data for the unknown mdmps32.exe

[boazboaz]

Included the data as for the unknown mdmps32.exe that cannot be deleted
(re appeare after removal):

BitDefender Online Scanner
=====================
Scan report generated at: Thu, Jan 05, 2006 - 00:57:12
Scan path: A:\;C:\;D:\;E:\;
Statistics

Time
00:43:43

Files
177349

Folders
3924

Boot Sectors
2

Archives
2169

Packed Files
30797
Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1
Engines Info

Virus Definitions
250244

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;

Exclude Extensions
Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes
Scanned File
Status

C:\WINDOWS\SYSTEM\cspvc.exe
Infected with: Trojan.Downloader.FFZ

C:\WINDOWS\SYSTEM\cspvc.exe
Disinfection failed

C:\WINDOWS\SYSTEM\cspvc.exe
Deleted

Trend Micro
=============
clean up was done

mcafee
=============
4 detected files:
C:\WINDOWS\...\CONFLICT.1\HDPlugin1101.inf Adware-GAIN.inf
C:\WINDOWS\...\HDPlugin1101.inf Adware-GAIN.inf
C:\WINDOWS\...\CONFLICT.2\HDPlugin1101.inf Adware-GAIN.inf
C:\WINDOWS\warnhp.html AdClicker-AJ


Spybot results
====================


--- Search result list ---
Congratulations!: No immediate threats were found. ()
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-12-30 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2004-10-04 advcheck.dll (1.0.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-30 Includes\Cookies.sbi (*)
2005-12-30 Includes\Dialer.sbi (*)
2005-12-30 Includes\Hijackers.sbi (*)
2005-12-30 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-12-30 Includes\Malware.sbi (*)
2005-12-30 Includes\Revision.sbi (*)
2005-12-30 Includes\Security.sbi (*)
2005-12-30 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-12-30 Includes\Trojans.sbi (*)
2005-12-30 Includes\PUPS.sbi (*)
--- System information ---
Windows 98 (Build: 2222) A
--- Startup entries list ---
Located: HK_LM:Run, AVG7_AMSVR
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
size: 336896
MD5: 9bf46d959f713d64c8ff3de2b2437863
Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
size: 356352
MD5: 6492815fc67068a11420740637946b0e
Located: HK_LM:Run, AVG7_EMC
command: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
file: C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
size: 280576
MD5: e431814c506fd4fd1df82d56f178b4a5
Located: HK_LM:Run, cshea.exe
command: cshea.exe
file:
Located: HK_LM:Run, csymc.exe
command: csymc.exe
file:
Located: HK_LM:Run, dmfqc.exe
command: C:\WINDOWS\SYSTEM\dmfqc.exe
file:
Located: HK_LM:Run, dmwfr.exe
command: C:\WINDOWS\SYSTEM\dmwfr.exe
file:
Located: HK_LM:Run, DSLAGENTEXE
command: dslagent.exe USB
file: C:\WINDOWS\SYSTEM\dslagent.exe
size: 16384
MD5: 940a5df447be0e587f06767712e53b77
Located: HK_LM:Run, GSICONEXE
command: gsicon.exe
file: C:\WINDOWS\SYSTEM\gsicon.exe
size: 90112
MD5: 5d19b03a4a5c56b844e0677cb50f8dc4

Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\SYSTEM\hpztsb05.exe
file: C:\WINDOWS\SYSTEM\hpztsb05.exe
size: 188416
MD5: 2cec0358aeaf3d34e7faee85ed55e9eb

Located: HK_LM:Run, internat.exe
command: internat.exe
file: C:\WINDOWS\SYSTEM\internat.exe
size: 28672
MD5: dd1dd1bf6211d1b4369de3807e67a749

Located: HK_LM:Run, LnkSet
command: C:\WINDOWS\RNapxs.exe
file: C:\WINDOWS\RNapxs.exe
size: 1102848
MD5: 7a424cdd971a953aa03209b0aba6d503

Located: HK_LM:Run, LoadPowerProfile
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: 1b71907e4665a1ee5188f0458c16f2c3

Located: HK_LM:Run, LoadQM
command: loadqm.exe
file: C:\WINDOWS\loadqm.exe
size: 7536
MD5: 69d7217f9d7f49d6706baf90f52b472b

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file: C:\WINDOWS\RUNDLL32.EXE
size: 24576
MD5: 1b71907e4665a1ee5188f0458c16f2c3

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM\nwiz.exe
size: 360448
MD5: f7db36182ac6c00bdcb79169561e6c08

Located: HK_LM:Run, ScanRegistry
command: C:\WINDOWS\scanregw.exe /autorun
file: C:\WINDOWS\scanregw.exe
size: 86016
MD5: 61446b66ad4214b5e3ff8a738c34f72b

Located: HK_LM:Run, SystemTray
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 32768
MD5: 60c486140535d204d459fca5b8c2ef1b

Located: HK_LM:Run, TaskMonitor
command: C:\WINDOWS\taskmon.exe
file: C:\WINDOWS\taskmon.exe
size: 28672
MD5: 3abfd282658f9c98f766753505dda86d

Located: HK_LM:RunServices, Machine Debug Manager
command: C:\WINDOWS\SYSTEM\MDM.EXE
file: C:\WINDOWS\SYSTEM\MDM.EXE
size: 119400
MD5: 95d85d69ffc099c516d99cb9581e3fe2

Located: HK_LM:Run, ErrorGuard (DISABLED)
command: C:\PROGRAM FILES\ERRORGUARD\ERRORGUARD.Exe
file:

Located: HK_LM:Run, sp (DISABLED)
command: rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
file:

Located: HK_LM:Run, WinHound (DISABLED)
command: C:\Program Files\WinHound\WinHound.exe
file:

Located: HK_LM:RunServices, LoadPowerProfile (DISABLED)
command: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
file: C:\WINDOWS\Rundll32.exe
size: 24576
MD5: 1b71907e4665a1ee5188f0458c16f2c3

Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 114448
MD5: 4aadd36cfa2842309e41a4b8c433a1b5

Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 6856704
MD5: 79ac63592f9b6750f2026a2520c11bee

Located: HK_CU:Run, IncrediMail (DISABLED)
command: C:\Program Files\IncrediMail\bin\IncMail.exe /c
file:

Located: Startup (user), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 76dfce30edbc9588dc3f9072a10ed3db

Located: Startup (user), StartUp MB ADIBOU.lnk
command: C:\Coktel\Mon Bureau ADIBOU\StartUp.exe
file: C:\Coktel\Mon Bureau ADIBOU\StartUp.exe
size: 2488558
MD5: 0a32427a85a10291e1676abde4d2489c

Located: Startup (user), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 106560
MD5: 2fe253973433442c2cb234fb2bc4bf29



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 04/06/04 3:29:28 PM
Date (last access): 01/05/06
Date (last write): 04/16/01 4:39:02 PM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso4.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Internet Explorer Classes for Java (Internet Explorer Classes for Java)
DPF name: Internet Explorer Classes for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\SYSTEM\iejava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\iejava.cab
info link:
info source: Patrick M. Kolla

{E4456C1D-ECE7-4C05-996A-3958091C6F55} (RemoteCfg Class)
DPF name:
CLSID name: RemoteCfg Class
Installer:
Codebase: http://www.bezeqint.net/Friendly/ema...wTechTool2.cab
Path: C:\WINDOWS\DOWNLO~1\
Long name: fwTechTool.dll
Short name: FWTECH~1.DLL
Date (created): 01/26/05 12:11:54 PM
Date (last access): 01/05/06
Date (last write): 01/26/05 12:11:54 PM
Filesize: 202240
Attributes:
MD5: 9BAE9179EB6FEB1E1936F68041927BC3
CRC32: 92E9A880
Version: 3.3.3.3

(second part in next note)

[boazboaz]

(second part)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/s...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM\MACROMED\FLASH\
Long name: Flash8.ocx
Short name: FLASH8.OCX
Date (created): 08/27/05 1:38:56 PM
Date (last access): 01/05/06
Date (last write): 08/27/05 1:38:56 PM
Filesize: 1435272
Attributes:
MD5: 900373C059C2B51CA91BF110DBDECB33
CRC32: F19599BC
Version: 8.0.22.0

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/ms...downloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 08/14/05 12:26:04 AM
Date (last access): 01/05/06
Date (last write): 08/14/05 12:26:04 AM
Filesize: 113664
Attributes:
MD5: C403792A3FF639C215067D5AA680C482
CRC32: 7CD0769A
Version: 1.0.0.3

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/downlo...22/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...t.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 05/29/03 3:00:20 PM
Date (last access): 01/05/06
Date (last write): 05/29/03 3:00:20 PM
Filesize: 160864
Attributes:
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1

{00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...r.cab31267.cab
description:
classification: Legitimate
known filename: msgrchkr.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: msgrchkr.dll
Short name: MSGRCHKR.DLL
Date (created): 05/29/03 3:00:18 PM
Date (last access): 01/05/06
Date (last write): 05/29/03 3:00:18 PM
Filesize: 77408
Attributes:
MD5: 42D567DF86B9B7AC4A89664C9651B68B
CRC32: 47FF3D19
Version: 7.1.9502.1

{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary...r.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 05/29/03 3:00:22 PM
Date (last access): 01/05/06
Date (last write): 05/29/03 3:00:22 PM
Filesize: 84064
Attributes:
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://download.macromedia.com/pub/s...irector/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\SYSTEM\MACROMED\SHOCKWAVE 10\
Long name: Download.dll
Short name: DOWNLOAD.DLL
Date (created): 07/19/05 3:39:20 PM
Date (last access): 01/05/06
Date (last write): 07/19/05 3:39:20 PM
Filesize: 79552
Attributes:
MD5: 6092AEDB6921703A78FBD4E01C126439
CRC32: 978BDE38
Version: 10.1.0.11

{2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class)
DPF name:
CLSID name: LauncherV1 Class
Installer:
Codebase: http://irc.msn.co.il/Tipo/launcher.cab
Path: C:\WINDOWS\DOWNLOADED PROGRAM FILES\
Long name: launcher.ocx
Short name: LAUNCHER.OCX
Date (created): 02/14/05 10:31:06 PM
Date (last access): 01/05/06
Date (last write): 02/14/05 10:31:06 PM
Filesize: 413696
Attributes:
MD5: 387F4E24260F2DAFF672ACF446A6317C
CRC32: A9D51940
Version: 1.0.0.1

{92978D34-1690-4A28-9E92-81FBACFBF87B} (VimActiveX)
DPF name:
CLSID name: VimActiveX
Installer: C:\WINDOWS\Downloaded Program Files\AX.inf
Codebase: http://82.80.250.211/vimtipo/downloads/ax.cab
Path: C:\WINDOWS\SYSTEM\
Long name: vimax.dll
Short name: VIMAX.DLL
Date (created): 06/29/05 12:07:06 PM
Date (last access): 01/05/06
Date (last write): 06/29/05 12:07:06 PM
Filesize: 860160
Attributes:
MD5: 7D21FBFB41275B0C87E81D3A947E506E
CRC32: 47A07004
Version: 2.1.1.14

{F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail)
DPF name:
CLSID name: IncrediMail
Installer:
Codebase: http://www5.incredimail.com/contents...r/imloader.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\SYSTEM\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 11/04/05 4:27:24 PM
Date (last access): 01/05/06
Date (last write): 11/04/05 4:27:24 PM
Filesize: 534280
Attributes:
MD5: EC5FE860DD51ABB348B6C6C9EEAD4146
CRC32: 1FD27DDB
Version: 1.4.389.0

{31564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wmvax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmvax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\WINDOWS\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitdefender.com/reso...an8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: oscan8.ocx
Short name: OSCAN8.OCX
Date (created): 03/09/05 3:40:44 PM
Date (last access): 01/05/06
Date (last write): 03/09/05 3:40:44 PM
Filesize: 475136
Attributes:
MD5: 38F3695A3824342E29703D28404B121A
CRC32: AD9D0B16
Version: 1.0.0.1

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
Installer:
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name: NPJPI150.DLL
Date (created): 01/05/06 1:09:52 AM
Date (last access): 01/05/06
Date (last write): 01/05/06 1:09:54 AM
Filesize: 69740
Attributes: archive
MD5: D25BB4762A876A3DBF6F2BAA36A179FA
CRC32: 9367234B
Version: 1.5.0.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0
Installer: C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0.inf
Codebase: http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0\bin\
Long name: NPJPI150.dll
Short name: NPJPI150.DLL
Date (created): 01/05/06 1:09:52 AM
Date (last access): 01/05/06
Date (last write): 01/05/06 1:09:54 AM
Filesize: 69740
Attributes: archive
MD5: D25BB4762A876A3DBF6F2BAA36A179FA
CRC32: 9367234B
Version: 1.5.0.0

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class)
DPF name:
CLSID name: McFreeScan Class
Installer: C:\WINDOWS\Downloaded Program Files\mcfscan.inf
Codebase: http://download.mcafee.com/molbin/is...67/mcfscan.cab
description:
classification: Legitimate
known filename: mcfscan.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\MCAFEE.COM\FREESCAN\
Long name: mcfscan.dll
Short name: MCFSCAN.DLL
Date (created): 01/04/06 9:44:12 AM
Date (last access): 01/05/06
Date (last write): 01/04/06 9:44:12 AM
Filesize: 116288
Attributes:
MD5: 460046E79179096BB5ED8174A1194ED8
CRC32: 95ACC88B
Version: 2.1.0.4667



--- Process list ---
PID: -3200585 (2121222243) C:\WINDOWS\SYSTEM\KERNEL32.DLL
size: 475136
MD5: B38D3B26253667DEFCBD547167FB4A4D
PID: -8937 (-3200585) C:\WINDOWS\SYSTEM\MSGSRV32.EXE
size: 11952
MD5: CCC6CDB131CF286BADBDD9C5D3C89EA8
PID: -10769 (-8937) C:\WINDOWS\SYSTEM\SPOOL32.EXE
size: 45056
MD5: 5475C90F7CF6779E68FE0158B8092B03
PID: -3733 (-10769) C:\WINDOWS\SYSTEM\MPREXE.EXE
size: 28672
MD5: 32E5FE4D0C75234CC5244F23196FE337
PID: -23077 (-3733) C:\WINDOWS\SYSTEM\MDM.EXE
size: 119400
MD5: 95D85D69FFC099C516D99CB9581E3FE2
PID: -130201 (-8937) C:\WINDOWS\SYSTEM\mmtask.tsk
size: 1184
MD5: 38BAE36E67C8B1AE3ABC077837953B89
PID: -126533 (-8937) C:\WINDOWS\EXPLORER.EXE
size: 192512
MD5: 01DAB74AC89A23DF17DC0E589877B545
PID: -195677 (-126533) C:\WINDOWS\SYSTEM\INTERNAT.EXE
size: 28672
MD5: DD1DD1BF6211D1B4369DE3807E67A749
PID: -181353 (-126533) C:\WINDOWS\SYSTEM\SYSTRAY.EXE
size: 32768
MD5: 60C486140535D204D459FCA5B8C2EF1B
PID: -132685 (-126533) C:\WINDOWS\TASKMON.EXE
size: 28672
MD5: 3ABFD282658F9C98F766753505DDA86D
PID: -237285 (-126533) C:\WINDOWS\SYSTEM\HPZTSB05.EXE
size: 188416
MD5: 2CEC0358AEAF3D34E7FAEE85ED55E9EB
PID: -235737 (-161829) C:\WINDOWS\SYSTEM\DDHELP.EXE
size: 31744
MD5: F62F3495C1E013A63698D556C80E1B62
PID: -151309 (-126533) C:\WINDOWS\SYSTEM\GSICON.EXE
size: 90112
MD5: 5D19B03A4A5C56B844E0677CB50F8DC4
PID: -158405 (-126533) C:\WINDOWS\SYSTEM\DSLAGENT.EXE
size: 16384
MD5: 940A5DF447BE0E587F06767712E53B77
PID: -260085 (-126533) C:\WINDOWS\LOADQM.EXE
size: 7536
MD5: 69D7217F9D7F49D6706BAF90F52B472B
PID: -255241 (-126533) C:\WINDOWS\RNAPXS.EXE
size: 1102848
MD5: 7A424CDD971A953AA03209B0ABA6D503
PID: -252601 (-126533) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
size: 356352
MD5: 6492815FC67068A11420740637946B0E
PID: -198885 (-126533) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
size: 280576
MD5: E431814C506FD4FD1DF82D56F178B4A5
PID: -163653 (-126533) C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
size: 336896
MD5: 9BF46D959F713D64C8FF3DE2B2437863
PID: -238985 (-126533) C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
size: 6856704
MD5: 79AC63592F9B6750F2026A2520C11BEE
PID: -314525 (-126533) C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
size: 106560
MD5: 2FE253973433442C2CB234FB2BC4BF29
PID: -370825 (-255241) C:\WINDOWS\MDMPS32.EXE
size: 45056
MD5: 99EF13AB91DB1A193630B7AF2EDC4231
PID: -379873 (-181353) C:\WINDOWS\SYSTEM\WMIEXE.EXE
size: 16384
MD5: 809DEBA5691B210B978E51B4DBFCC8D3
PID: -461177 (-469237) C:\WINDOWS\SYSTEM\RNAAPP.EXE
size: 45056
MD5: 3064D11192F1A509B1DE05FF604E56FE
PID: -454617 (-461177) C:\WINDOWS\SYSTEM\TAPISRV.EXE
size: 122880
MD5: 069A1B5EBB8518F7E5B500A8C0A5CD2F
PID: -715045 (-126533) C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: -345805 (-126533) C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
size: 91136
MD5: 6D5884C13D655DD1C9E65AFCC19A8D5C


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 01/05/06 3:08:46 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.tipo.co.il/zone/index.asp...51132762920770
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
C:\WINDOWS\SYSTEM\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
about:blank


--- Winsock Layered Service Provider list ---
Protocol 0: MS.w95.spi.osp
GUID: {FF017DE1-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\mswsosp.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\mswsosp.dll
DB protocol: MS.w95.spi.*

Protocol 1: MS.w95.spi.tcp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*

Protocol 2: MS.w95.spi.udp
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*

Protocol 3: MS.w95.spi.raw
GUID: {FF017DE0-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\msafd.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\msafd.dll
DB protocol: MS.w95.spi.*

Protocol 4: MS.w95.spi.rsvptcp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: C:\WINDOWS\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*

Protocol 5: MS.w95.spi.rsvpudp
GUID: {ECBDCBA0-334A-11D0-BD88-0000C082E69A}
Filename: C:\WINDOWS\SYSTEM\rsvpsp.dll
Description: Microsoft Windows 9x/ME network protocol
DB filename: %windir%\system\rsvoso.dll
DB protocol: MS.w95.spi.*

Namespace Provider 0: DNS Name Space Provider.
GUID: {FF017DE2-CAE9-11CF-8A99-00AA0062C609}
Filename: C:\WINDOWS\SYSTEM\rnr20.dll
Description: Microsoft Windows 9x/ME name space provider
DB filename: %windir%\system\rnr20.dll
DB protocol: DNS Name Space Provider.

[boazboaz]

Logfile of HijackThis v1.99.1
Scan saved at 4:49:23 PM, on 01/05/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RNAPXS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\MDMPS32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tipo.co.il/zone/index.asp...51132762920770
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [cshea.exe] cshea.exe
O4 - HKLM\..\Run: [dmfqc.exe] C:\WINDOWS\SYSTEM\dmfqc.exe
O4 - HKLM\..\Run: [LnkSet] C:\WINDOWS\RNapxs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [dmwfr.exe] C:\WINDOWS\SYSTEM\dmwfr.exe
O4 - HKLM\..\Run: [csymc.exe] csymc.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: StartUp MB ADIBOU.lnk = C:\Coktel\Mon Bureau ADIBOU\StartUp.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {E4456C1D-ECE7-4C05-996A-3958091C6F55} (RemoteCfg Class) - http://www.bezeqint.net/Friendly/ema...wTechTool2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Tipo/launcher.cab
O16 - DPF: {92978D34-1690-4A28-9E92-81FBACFBF87B} (VimActiveX) - http://82.80.250.211/vimtipo/downloads/ax.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents...r/imloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...67/mcfscan.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.83,85.255.112.5

[LonnyRJones]

Hi boazboaz, Welcome..

Attach these two files here please
C:\WINDOWS\MDMPS32.EXE
C:\WINDOWS\RNapxs.exe
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Thanks

[boazboaz]

The listed files were uploaded on:

http://www.thespykiller.co.uk/forum/...p?topic=1052.0
SpyKiller > Spyware & Cleaning > Uploads

Code:

boaz pasternak 
Guest
  Uploading C:\WINDOWS\RNAPXS.EXE and C:\WINDOWS\MDMPS32.EXE for test 
« on: Today at 07:35:31 AM » Quote  

--------------------------------------------------------------------------------
As advided by LonnyRJones (Member of Team Spybot) I have Attach these two files here in order to be verified.

[LonnyRJones]

Those two are related to
PureSight Technology - Content filtering software
Does that sound familur ?

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan,
and check the following items(if there):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O4 - HKLM\..\Run: [cshea.exe] cshea.exe
O4 - HKLM\..\Run: [dmfqc.exe] C:\WINDOWS\SYSTEM\dmfqc.exe
O4 - HKLM\..\Run: [dmwfr.exe] C:\WINDOWS\SYSTEM\dmwfr.exe
O4 - HKLM\..\Run: [csymc.exe] csymc.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.83,85.255.112.5
If you see an entry as well in your O4 lines in hijackthis, starting with dm... for example:
O4 - HKLM\..\Run: [dm***.exe] C:\WINDOWS\system32\dm***.exe (the *** stand for random letters)
or starting with hg... for example:
O4 - HKLM\..\Run: [hg***.exe] C:\Windows\System32\hg***.exe
Check it as well. If not sure, leave it and only check the ones I asked you to check
===========================================================
Click Fix Checked. Close HijackThis, and click OK to proceed.


Finally, please post the contents of report.txt (it should open), along with a new HijackThis log.

[boazboaz]

included the log: I marked the
cshea.exe,
dmfqc.exe,
csymc.exe
and dmwfr.exe to be fixed.

Code:

Logfile of HijackThis v1.99.1
Scan saved at 1:37:31 PM, on 01/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\FIXWAREOUT\SUB\BFU.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LnkSet] C:\WINDOWS\RNapxs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: StartUp MB ADIBOU.lnk = C:\Coktel\Mon Bureau ADIBOU\StartUp.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {E4456C1D-ECE7-4C05-996A-3958091C6F55} (RemoteCfg Class) - http://www.bezeqint.net/Friendly/email_bezeqint/fwTechTool2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Tipo/launcher.cab
O16 - DPF: {92978D34-1690-4A28-9E92-81FBACFBF87B} (VimActiveX) - http://82.80.250.211/vimtipo/downloads/ax.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.83,85.255.112.5

[boazboaz]

Code:

Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please 
 
Reg Entries that were deleted 
 
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. 
 
»»»»» Search by size and names... 
 
»»»»» Misc files

[LonnyRJones]

Looks good except for this

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.114.83,85.255.112.5

Have hijackthis fix it while all browsers are closed

[boazboaz]

Included the lat log

Code:

Logfile of HijackThis v1.99.1
Scan saved at 2:10:45 PM, on 01/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RNAPXS.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\MDMPS32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tipo.co.il/zone/index.asp?zone=51132762920770
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [LnkSet] C:\WINDOWS\RNapxs.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: StartUp MB ADIBOU.lnk = C:\Coktel\Mon Bureau ADIBOU\StartUp.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {E4456C1D-ECE7-4C05-996A-3958091C6F55} (RemoteCfg Class) - http://www.bezeqint.net/Friendly/email_bezeqint/fwTechTool2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Tipo/launcher.cab
O16 - DPF: {92978D34-1690-4A28-9E92-81FBACFBF87B} (VimActiveX) - http://82.80.250.211/vimtipo/downloads/ax.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4667/mcfscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab