Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:05 PM, on 11/24/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\winload.exe
C:\Program Files\PLUS!\nigoqo77798.exe
C:\WINDOWS\TEMP\avydtlfg.exe
C:\WINDOWS\System32\wbem\csrss.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\avp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\QdrPack\QdrPack9.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Insider\Insider.exe
C:\Documents and Settings\user\Application Data\cjj.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\wmconnects\wwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscapeconnect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll (file missing)
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{30321~1\Bar888.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winload] C:\Program Files\Internet Explorer\winload.exe
O4 - HKLM\..\Run: [Windows Framework] C:\DOCUME~1\user\LOCALS~1\Temp\frmwrk.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [nigoqo] C:\Program Files\PLUS!\nigoqo77798.exe
O4 - HKLM\..\Run: [Panicware] C:\WINDOWS\TEMP\avydtlfg.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\dcbcg.exe
O4 - HKLM\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\System32\wbem\csrss.exe
O4 - HKLM\..\Run: [khmjqbaf] rundll32.exe "C:\Program Files\axmrwnct\ctkfwtav.dll",Init
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\user\LOCALS~1\Temp\18550\gm.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Teoc] "C:\WINDOWS\PPPATC~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Ddils] C:\WINDOWS\SYSTEM32\F?nts\s?anregw.exe
O4 - HKCU\..\Run: [moir] C:\PROGRA~1\COMMON~1\moir\moirm.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Microsoft Webcam Enhance V2.1] C:\WINDOWS\runtfs32.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\System32\drivers\smss.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\user\smss.exe
O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe
O4 - HKCU\..\Run: [Windows Rescue System] C:\DOCUME~1\user\LOCALS~1\Temp\winsto.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\user\Application Data\jekz.exe
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [default] C:\Documents and Settings\LocalService\scvhost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [f94mggfhfghodftdf] C:\WINDOWS\TEMP\winlogan.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnectd\wmtray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm070YYUS
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1150864645269
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1150864538235
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spam...ckerutility.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/c...::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9D3B82-326D-402E-AF5F-68865795B6D0}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CD98A9F-4104-43E4-A0B5-7AD7F54921AC}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8C50378-66DF-4226-854C-D03B8B137E49}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AB49CDD-C34B-455B-8C9C-4639437D1C1D}: NameServer = 85.255.114.196,85.255.112.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.196 85.255.112.67
O20 - AppInit_DLLs:
O21 - SSODL: nGvkNqF - {10321411-BA98-BEBB-4832-97F251AF0CDA} - C:\WINDOWS\System32\lzh.dll
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\cppnlz.dll
O21 - SSODL: E404Helper - {72d06f3a-774f-4584-8a90-da11a3380a76} - e404d.dll (file missing)
O22 - SharedTaskScheduler: sdf4dr4gfdgeetj - {B5AC49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\jkd845jg.dll
O22 - SharedTaskScheduler: JGhjddf9dtj - {B5AF0562-94F3-42BD-F434-2604812C297D} - C:\WINDOWS\System32\d4ghggf4g.dll
O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\cppnlz.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
--
End of file - 10999 bytes
Thanks