory.

Please let me know if anything can not be cleaned by these utilities.

STEP 3.
======
Microsoft malicious Software Removal Tool.

Microsoft malicious Software Removal Tool.

Please follow these Instructions for downloading and running the Microsoft malicious Software Removal Tool.

Send me the results in your next reply. If any items are found, please be sure to send the log or to tell me the specific infection names.

STEP 4.
======
Open HijackThis. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - blank (file missing)
O2 - BHO: (no name) - {E3CA4F33-81FD-FE5B-FC36-F0EA19BB7AB5} - C:\WINDOWS\system32\txqn.dll
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\mwinlsap.exe FI002
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\RunServices: [MNCA1] C:\WINDOWS\MNCA1.EXE
O4 - HKLM\..\RunServices: [EEOS2] C:\WINDOWS\EEOS2.EXE
O4 - HKLM\..\RunServices: [DGEK1] C:\WINDOWS\DGEK1.EXE
O4 - HKLM\..\RunServices: [PGCC2] C:\WINDOWS\PGCC2.EXE
O4 - HKLM\..\RunServices: [ONAS1] C:\WINDOWS\ONAS1.EXE
O4 - HKLM\..\RunServices: [JNXP2] C:\WINDOWS\JNXP2.EXE
O4 - HKLM\..\RunServices: [SBSK1] C:\WINDOWS\SBSK1.EXE
O4 - HKLM\..\RunServices: [TTWU2] C:\WINDOWS\TTWU2.EXE
O4 - HKLM\..\RunServices: [TBNV1] C:\WINDOWS\TBNV1.EXE
O4 - HKLM\..\RunServices: [SFVE2] C:\WINDOWS\SFVE2.EXE
O4 - HKLM\..\RunServices: [CMXE1] C:\WINDOWS\CMXE1.EXE
O4 - HKLM\..\RunServices: [RCCV2] C:\WINDOWS\RCCV2.EXE
O4 - HKLM\..\RunServices: [XKFJ1] C:\WINDOWS\XKFJ1.EXE
O4 - HKLM\..\RunServices: [KIMW2] C:\WINDOWS\KIMW2.EXE
O4 - HKLM\..\RunServices: [EXGD1] C:\WINDOWS\EXGD1.EXE
O4 - HKLM\..\RunServices: [AGGX2] C:\WINDOWS\AGGX2.EXE
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\mwinlsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload197a.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVsbCA\command.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
Click Fix Checked.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Show Hidden Files
Please show all files for your system.
You will need to reverse this process when all steps are done.

Delete Files and Folders
Please delete the following files/folders:
C:\WINDOWS\ZGVsbCA\command.exe<==file
C:\windows\winsysban.exe<==file
C:\WINDOWS\system32\txqn.dll<==file
C:\WINDOWS\system32\mwinlsap.exe<==file
C:\windows\winsysupd.exe<==file
C:\WINDOWS\MNCA1.EXE<==file
C:\WINDOWS\EEOS2.EXE<==file
C:\WINDOWS\DGEK1.EXE<==file
C:\WINDOWS\PGCC2.EXE<==file
C:\WINDOWS\ONAS1.EXE<==file
C:\WINDOWS\JNXP2.EXE<==file
C:\WINDOWS\SBSK1.EXE<==file
C:\WINDOWS\TTWU2.EXE<==file
C:\WINDOWS\TBNV1.EXE<==file
C:\WINDOWS\SFVE2.EXE<==file
C:\WINDOWS\CMXE1.EXE<==file
C:\WINDOWS\RCCV2.EXE<==file
C:\WINDOWS\XKFJ1.EXE<==file
C:\WINDOWS\KIMW2.EXE<==file
C:\WINDOWS\EXGD1.EXE<==file
C:\WINDOWS\AGGX2.EXE<==file
C:\WINDOWS\system32\mwinlsap.exe<==file
C:\WINDOWS\system32\dwdsregt.exe<==file
C:\WINDOWS\scvhost.exe<==file
C:\Program Files\Network Monitor\netmon.exe<==file

Reboot normally and scan with HijackThis. Post (reply) with a new hijackthis log to this thread.
Please let us know of any complications you had and how the computer is behaving.

9. Scan again with HijackThis

10. POST a New HijackThis log here in this thread using 'Add Reply'.

#8 dmar10s

New Member

Authentic Member
11 posts

Posted 21 January 2006 - 07:05 PM

Service load: 0% 100% Here you go. You are amazing with all this..............thanks again. File: rkdsregn.exe Status: INFECTED/MALWARE MD5 069ccc201d2c95e38a58a231232f9037 Packers detected: - Scanner results AntiVir Found Adware-Spyware/ZenoSearch.M adware ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found Adware.ZenoSearch F-Prot Antivirus Found W32/Trojan.AVK Fortinet Found nothing Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.ZenoSearch.m NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found AdWare.Win32.ZenoSearch.m

#9 dmar10s

New Member

Authentic Member
11 posts

Posted 21 January 2006 - 10:00 PM

MS Removal tool came clean all the way, on to next step........

#10 dmar10s

New Member

Authentic Member
11 posts

Posted 21 January 2006 - 10:41 PM

Could not locate all files listed to delete, they were not there. Good/Bad? latest Hijack scan. Computer running much better,

Logfile of HijackThis v1.99.1
Scan saved at 10:38:03 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Documents and Settings\Dave\Desktop\HijackThis.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [{FB-BE-E1-12-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Advertisements

Register to Remove

#11 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 22 January 2006 - 04:19 AM

Hello again Dave,

Your log looks much better! Good Work!

Just a few items to clean and then I would like to see the results from another scan.

STEP 1.
======
Stop and Disable Service

Go to Start > Run and type in Services.msc then cllick OK
Click the Extended tab.
Scroll down until you find Service: Local Security Authority Subsystem Service (lsass)
Click once on the service to highlight it.
Click Stop
Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on ‘Disabled'
Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

STEP 2.
======
Open HijackThis. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [{FB-BE-E1-12-ZN}] c:\windows\system32\dwdsregt.exe FI002
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
Click Fix Checked.

Show Hidden Files
Please show all files for your system.
You will need to reverse this process when all steps are done.

Delete Files and Folders
Please delete the following files/folders:
c:\windows\system32\dwdsregt.exe<==file
If you have any problem deleting these items, reboot into Safe Mode (tap F8 during bootup, use arrow keys to select Safe Mode, then hit 'enter') and try again.

Reboot normally and scan with HijackThis. Post (reply) with a new hijackthis log to this thread.
Please let us know of any complications you had and how the computer is behaving.

STEP 3.
======
Download Ewido

Download and install Ewido Security Suite It is a free trial version of the program.
Install ewido security suite
Launch ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen

STEP 4.
======
Update Ewido
You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 5.
======
Ewido Scan
Once the updates are installed do the following:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.**
o You will need to step through the process of cleaning files one-by-one.
o If ewido detects a file you KNOW to be legitimate, select none as the action.
o DO NOT select "Perform action on all infections"
o If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Please post the report results from ewido.

#12 dmar10s

New Member

Authentic Member
11 posts

Posted 22 January 2006 - 07:39 PM

Hello,

Are you a football fan??? Computer running pretty good, IE shutdown one time today do to "un-expected error". Some of the files you tell me to find and delete are not always there, should this concern me at this point? Here is latest hijack scan, working on ewido now....................thank you again.

Dave

Logfile of HijackThis v1.99.1
Scan saved at 7:35:21 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\Documents and Settings\Dave\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#13 Susan528

SuperMember

Authentic Member
3,194 posts

Posted 22 January 2006 - 07:56 PM

I am in front of the TV watching some football--maybe not as intently as the others here. Your hijackthis scan looks good but I want to see the results of the ewido 'cause the hijackthis logs don't tell everything. Don't worry about not being able to find files. Sometimes these files are deleted by steps before but I cannot always determine that, so it is safer to tell you to look for them and delete them.

#14 dmar10s

New Member

Authentic Member
11 posts

Posted 22 January 2006 - 08:27 PM

Whats the score?? I am watching DVD of U2, Rattle and hummmmm here is next scan does this ever end? I deleted all it came up with, without regret. ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 8:24:25 PM, 1/22/2006 + Report-Checksum: B54DCFA + Scan result: HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Error during cleaning HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup C:\Documents and Settings\Christina\Local Settings\Temporary Internet Files\Content.IE5\KGF3Y7RC\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Dave\Desktop\uninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD2.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD3.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD4.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD5.tmp\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD6.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD7.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD8.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temp\ICD9.tmp\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\JB5FF9OW\ff2[1] -> Adware.Virtumonde : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\OEZGQJKZ\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\PR739HWY\WinFixer2006FreeInstall[1].cab/UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\PR739HWY\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N5RKDX1J\elt888[1].exe -> Logger.Agent.hi : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N5RKDX1J\myc[1].exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N5RKDX1J\ZIFI002[1].exe -> Adware.ZenoSearch : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NISE0GQ3\876057[1].exe -> Adware.Mirar : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\0006_regular[2].cab/istactivex.dll -> Downloader.IstBar : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\drsmartload197a[1].exe -> Downloader.Adload.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\drsmartload_js[2].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\justin[1].exe -> Adware.EZula : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\media[1].cab/access.ocx -> Spyware.2Search : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\wow[1].exe/DRSMAR~1.EXE.exe -> Downloader.Adload.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\wow[1].exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\wow[1].exe/elt888.exe -> Logger.Agent.hi : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8LVBU1K\wow[2].exe/mc-110-12-0000179.exe -> Spyware.Maxifiles : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XDKCVZ6D\!update-3120[1].0000 -> Downloader.PurityScan.be : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XDKCVZ6D\!update-3195[1].0000 -> Downloader.PurityScan.be : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XDKCVZ6D\drsmartload197a[1].exe -> Downloader.Adload.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XDKCVZ6D\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XDKCVZ6D\installer_251[1].exe -> Downloader.Qoologic.al : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfk4kidzkdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wfkounczkeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjk4khazkko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjk4klcpkbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjkyoldpmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjkyspczifp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjl4apczafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjliajdpkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjliqmc5wkp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjloggczelq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjlokodjseo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjlospc5mao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjmiemczkdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjmywgd5eeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjny-1ocpab.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjnyokczefp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@e-2dj6wjnywjc5aep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Tony\Cookies\tony@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1004\Dc63.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1004\Dc66.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1004\Dc67.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc104.exe -> Downloader.Adload.j : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc109.exe/mc-110-12-0000179.exe -> Spyware.Maxifiles : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc111.exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc133.txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc141.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc154\Programs\SET4E.tmp -> Spyware.WebHancer : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc155\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc155\SAccU.exe -> Adware.SurfAccuracy : Error during cleaning C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc158.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc166.exe -> Adware.ZenoSearch : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc169.exe -> Downloader.Adload.j : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc95.exe -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc96.exe -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc99.exe/DRSMAR~1.EXE.exe -> Downloader.Adload.j : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc99.exe/drsmartload197a.exe -> Downloader.Adload.j : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-1006\Dc99.exe/elt888.exe -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc2.exe -> Adware.ZenoSearch : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc4.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc5.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc6.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc7.EXE -> Logger.Agent.hi : Cleaned with backup C:\RECYCLER\S-1-5-21-1343024091-1965331169-682003330-500\Dc8.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\DGEK1.EXE -> Logger.Agent.hi : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.dll -> Downloader.IstBar : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N57M0912NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup C:\WINDOWS\elt888.exe -> Logger.Agent.hi : Cleaned with backup C:\WINDOWS\justin.exe -> Adware.EZula : Cleaned with backup C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\SET56.tmp -> Spyware.WebHancer : Cleaned with backup C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\WINDOWS\system32\rkdsregn.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup ::Report End

#15 dmar10s

New Member

Authentic Member
11 posts

Posted 22 January 2006 - 08:43 PM

test Hijack scan

Logfile of HijackThis v1.99.1
Scan saved at 8:40:28 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Documents and Settings\Dave\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BELSTA.EXE] BELSTA.EXE START
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134782023\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125180052698
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127995025328
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Body Background

skin color theme