Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed]Hijackthis Log

Started by JDX , Jul 20 2007 08:32 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 JDX

JDX

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 20 July 2007 - 08:32 AM

My computer has just started to really show spyware issues the last few days. My computer was completely stable (hasn't frozen or rebooted since i got it running again) until the other night, I left it on and woke up in the morning to find it had rebooted on its own and was now on the log in screen. I logged in and then as soon as it finished loading and windows started to come up, it rebooted again! So i tried logging in again, same problem. I then turned it off and waited for a while and turned it back on. I was able to log in and use it but now it reboots at random times. I know what it is, it's spyware. My computer also started acting slow over the few days. (not to mention having pop-ups on firefox, which i never had before, that's why i don't use IE) I have "Win-Spy Shareware" on my taskbar and I can't get rid of the software, I tried scanning with Spyware Doctor last night and it showed up and acted like it was getting rid of it, but it didn't. Then I restarted and it wanted to do another scan, so I let it go and went to bed. Woke up and my computer was rebooted again.

This is my Hijackthis Log that i just made.

*hold on*Logfile of HijackThis v1.99.1
Scan saved at 7:30:51 AM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\TmV3IFVzZXI\command.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\jhdiauf.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\VIA\SETICON\winicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\jhdiaufA.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\System32\OS64check\services.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe
C:\WINDOWS\msmpls.exe
C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JD\LOCALS~1\Temp\Rar$EX00.231\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [winicon] C:\Program Files\VIA\SETICON\winicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe CHD003
O4 - HKLM\..\Run: [jhdiaufA] C:\WINDOWS\jhdiaufA.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7
8F0287E55E246220D9E728F80D6664366DB7D5375FB0FB68AD6
O4 - HKLM\..\Run: [TaskRem] C:\WINDOWS\System32\OS64check\services.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\euqrmqiv.dll",realset
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Toce] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Dkz] "C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\JD\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\JD\Application Data\Microsoft\Windows\odaea.exe
O4 - Startup: Anapod Manager.lnk = C:\ATI Demos\Anapod Explorer\anamgr.exe
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm934
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JD\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172101082631
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ?A?C
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmV3IFVzZXI\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\jhdiauf.exe

Edited by JDX, 20 July 2007 - 08:36 AM.

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 20 July 2007 - 03:04 PM

Hi! Welcome to the Tom Coyote forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Rename HijackThis
There is probably an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Please rename hijackthis.exe to hello.exe

Now scan again and post a new log, please.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 JDX

JDX

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 21 July 2007 - 01:22 AM

Sweet, Thanks. Heres the updated log...

Logfile of HijackThis v1.99.1
Scan saved at 12:21:16 AM, on 7/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\TmV3IFVzZXI\command.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\VIA\SETICON\winicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\qwerty12.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\jhdiaufA.exe
C:\WINDOWS\smanager.7.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\retadpu572.exe
C:\WINDOWS\System32\OS64check\services.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe
C:\WINDOWS\jhdiauf.exe
C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\WinPop\winpop.exe
C:\WINDOWS\msmpls.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\ATI Demos\Anapod Explorer\anamgr.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\aim6\anotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTPdeSrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JD\Desktop\hello.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-40FC-93F6-9F1B4CDBA9C8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {02926036-1591-4920-8EDB-9DEB37A73F8C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A863EA-4452-447C-941C-4FACF5C2FA36} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\System32\hggedbx.dll
O2 - BHO: (no name) - {0D3B2489-87EE-46F6-AD7D-723644750431} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {14AF74E3-9CE2-4C84-A95C-420CFE155525} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1695B6F8-43A0-4650-A56C-5E05551C9593} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1B907DF7-7A66-40EE-ABBB-8CF05AB3EF77} - C:\Program Files\Online Services\hosebujut83122.dll
O2 - BHO: (no name) - {2091C322-78B8-47F6-A7E5-BA506D4F161A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2D356368-B4D5-48E8-82CF-DB8CA51790B5} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2E19CBAD-7363-029F-1C16-28C7E807B3BC} - C:\WINDOWS\System32\vzoyq.dll (file missing)
O2 - BHO: (no name) - {2E681AA2-7C16-44BD-9FDD-0D4CAD521340} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {406748CE-8FDE-47C2-A769-2CD03DD2E8C8} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {46483FAC-D468-F59E-1A13-888DBD568FEC} - C:\WINDOWS\System32\ifbtdv.dll
O2 - BHO: (no name) - {4C4654CC-9CF8-4BF6-A62F-874CAB7C8059} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {4DE9EF9E-04BE-4C9D-9032-07DB9C593BE6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FE9F0D2-E3AB-4BCC-8DC5-5083BB5C83F1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\ngftgrjj.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5FD1BE21-9E53-48E5-85A3-D4B0393B024A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {63269E2C-B473-4E38-8FAF-F85D57F3D0B6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {75F1C3E2-CB1B-4B37-BEFD-07BE6ED387D1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {7707F1CC-11B9-4A44-9988-8E46FF472E9B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {915E3F62-EEEA-4865-A351-27B7106D17FB} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {92A38B27-4568-4816-958D-26FB59847A58} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9738F504-8C7B-4050-9D22-3A068A9A6DE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9C78C3A2-AA12-40EA-8076-C8EAF31179FE} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {AC92E576-2327-4B32-B61D-9E1D3C02DAE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {ADF79F03-0E61-4BAE-A88C-6E229EF7298D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {BC9D3EDB-4AB6-45CD-91C8-7F7B76DE87EA} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {C45E565E-4F86-4D68-978D-AE81312BFB0D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D0A8099D-7FD0-4215-8803-0BC846BFDE47} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D18B2D71-8D39-4354-9DDE-9313DB936F8B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D4B96AF4-42CC-44DB-81D4-B0B1A3592805} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D746A57C-4D47-4B58-94FC-E5CE34A2562F} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D782A6A3-A6E3-47FE-A127-368A42D1989B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E03E5FF9-3886-406D-80EA-BB17C1900387} - C:\WINDOWS\System32\yayvu.dll
O2 - BHO: (no name) - {E077BB61-D373-4281-971E-C0E4276C8E8A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E65D49DA-01DE-458F-8BCF-50F6012A8401} - C:\WINDOWS\System32\jfiaeuns.dll
O2 - BHO: (no name) - {E7B8CC11-9200-4FD9-9088-4BE87B8002F6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA028E4E-5641-4C8B-9F6B-0CA6225FBDB0} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {EC05920D-B58F-4DE7-BA41-22432427367C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [winicon] C:\Program Files\VIA\SETICON\winicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe CHD003
O4 - HKLM\..\Run: [jhdiaufA] C:\WINDOWS\jhdiaufA.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB003" /M "Stylus CX5400"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7
8F0287E55E246220D9E728F80D6664366DB7D5375FB0FB68AD6
O4 - HKLM\..\Run: [TaskRem] C:\WINDOWS\System32\OS64check\services.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\ckkgbhin.dll",realset
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Toce] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Dkz] "C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\JD\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\JD\Application Data\Microsoft\Windows\odaea.exe
O4 - Startup: Anapod Manager.lnk = C:\ATI Demos\Anapod Explorer\anamgr.exe
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm934
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JD\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172101082631
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ?A?C
O20 - Winlogon Notify: hggedbx - C:\WINDOWS\SYSTEM32\hggedbx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winuuv32 - C:\WINDOWS\SYSTEM32\winuuv32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: yayvu - C:\WINDOWS\System32\yayvu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TmV3IFVzZXI\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\jhdiauf.exe

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 July 2007 - 03:42 AM

Hello JDX

Download AVG Anti-Spyware.
  • Install AVG Anti-Spyware.
  • Launch AVG by double-clicking on the icon.
  • The program will now open to the main screen.
  • You will need to update AVG to the latest definition files.
  • At the top of the main screen click Update.
  • Then in the Manual Update section, click on Start Update.
[*]The update will start and a progress bar will show the updates being installed.
[*]When updates are completed, close AVG.
[/list]If you are having problems with the updater, you can use this link to manually update AVG.
AVG manual updates

Download and Run ComboFix
  • Download this file from below:

    Here
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Run a scan with AVG.
  • Click on Scanner
    • Click on the Settings tab, and set the following settings.
      • How to act
      • Click on Recommended actions, and set to Quarantine.
    • How to scan
      • Check all options.
    • Possibly unwanted software.
      • Check all options.
    • Reports
      • Uncheck Automatically generate report after every scan.
      • Uncheck Only if threats were found.
    • What to scan
      • Check Scan every file.
  • Click on the Scan tab.
    • Click on Complete System Scan and the scan will begin.
    • When the scan has finished
    • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the Apply all Actions button.
Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Post bacl with the AVG report, the Combofix log and a new HijackThis log, please.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#5 JDX

JDX

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 22 July 2007 - 12:04 AM

Heres the AVG Report, I'm doing the other 2 now.

AVG REPORT

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:47:13 PM 10/21/2006

+ Scan result:



HKLM\SOFTWARE\180solutions -> Adware.180Solutions : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Adware.180Solutions : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Ignored.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\aurora -> Adware.BetterInternet : Ignored.
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand -> Adware.BlazeFind : Ignored.
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand.1 -> Adware.BlazeFind : Ignored.
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CLSID -> Adware.BlazeFind : Ignored.
HKLM\SOFTWARE\Classes\WindowsSaBand.WinSaBand\CurVer -> Adware.BlazeFind : Ignored.
HKLM\SOFTWARE\Classes\.b3dini -> Adware.BrilliantDigital : Ignored.
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO.1 -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1 -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\bho.IAdvertisementBHO -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\bho.IAdvertisementBHO.1 -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\bho.IAdvertisementBHO\CLSID -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\bho.IAdvertisementBHO\CurVer -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Installed -> Adware.BrowserAid : Ignored.
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity.1 -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CLSID -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CSSecurity.HTMLSecurity\CurVer -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CometCursor.CometCursor -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CometCursor.CometCursor.1 -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CometCursor.CometCursor\CLSID -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\CometCursor.CometCursor\CurVer -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl.1 -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CLSID -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMProxy.DMProxyCtl\CurVer -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMServer.DMNotify -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMServer.DMNotify.1 -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CLSID -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Classes\DMServer.DMNotify\CurVer -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCAR -> Adware.CometCursor : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWAR -> Adware.CometCursor : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\DealHelper -> Adware.DealHelper : Ignored.
HKLM\SOFTWARE\Dsi -> Adware.Delfin : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\IntermixMedia -> Adware.Ezula : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\IntermixMedia\Toolbar2 -> Adware.Ezula : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Homeland Network -> Adware.Homelandnetwork : Ignored.
HKLM\SOFTWARE\Homeland Network\CONFIG -> Adware.Homelandnetwork : Ignored.
HKLM\SOFTWARE\Homeland Network\UPDATE -> Adware.Homelandnetwork : Ignored.
HKLM\SOFTWARE\Classes\AppID\Wallpaper.DLL -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Classes\Contact.Contacts -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\ShopperReports -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\ShopperReports\ShopperReports -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\ShopperReports -> Adware.HotBar : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\ShopperReports\ShopperReports -> Adware.HotBar : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\ShopperReports\ShopperReports\PostInstaller -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Classes\Wbho.Band -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Classes\Wbho.Band.1 -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\intexp -> Adware.IEPlugin : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\intexp\Config -> Adware.IEPlugin : Ignored.
HKU\S-1-5-21-583907252-492894223-1060284298-1004\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Ignored.
HKLM\SOFTWARE\Classes\Tchk.TChkBHO -> Adware.InetSpeak : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.BarRuler -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.BarRuler\Clsid -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PowerSearch -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\PerfectNav\BHO -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\PerfectNav\BHO\HomePage -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\PerfectNav\BHO\RedirectURLS -> Adware.KeenValue : Ignored.
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Ignored.
HKLM\SOFTWARE\MemoryWatcher -> Adware.MemoryWatcher : Ignored.
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Ignored.
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NavHelper -> Adware.NavExcel : Ignored.
HKLM\SOFTWARE\NavExcel -> Adware.NavExcel : Ignored.
HKLM\SOFTWARE\NavExcel\NavHelper -> Adware.NavExcel : Ignored.
HKLM\SOFTWARE\NavExcel\NavHelper\v2.0.4d -> Adware.NavExcel : Ignored.
HKLM\SOFTWARE\Classes\MP.MediaPops -> Adware.NetworkEssentials : Ignored.
HKLM\SOFTWARE\Classes\MP.MediaPops.1 -> Adware.NetworkEssentials : Ignored.
HKLM\SOFTWARE\Classes\MP.MediaPops\CLSID -> Adware.NetworkEssentials : Ignored.
HKLM\SOFTWARE\Classes\MP.MediaPops\CurVer -> Adware.NetworkEssentials : Ignored.
HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Ignored.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignored.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\toolbar.IToolbarScriptClass\Clsid -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO_UNINSTALL -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Toolbar -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Toolbar\PlugIns -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\btlink -> Adware.WebSearch : Ignored.
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc -> Adware.WebSearch : Ignored.
HKLM\SYSTEM\ControlSet002\Services\WinToolsSvc\Security -> Adware.WebSearch : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Adware.WebSearch : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Adware.WebSearch : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Adware.WebSearch : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.Band -> Adware.Xupiter : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.Band.1 -> Adware.Xupiter : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.Band\CLSID -> Adware.Xupiter : Ignored.
HKLM\SOFTWARE\Classes\Toolbar.Band\CurVer -> Adware.Xupiter : Ignored.


::Report end

#6 JDX

JDX

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 22 July 2007 - 03:39 AM

Hmmm...I couldn't get the combo thing to work all the way, but I did the other one.
Heres the Hijackthis log now.

Logfile of HijackThis v1.99.1
Scan saved at 02:37, on 2007-07-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\VIA\SETICON\winicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\jhdiaufA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\OS64check\services.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\msmpls.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\qwerty12.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\JD\Desktop\hello.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
N3 - Netscape 7: # Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.o...zing.html#prefs
*/

user_pref("aim.session.firsttime", false);
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\Documents and Settings\\JD\\Desktop");
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://yahoo.sbc.com/dsl");
user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
user_pref("dom.disable_open_during_load", true);
user_pref("editor.history_title_0", "Juno E-mail on the Web"
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02926036-1591-4920-8EDB-9DEB37A73F8C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A863EA-4452-447C-941C-4FACF5C2FA36} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\hggedbx.dll
O2 - BHO: (no name) - {0D3B2489-87EE-46F6-AD7D-723644750431} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {14AF74E3-9CE2-4C84-A95C-420CFE155525} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1695B6F8-43A0-4650-A56C-5E05551C9593} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1B907DF7-7A66-40EE-ABBB-8CF05AB3EF77} - C:\Program Files\Online Services\hosebujut83122.dll (file missing)
O2 - BHO: (no name) - {2091C322-78B8-47F6-A7E5-BA506D4F161A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2D356368-B4D5-48E8-82CF-DB8CA51790B5} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2E19CBAD-7363-029F-1C16-28C7E807B3BC} - C:\WINDOWS\System32\vzoyq.dll (file missing)
O2 - BHO: (no name) - {2E681AA2-7C16-44BD-9FDD-0D4CAD521340} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {3C1D6236-8A8C-408B-A9F9-7F07B119BE83} - C:\WINDOWS\System32\qtnagcwa.dll
O2 - BHO: (no name) - {406748CE-8FDE-47C2-A769-2CD03DD2E8C8} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {46483FAC-D468-F59E-1A13-888DBD568FEC} - C:\WINDOWS\System32\ifbtdv.dll (file missing)
O2 - BHO: (no name) - {4C4654CC-9CF8-4BF6-A62F-874CAB7C8059} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {4DE9EF9E-04BE-4C9D-9032-07DB9C593BE6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {4FE9F0D2-E3AB-4BCC-8DC5-5083BB5C83F1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5FD1BE21-9E53-48E5-85A3-D4B0393B024A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {63269E2C-B473-4E38-8FAF-F85D57F3D0B6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {75F1C3E2-CB1B-4B37-BEFD-07BE6ED387D1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {7707F1CC-11B9-4A44-9988-8E46FF472E9B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {915E3F62-EEEA-4865-A351-27B7106D17FB} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {92A38B27-4568-4816-958D-26FB59847A58} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9738F504-8C7B-4050-9D22-3A068A9A6DE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9C78C3A2-AA12-40EA-8076-C8EAF31179FE} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {AC92E576-2327-4B32-B61D-9E1D3C02DAE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {ADF79F03-0E61-4BAE-A88C-6E229EF7298D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {BC9D3EDB-4AB6-45CD-91C8-7F7B76DE87EA} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {C45E565E-4F86-4D68-978D-AE81312BFB0D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D0A8099D-7FD0-4215-8803-0BC846BFDE47} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D18B2D71-8D39-4354-9DDE-9313DB936F8B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D4B96AF4-42CC-44DB-81D4-B0B1A3592805} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D746A57C-4D47-4B58-94FC-E5CE34A2562F} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D782A6A3-A6E3-47FE-A127-368A42D1989B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E077BB61-D373-4281-971E-C0E4276C8E8A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E65D49DA-01DE-458F-8BCF-50F6012A8401} - C:\WINDOWS\System32\qtnagcwa.dll
O2 - BHO: (no name) - {E7B8CC11-9200-4FD9-9088-4BE87B8002F6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA028E4E-5641-4C8B-9F6B-0CA6225FBDB0} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {EC05920D-B58F-4DE7-BA41-22432427367C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {F5943073-D31D-41D1-AED2-61609C30592C} - C:\WINDOWS\System32\ljhgg.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CellVision WLAN Monitor] C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [winicon] C:\Program Files\VIA\SETICON\winicon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TaskRem] C:\WINDOWS\System32\OS64check\services.exe
O4 - HKLM\..\Run: [jhdiaufA] C:\WINDOWS\jhdiaufA.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\nmyksyri.dll",realset
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Toce] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Dkz] "C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Epson all-in-one Registration.lnk = D:\Titles\Ereg\EPSONREG.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm934
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\JD\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0025.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172101082631
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ?A?C
O20 - Winlogon Notify: hggedbx - C:\WINDOWS\SYSTEM32\hggedbx.dll
O20 - Winlogon Notify: ljhgg - C:\WINDOWS\System32\ljhgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - F:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 22 July 2007 - 04:46 AM

Hi JDX

Try running this first, then try Combofix again.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Now run Combofix again.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#8 JDX

JDX

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 23 July 2007 - 02:37 PM

YAY! that worked. Heres the combofix report.

"JD" - 2007-07-22 19:37:13 - ComboFix 07-07-22.2 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\hhwyleoe.dll
C:\WINDOWS\system32\vifhwdin.dll
C:\WINDOWS\system32\eoelywhh.ini
C:\WINDOWS\system32\gghjl.bak1
C:\WINDOWS\system32\gghjl.ini
C:\WINDOWS\system32\gghjl.bak1
C:\WINDOWS\system32\gghjl.ini
C:\WINDOWS\system32\ljhgg.dll
C:\WINDOWS\system32\hggedbx.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\exqcxwwl.exe
C:\WINDOWS\system32\fisdgque.exe
C:\WINDOWS\system32\vxhvnejr.exe
C:\WINDOWS\system32\wfqcrwcq.exe
C:\WINDOWS\system32\xwpvfcxl.exe
C:\WINDOWS\system32\yjxypmgc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))


2007-07-22 13:05 <DIR> d-------- C:\VundoFix Backups
2007-07-21 16:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 21:26 <DIR> d-------- C:\WINDOWS\E31C348B63A94CBF8D7FD932ABB63244.TMP
2007-07-19 16:22 4,812 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-19 16:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-19 16:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-19 16:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-19 16:08 2,000 --a------ C:\WINDOWS\slog.dll
2007-07-19 07:49 <DIR> d-------- C:\WINDOWS\system32\OS64check
2007-07-19 07:48 94,208 --a------ C:\WINDOWS\msmmsgr.exe
2007-07-19 07:48 61,440 --a------ C:\WINDOWS\msmpls.exe
2007-07-19 07:48 344,064 --a------ C:\WINDOWS\host32.exe
2007-07-19 05:06 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
2007-07-18 23:28 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-07-18 23:27 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-18 23:27 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-18 23:27 <DIR> d--hs---- C:\WINDOWS\TmV3IFVzZXI
2007-07-18 23:21 465,186 --a------ C:\Temp\bY001.exe
2007-07-18 23:11 <DIR> d-------- C:\WINDOWS\system32\Z11
2007-07-18 23:11 <DIR> d-------- C:\Tempc2
2007-07-18 23:10 <DIR> d-------- C:\Temp\brr
2007-07-18 22:23 <DIR> d-------- C:\I Am Jen
2007-07-15 22:12 <DIR> d-------- C:\Program Files\Enhanced Uninstaller
2007-07-14 22:23 <DIR> dr-hs---- C:\Program Files\PSCS
2007-07-14 10:55 3 --a------ C:\WINDOWS\zclient.dll
2007-07-14 10:55 19 --a------ C:\WINDOWS\MCLDR.dll
2007-07-14 10:55 <DIR> d-------- C:\WINDOWS\system32\OS32check
2007-07-14 10:54 <DIR> d-------- C:\Program Files\Accessories
2007-07-11 03:29 22,016 --a------ C:\WINDOWS\b138.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 02:21:38 -------- d-----w C:\Program Files\TrueAssistant
2007-07-22 19:39:55 -------- d-----w C:\Program Files\Sonic Foundry
2007-07-22 05:54:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-22 05:54:07 -------- d-----w C:\Program Files\iPod
2007-07-22 00:54:12 -------- d-----w C:\Program Files\MusicMatch
2007-07-22 00:51:47 -------- d-----w C:\Program Files\MySpace
2007-07-22 00:15:45 -------- d-----w C:\Program Files\zpocNEW
2007-07-22 00:14:53 -------- d-----w C:\Program Files\BitComet
2007-07-21 21:13:19 -------- d-----w C:\Program Files\Spyware Doctor
2007-07-20 06:12:23 -------- d-----w C:\Program Files\DAP
2007-07-20 04:26:24 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-19 06:11:28 -------- d-----w C:\Program Files\Online Services
2007-07-19 04:44:53 -------- d-----w C:\Program Files\Soulseek
2007-07-17 04:14:10 -------- d-----w C:\Program Files\Juno
2007-07-11 20:05:22 -------- d-----w C:\Program Files\Winamp
2007-07-08 00:09:38 -------- d-----w C:\Program Files\ZPoC
2007-06-18 04:46:14 -------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-06-18 04:06:27 -------- d-----w C:\Program Files\EPSON
2007-06-16 23:56:09 -------- d-----w C:\Program Files\WebCopier -- Jared's Transformer Web Site Info
2007-06-16 19:53:02 -------- d-----w C:\DOCUME~1\JD\APPLIC~1\Lavasoft
2007-06-16 01:36:01 -------- d-----w C:\Program Files\Replay Converter
2007-06-16 00:15:19 1,889,198 --sha-w C:\WINDOWS\system32\defii.ini2
2007-06-15 15:51:48 1,837,280 --sha-w C:\WINDOWS\system32\defii.bak2
2007-06-14 05:55:15 1,836,776 --sha-w C:\WINDOWS\system32\defii.bak1
2007-06-13 02:56:50 -------- d-----w C:\Program Files\iPod To Computer Transfer
2007-06-11 06:51:35 -------- d-----w C:\DOCUME~1\JD\APPLIC~1\Viewpoint
2007-06-09 14:41:20 -------- d-----w C:\DOCUME~1\JD\APPLIC~1\Sony
2007-06-06 01:16:53 -------- d-----w C:\Program Files\AIM6
2007-06-06 00:40:35 -------- d-----w C:\Program Files\Common Files\wqfr
2007-06-05 22:59:18 102,400 ----a-w C:\WINDOWS\MBDownloader_876916.exe
2007-06-05 00:53:38 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-04 02:28:50 -------- d-----w C:\Program Files\Vstplugins
2007-06-02 18:30:56 -------- d-----w C:\Program Files\appleJuice
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-26 06:41:02 -------- d-----w C:\Program Files\Sony Setup
2007-05-26 06:40:28 -------- d-----w C:\Program Files\New Folder (2)
2007-05-26 06:12:59 -------- d-----w C:\DOCUME~1\JD\APPLIC~1\Sony Setup
2007-05-19 22:33:06 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll
2007-05-19 22:33:03 225,280 ----a-w C:\WINDOWS\system32\ReWire.dll
2007-05-15 23:18:25 44 ----a-w C:\WINDOWS\system32\winitn.dll
2007-05-15 23:18:21 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
2007-05-15 23:18:21 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
2007-05-15 23:18:21 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
2007-05-15 23:18:21 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
2007-05-09 18:03:31 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-09 18:03:30 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-11-28 01:09:32 21,776 ----a-w C:\DOCUME~1\JD\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-12-24 08:16:52 66,560 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MiconoRGBSurface160.DLL
2005-12-24 08:16:51 265,728 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MiconoRbTIFFLib101b3.dll
2005-12-24 08:16:51 222,208 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MiconoRbRNGLib130b1.dll
2005-12-24 08:16:50 61,440 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSQTImporterPlugin4175.dll
2005-12-24 08:16:50 44,032 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSMainPlugin4070.dll
2005-12-24 08:16:50 39,936 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MiconoPCX.DLL
2005-12-24 08:16:50 36,352 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSFolderitemsPlugin4070.dll
2005-12-24 08:16:50 36,352 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSFolderitemsCreatePlugin4070.dll
2005-12-24 08:16:50 191,488 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MiconoRbJPEGLib110b5.dll
2005-12-24 08:16:46 80,384 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSPicturePlugin4070.dll
2005-12-24 08:16:45 88,064 ---ha-w C:\DOCUME~1\JD\APPLIC~1\rbap550.dll
2005-12-24 08:16:45 64,512 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSZipPlugin4069.dll
2005-12-24 08:16:45 34,304 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSEncryptPlugin4073.dll
2005-12-24 08:16:45 29,184 ---ha-w C:\DOCUME~1\JD\APPLIC~1\RBInternetEncodings550.dll
2005-12-24 08:16:45 27,648 ---ha-w C:\DOCUME~1\JD\APPLIC~1\MBSRegistrationPlugin4071.dll
2005-12-12 18:59:35 359,111 ------r C:\Program Files\Common Files\adsmsext.exe
2005-12-12 09:11:15 140,632 ---ha-w C:\DOCUME~1\JD\APPLIC~1\ptads.bin
2004-02-04 00:08:20 1,114 ----a-w C:\Program Files\INSTALL.LOG
1989-12-12 17:10:10 1,136,352 --sh--r C:\WINDOWS\jhdiaufA.exe
2005-11-01 03:41:31 57,685 --sha-w C:\WINDOWS\system32\Aqzh0g6.exe
2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-11-10 14:08:35 38,365 --sha-w C:\WINDOWS\system32\DmfoK.exe
2005-10-28 06:52:36 12,145 --sha-w C:\WINDOWS\system32\Izh6.exe
2005-11-10 14:23:40 3,865 --sha-w C:\WINDOWS\system32\Lun8r9.exe
2005-11-09 13:32:37 14,905 --sha-w C:\WINDOWS\system32\NhgK.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02926036-1591-4920-8EDB-9DEB37A73F8C}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A863EA-4452-447C-941C-4FACF5C2FA36}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D3B2489-87EE-46F6-AD7D-723644750431}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14AF74E3-9CE2-4C84-A95C-420CFE155525}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1695B6F8-43A0-4650-A56C-5E05551C9593}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B907DF7-7A66-40EE-ABBB-8CF05AB3EF77}]
C:\Program Files\Online Services\hosebujut83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2091C322-78B8-47F6-A7E5-BA506D4F161A}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D356368-B4D5-48E8-82CF-DB8CA51790B5}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E19CBAD-7363-029F-1C16-28C7E807B3BC}]
C:\WINDOWS\System32\vzoyq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E681AA2-7C16-44BD-9FDD-0D4CAD521340}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C1D6236-8A8C-408B-A9F9-7F07B119BE83}]
C:\WINDOWS\System32\qtnagcwa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{406748CE-8FDE-47C2-A769-2CD03DD2E8C8}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46483FAC-D468-F59E-1A13-888DBD568FEC}]
C:\WINDOWS\System32\ifbtdv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C4654CC-9CF8-4BF6-A62F-874CAB7C8059}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DE9EF9E-04BE-4C9D-9032-07DB9C593BE6}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D}]
C:\PROGRA~1\POWERS~1\Toolbar\pwrsdfp\pwrsdp1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FE9F0D2-E3AB-4BCC-8DC5-5083BB5C83F1}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FD1BE21-9E53-48E5-85A3-D4B0393B024A}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63269E2C-B473-4E38-8FAF-F85D57F3D0B6}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75F1C3E2-CB1B-4B37-BEFD-07BE6ED387D1}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7707F1CC-11B9-4A44-9988-8E46FF472E9B}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{915E3F62-EEEA-4865-A351-27B7106D17FB}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A38B27-4568-4816-958D-26FB59847A58}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9738F504-8C7B-4050-9D22-3A068A9A6DE2}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C78C3A2-AA12-40EA-8076-C8EAF31179FE}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC92E576-2327-4B32-B61D-9E1D3C02DAE2}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADF79F03-0E61-4BAE-A88C-6E229EF7298D}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC9D3EDB-4AB6-45CD-91C8-7F7B76DE87EA}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C45E565E-4F86-4D68-978D-AE81312BFB0D}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0A8099D-7FD0-4215-8803-0BC846BFDE47}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D18B2D71-8D39-4354-9DDE-9313DB936F8B}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4B96AF4-42CC-44DB-81D4-B0B1A3592805}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D746A57C-4D47-4B58-94FC-E5CE34A2562F}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D782A6A3-A6E3-47FE-A127-368A42D1989B}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E077BB61-D373-4281-971E-C0E4276C8E8A}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E65D49DA-01DE-458F-8BCF-50F6012A8401}]
C:\WINDOWS\System32\qtnagcwa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7B8CC11-9200-4FD9-9088-4BE87B8002F6}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA028E4E-5641-4C8B-9F6B-0CA6225FBDB0}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC05920D-B58F-4DE7-BA41-22432427367C}]
C:\Program Files\tka11ani\tka11ani.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 09:11]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 C:\WINDOWS\AGRSMMSG.exe]
"CellVision WLAN Monitor"="C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe" [2004-07-20 19:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-12-01 14:46]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38]
"winicon"="C:\Program Files\VIA\SETICON\winicon.exe" [2004-08-30 15:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-30 09:43]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-02-18 14:30]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"Toce"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe" []
"Dkz"="C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-26 10:52]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 11:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UPnPMonitor"= {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll [2002-08-29 00:41 231424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuuv32]
winuuv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=?A?C

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk
backup=C:\WINDOWS\pss\Date Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadGolfCourses]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LoadGolfCourses
backup=C:\WINDOWS\pss\LoadGolfCoursesCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart 97.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart 97.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\updater.lnk
backup=C:\WINDOWS\pss\updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2wSysTray]
C:\Program Files\2Wire\2PortalMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5TS2WSK2C62KYK]
C:\WINDOWS\SYSTEM32\JQB4.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9446e96e5814]
C:\WINDOWS\System32\appmgr37.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\98D0CE0C16B1]
rundll32.exe D0CE0C16B1,D0CE0C16B1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9a8722df7eb5]
C:\WINDOWS\System32\BDESac10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB]
rundll32.exe E6F1873B.DLL,D9EBC318C

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite]
"C:\Program Files\Ares Lite Edition\AresLite.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aseye]
C:\windows\system\aseye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atqvohmx]
C:\WINDOWS\atqvohmx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"C:\Program Files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]
C:\WINDOWS\System32\IEHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
C:\Program Files\KMaestro\KMaestro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CellVision WLAN Monitor]
C:\Program Files\AirLink101\WLAN Monitor\WLANmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClockSync]
C:\PROGRA~1\CLOCKS~1\Sync.exe /q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Common Files\CMEII\CMESys.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dinst]
C:\WINDOWS\dinst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
"C:\Program Files\EbatesMoeMoneyMaker4\EbatesMoeMoneyMaker.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ehbfbej]
C:\WINDOWS\System32\w?nspool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eltupt]
C:\WINDOWS\eltupt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Homeland Network]
"C:\Program Files\HomelandNetwork\HomelandNetwork.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar]
C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
"C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
__C:\Program Files\iTunes\iTunesHelper.exe__

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadGolfCourses]
C:\Program Files\Mini-Golf\LoadGolfCourses.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\MMaestro\BWheel35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"C:\Program Files\DownloadWare\dw.exe" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Tray]
C:\Documents and Settings\Ron\Desktop\My Shared Folder\Games.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\navapp]
C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nsv]
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrbitUpdate]
C:\Program Files\Orbit\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrbitView]
C:\Program Files\Orbit\view.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oymrsyen]
C:\WINDOWS\System32\fccbogad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll16]
C:\WINDOWS\rundll16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_8]
rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate]
C:\WINDOWS\uptodate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
c:\program files\180searchassistant\saap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
C:\WINDOWS\satmat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
"C:\Program Files\se\v11\se.EXE" /H

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tka11ani]
C:\Program Files\tka11ani\tka11ani.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toce]
C:\Program Files\ipeo\otet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tQgmF]
C:\documents and settings\jd\local settings\temp\tQgmF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
C:\Program Files\TV Media\Tvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vidmon]
C:\WINDOWS\System32\vidmon\vidmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vwmgsdw]
C:\WINDOWS\System32\qsejku.exe r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhatPulse]
C:\Program Files\WhatPulse\WhatPulse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winampnew\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows SA]
C:\Program Files\WindowsSA\omniscient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wqfr]
C:\PROGRA~1\COMMON~1\wqfr\wqfrm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\x3watch]
C:\Program Files\X3watch\x3watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\Program Files\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zyv]
C:\WINDOWS\zyv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}]
rundll32.exe stlb2.dll,DllRunMain

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YPCService"=3 (0x3)
"WinVNC4"=2 (0x2)
"WinToolsSvc"=2 (0x2)
"WANMiniportService"=2 (0x2)
"svcWRSSSDK"=3 (0x3)
"SvcProc"=2 (0x2)
"SQLAgent$SOSHOME"=3 (0x3)
"NProtectService"=2 (0x2)
"MSSQL$SOSHOME"=2 (0x2)
"iPodService"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)

anio - \??\C:\WINDOWS\System32\ANIO.SYS - ANIO Service
atitunep - System32\DRIVERS\atintuxx.sys - ATI WDM TV Tuner
atixsaudio - System32\DRIVERS\atinxsxx.sys - ATI WDM TV Audio Crossbar
fax - %systemroot%\system32\fxssvc.exe - Fax
mdc8021x - System32\DRIVERS\mdc8021x.sys - AEGIS Protocol (IEEE 802.1x) v2.3.1.9
msmq - C:\WINDOWS\System32\mqsvc.exe - Message Queuing
msmqtriggers - C:\WINDOWS\System32\mqtgsvc.exe - Message Queuing Triggers
mvdcodec - System32\DRIVERS\atinmdxx.sys - ATI WDM Specialized MVD Codec
pcdcodec - System32\DRIVERS\atinpdxx.sys - ATI WDM Specialized PCD Codec
simptcp - %SystemRoot%\System32\tcpsvcs.exe - Simple TCP/IP Services
snmp - %SystemRoot%\System32\snmp.exe - SNMP Service
vdo_69e8-40c7 - \??\C:\WINDOWS\System32\vdo_69e8-40c7.sys - vdo_69e8-40c7


Contents of the 'Scheduled Tasks' folder
2007-07-19 23:25:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-23 05:26:13 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-23 01:27:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F2897B9F-E454-35FB-C7E9-183F6B082943}]
"haieojiajniifbnj"=hex:6a,61,6b,64,6c,63,62,70,62,65,6f,68,66,68,65,65,6d,61,62,6d,00,..
"iaoamkfhacmcefimop"=hex:6a,61,6a,64,6c,64,6f,6f,70,69,65,6f,69,64,68,62,65,67,69,70,00,..

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-23 1:34:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-23 01:32

--- E O F ---

#9 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 23 July 2007 - 04:54 PM

Hi JDX

Why have you not upgraded to SP2? That is one of the main reasons you are so badly infected. Do not upgrade until we are clean first though.

Step 1
Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
sc stop "Domain Service"
sc delete "Domain Service"
del Fixservices.bat
exit


Double click FixServices.bat. A window will open and close. This is normal.

Step 2
End malicious processes: (if they are present)
  • Press the CTRL+ALT+DEL keys simultaneously to open Task Manager
  • Click on the Processes tab to show running processes
  • Find ViewpointService.exe and click on it
  • Click End Process
  • Repeat steps 4 & 5 for each of the following processes: (if present)
    • ViewMgr.exe
    • jhdiaufA.exe
    • qwerty12.exe
  • Close Task Manager
Step 3
Remove programs from Add/Remove Programs List
  • Please go to:
  • Start
  • Control Panel
  • Add/Remove Programs
Find and remove these programs (if they are present)
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint
  • EbatesMoeMoneyMaker4


Step 4
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
O2 - BHO: (no name) - {02926036-1591-4920-8EDB-9DEB37A73F8C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08A863EA-4452-447C-941C-4FACF5C2FA36} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\hggedbx.dll
O2 - BHO: (no name) - {0D3B2489-87EE-46F6-AD7D-723644750431} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {14AF74E3-9CE2-4C84-A95C-420CFE155525} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1695B6F8-43A0-4650-A56C-5E05551C9593} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {1B907DF7-7A66-40EE-ABBB-8CF05AB3EF77} - C:\Program Files\Online Services\hosebujut83122.dll (file missing)
O2 - BHO: (no name) - {2091C322-78B8-47F6-A7E5-BA506D4F161A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2D356368-B4D5-48E8-82CF-DB8CA51790B5} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {2E19CBAD-7363-029F-1C16-28C7E807B3BC} - C:\WINDOWS\System32\vzoyq.dll (file missing)
O2 - BHO: (no name) - {2E681AA2-7C16-44BD-9FDD-0D4CAD521340} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {3C1D6236-8A8C-408B-A9F9-7F07B119BE83} - C:\WINDOWS\System32\qtnagcwa.dll
O2 - BHO: (no name) - {406748CE-8FDE-47C2-A769-2CD03DD2E8C8} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {46483FAC-D468-F59E-1A13-888DBD568FEC} - C:\WINDOWS\System32\ifbtdv.dll (file missing)
O2 - BHO: (no name) - {4C4654CC-9CF8-4BF6-A62F-874CAB7C8059} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {4DE9EF9E-04BE-4C9D-9032-07DB9C593BE6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} - C:\PROGRA~1\POWERS~1\Toolbar\pwrsdfp\pwrsdp1.dll (file missing)
O2 - BHO: (no name) - {4FE9F0D2-E3AB-4BCC-8DC5-5083BB5C83F1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {5FD1BE21-9E53-48E5-85A3-D4B0393B024A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {63269E2C-B473-4E38-8FAF-F85D57F3D0B6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {75F1C3E2-CB1B-4B37-BEFD-07BE6ED387D1} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {7707F1CC-11B9-4A44-9988-8E46FF472E9B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {915E3F62-EEEA-4865-A351-27B7106D17FB} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {92A38B27-4568-4816-958D-26FB59847A58} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9738F504-8C7B-4050-9D22-3A068A9A6DE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {9C78C3A2-AA12-40EA-8076-C8EAF31179FE} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll (file missing)
O2 - BHO: (no name) - {AC92E576-2327-4B32-B61D-9E1D3C02DAE2} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {ADF79F03-0E61-4BAE-A88C-6E229EF7298D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {BC9D3EDB-4AB6-45CD-91C8-7F7B76DE87EA} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {C45E565E-4F86-4D68-978D-AE81312BFB0D} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D0A8099D-7FD0-4215-8803-0BC846BFDE47} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D18B2D71-8D39-4354-9DDE-9313DB936F8B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D4B96AF4-42CC-44DB-81D4-B0B1A3592805} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D746A57C-4D47-4B58-94FC-E5CE34A2562F} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {D782A6A3-A6E3-47FE-A127-368A42D1989B} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E077BB61-D373-4281-971E-C0E4276C8E8A} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {E65D49DA-01DE-458F-8BCF-50F6012A8401} - C:\WINDOWS\System32\qtnagcwa.dll
O2 - BHO: (no name) - {E7B8CC11-9200-4FD9-9088-4BE87B8002F6} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {EA028E4E-5641-4C8B-9F6B-0CA6225FBDB0} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {EC05920D-B58F-4DE7-BA41-22432427367C} - C:\Program Files\tka11ani\tka11ani.dll (file missing)
O2 - BHO: (no name) - {F5943073-D31D-41D1-AED2-61609C30592C} - C:\WINDOWS\System32\ljhgg.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [TaskRem] C:\WINDOWS\System32\OS64check\services.exe
O4 - HKLM\..\Run: [jhdiaufA] C:\WINDOWS\jhdiaufA.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\nmyksyri.dll",realset
O4 - HKCU\..\Run: [Toce] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Dkz] "C:\Documents and Settings\JD\Application Data\W?nSxS\??chost.exe"
O8 - Extra context menu item: &Search - http://bar.mywebsear...html?p=ZNxdm934
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0025.exe
O20 - AppInit_DLLs: ?A?C
O20 - Winlogon Notify: hggedbx - C:\WINDOWS\SYSTEM32\hggedbx.dll
O20 - Winlogon Notify: ljhgg - C:\WINDOWS\System32\ljhgg.dll
O23 - Service: DomainService - - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

Step 5
Run Combofix again and paste the new report in your next reply, along with a new HijackThis log,please.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 28 July 2007 - 06:49 AM

Hello Alex Do you still require assistance here?
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 30 July 2007 - 08:06 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·