Help Please

ibcaleb · Jun 13, 2007

alright
i have found a few problems including
svchost.exe
and others but i am not sure what do do next
i just need help but i don't want to kill my computer
if anyone can help
thanks.
Caleb

ibcaleb · Jun 14, 2007

my hjt scan results

Logfile of HijackThis v1.99.1
Scan saved at 5:01:05 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
c:\program files\common files\aol\1150422044\ee\anotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xnpgxm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xnpgxm.dll,egvubyc
O4 - HKLM\..\Run: [xpksmhn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xpksmhn.dll,xpirfi
O4 - HKLM\..\Run: [ycyfwlf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ycyfwlf.dll,anrfby
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\sgitqgpf.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

Blade81 · Jun 14, 2007

Hi and welcome to the Board

I'm Blade and I am going to try to help you with your problem. Please take a note of five things.

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for this issue on this machine

The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

If you don't know, stop and ask! Don't keep going on.

Please reply to this thread. Do not start a new topic.

At first, rename HijackThis.exe file -> scanner.exe and post a fresh hjt log after that.

ibcaleb · Jun 14, 2007

new scan results

Logfile of HijackThis v1.99.1
Scan saved at 12:18:11 PM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05AA754E-35FA-FDCF-F0C6-02CBD2EF7953} - C:\WINDOWS\system32\ekgzipi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C} - C:\WINDOWS\system32\ggvsmlg.dll
O2 - BHO: (no name) - {0902BEBD-A638-D767-9C24-03D7FE29622D} - C:\WINDOWS\system32\tdblxbe.dll
O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\registration\crmlog\olelog.dll
O2 - BHO: (no name) - {0EDD4C2F-295C-4FFB-8BA7-4EB8E34D5EBb} - C:\WINDOWS\system32\wabeapgn.dll
O2 - BHO: (no name) - {14A714F9-F11A-9622-85CD-06DF6A39C544} - C:\WINDOWS\system32\lhmzmq.dll
O2 - BHO: (no name) - {14FBBB28-35F1-4B20-8F11-DD7D0312BDB1} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: (no name) - {248D8ED0-2897-63D2-D555-0A35EE90CFA6} - C:\WINDOWS\system32\ziccdrj.dll
O2 - BHO: (no name) - {2E12C9DF-39EE-353F-CF7A-0B0DD5174E44} - C:\WINDOWS\system32\wgbyiwn.dll
O2 - BHO: (no name) - {2E887CAB-8390-4BBF-B4B9-E5796266346D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {35D3810F-5636-A7C1-51F1-07E019A89F67} - C:\WINDOWS\system32\zohvrse.dll
O2 - BHO: (no name) - {3E508C18-4B6C-AA38-7C37-015C60582AF2} - C:\WINDOWS\system32\ztkmged.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59B956DE-8B06-A767-A9F8-09C7EE3966EC} - C:\WINDOWS\system32\hvjtihd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jqtgeirv.dll
O2 - BHO: (no name) - {5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {6CDBBA58-25ED-D768-1E27-0B45FA88BF39} - C:\WINDOWS\system32\xnpgxm.dll
O2 - BHO: (no name) - {71D93778-31D9-F7A2-321C-04BD4EEE6E4A} - C:\WINDOWS\system32\qjwgdrd.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\system32\ccc3.dll
O2 - BHO: (no name) - {745B4715-CFAE-9023-C49A-08061C46B4A5} - C:\WINDOWS\system32\vopnzag.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {76253FF7-A828-08C3-4792-0B03AEDE12F8} - C:\WINDOWS\system32\neizojg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - C:\WINDOWS\system32\nnnmjkl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E57AE6A3-C900-4C48-AAF1-7BA94730E98F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {ECC0A5E9-68BD-4223-BCD4-6061BF347ED8} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F1D0758E-4218-42A7-B369-2FBEFAE618BA} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xnpgxm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xnpgxm.dll,egvubyc
O4 - HKLM\..\Run: [xpksmhn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xpksmhn.dll,xpirfi
O4 - HKLM\..\Run: [ycyfwlf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ycyfwlf.dll,anrfby
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\sgitqgpf.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: nnnmjkl - C:\WINDOWS\SYSTEM32\nnnmjkl.dll
O20 - Winlogon Notify: olelog - c:\windows\registration\crmlog\olelog.dll
O20 - Winlogon Notify: opnkkhf - opnkkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

Blade81 · Jun 14, 2007

Okay, let's start..

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

ibcaleb · Jun 14, 2007

what now

i started the program but a program cmd.exe came up and i then got a blue screen that said please wait and i didn't do anything

ibcaleb · Jun 15, 2007

Ok

well i booted my comp in safe mode and started it and it worked
so heres my results

ComboFix 07-06-13.3 - C:\hijack\ComboFix.exe
"Administrator" - 2007-06-14 18:27:58 - Service Pack 2 NTFS [SAFE MODE]

Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\abldvkjo.dll
C:\WINDOWS\system32\ajhrchyx.dll
C:\WINDOWS\system32\axgipvju.dll
C:\WINDOWS\system32\bjxqitdp.dll
C:\WINDOWS\system32\ccpmkfmr.dll
C:\WINDOWS\system32\eunryeaw.dll
C:\WINDOWS\system32\ggwqowrr.dll
C:\WINDOWS\system32\gjwaxvlt.dll
C:\WINDOWS\system32\hnxwlrhu.dll
C:\WINDOWS\system32\ijffubis.dll
C:\WINDOWS\system32\jnxclwwu.dll
C:\WINDOWS\system32\kqadnoxt.dll
C:\WINDOWS\system32\lcumqegg.dll
C:\WINDOWS\system32\mpjkqrfu.dll
C:\WINDOWS\system32\nghnbncy.dll
C:\WINDOWS\system32\ofyanrpj.dll
C:\WINDOWS\system32\pmytltnk.dll
C:\WINDOWS\system32\pohmxmro.dll
C:\WINDOWS\system32\rgmgnegq.dll
C:\WINDOWS\system32\shhsdhuq.dll
C:\WINDOWS\system32\tphdoxrl.dll
C:\WINDOWS\system32\vrbbsipu.dll
C:\WINDOWS\system32\wabeapgn.dll
C:\WINDOWS\system32\wkenviti.dll
C:\WINDOWS\system32\wwknepmb.dll
C:\WINDOWS\system32\xfmgxibv.dll
C:\WINDOWS\system32\xnljfglq.dll
C:\WINDOWS\system32\ylfpexqv.dll
C:\WINDOWS\system32\ssqolli.dll
C:\WINDOWS\system32\vtutrpp.dll
C:\WINDOWS\system32\vtuusqp.dll
C:\WINDOWS\system32\urwcsgbx.exe
C:\WINDOWS\system32\winhoq32.dll
C:\WINDOWS\system32\rmfkmpcc.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\yycdd.tmp
C:\WINDOWS\system32\waeyrnue.ini
C:\WINDOWS\system32\tlvxawjg.ini
C:\WINDOWS\system32\sibuffji.ini
C:\WINDOWS\system32\uwwlcxnj.ini
C:\WINDOWS\system32\qgengmgr.ini
C:\WINDOWS\system32\quhdshhs.ini
C:\WINDOWS\system32\lrxodhpt.ini
C:\WINDOWS\system32\itivnekw.ini
C:\WINDOWS\system32\vbixgmfx.ini
C:\WINDOWS\system32\qlgfjlnx.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\yycdd.tmp
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\yycdd.tmp
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\nnnmjkl.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\nnnmjkl.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\2T7XWW2J\www.broadcaster.com
C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\Common Files\{3C530~1
C:\Program Files\Common Files\{3C530~1\Bar888.dll
C:\Program Files\Common Files\{3C530~1\toolbardll.lzma
C:\Program Files\Common Files\{3C530~1\UnInstall.exe
C:\Program Files\Common Files\{4C530~1
C:\Program Files\outlook
C:\Program Files\winupdates
C:\WINDOWS\Registration\CRMLog\ntp2.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com

((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))

2007-06-14 13:28 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 15:48 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-06-13 15:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-06-13 13:21 <DIR> d-------- C:\hijack
2007-06-13 09:45 62,516 --a------ C:\WINDOWS\system32\jqtgeirv.dll
2007-06-13 01:07 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gtcfaxaz.exe
2007-06-06 21:59 55,316 --a------ C:\WINDOWS\system32\naybjuut.dll
2007-06-04 21:53 2,580 --a------ C:\WINDOWS\system32\jswiwsut.exe
2007-06-04 10:54 2,580 --a------ C:\WINDOWS\system32\eyyfpauk.exe
2007-06-03 10:54 2,580 --a------ C:\WINDOWS\system32\jjttahks.exe
2007-06-03 10:27 2,580 --a------ C:\WINDOWS\system32\kxaduuea.exe
2007-06-02 10:27 2,580 --a------ C:\WINDOWS\system32\mgdgpxhp.exe
2007-06-01 11:43 2,580 --a------ C:\WINDOWS\system32\dwnptxdm.exe
2007-06-01 11:29 2,580 --a------ C:\WINDOWS\system32\ppmtgwjk.exe
2007-05-21 15:17 <DIR> d-------- C:\Program Files\QuickTime
2007-05-19 17:40 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 01:01:08 -------- d-----w C:\Program Files\America Online 9.0a
2007-06-13 20:49:16 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2007-06-13 20:49:16 288 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2007-06-12 21:59:23 -------- d-----w C:\Program Files\iTunes
2007-06-05 03:02:41 -------- d-----w C:\Program Files\Messenger
2007-06-04 17:11:39 -------- d-----w C:\Program Files\PokerStars
2007-05-20 00:42:53 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-16 20:42:09 -------- d-----w C:\Program Files\AOL Pictures
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 01:42:40 262,708 ------w C:\WINDOWS\system32\ddcyy.dll
2007-05-13 00:14:58 1,494,932 --sh--w C:\WINDOWS\system32\ycbeg.bak2
2007-05-12 05:34:13 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-12 00:14:45 1,495,347 --sh--w C:\WINDOWS\system32\ycbeg.bak1
2007-05-11 23:19:05 -------- d-----w C:\Program Files\hp deskjet 930c series
2007-05-03 22:03:44 1,252,495 --sh--w C:\WINDOWS\system32\bdeeg.bak2
2007-05-03 00:08:15 -------- d-----w C:\Program Files\Kylix Ringtone Maker
2007-04-30 12:25:45 64,000 ----a-w C:\WINDOWS\system32\ztkmged.dll
2007-04-30 12:25:44 86,528 ----a-w C:\WINDOWS\system32\khuyapm.dll
2007-04-28 14:04:04 86,528 ----a-w C:\WINDOWS\system32\zfdeihg.dll
2007-04-28 14:04:04 64,000 ----a-w C:\WINDOWS\system32\vopnzag.dll
2007-04-27 18:00:49 1,245,537 --sh--w C:\WINDOWS\system32\bdeeg.bak1
2007-04-27 16:00:46 244,983 ----a-w C:\WINDOWS\system32\pmnnm.dll
2007-04-27 15:00:29 246,443 ----a-w C:\WINDOWS\system32\mlljj.dll
2007-04-27 13:00:24 218,703 ----a-w C:\WINDOWS\system32\mlljk.dll
2007-04-27 12:00:22 228,923 ----a-w C:\WINDOWS\system32\ssqpp.dll
2007-04-27 11:00:25 266,883 ----a-w C:\WINDOWS\system32\mljgf.dll
2007-04-27 11:00:25 247,903 ----a-w C:\WINDOWS\system32\pmkji.dll
2007-04-27 09:54:21 86,528 ----a-w C:\WINDOWS\system32\lxzvaqb.dll
2007-04-27 09:54:21 63,488 ----a-w C:\WINDOWS\system32\ekgzipi.dll
2007-04-27 01:40:03 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-04-26 18:17:58 1,402,038 --sh--w C:\WINDOWS\system32\dfhkj.bak1
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-24 16:19:29 86,528 ----a-w C:\WINDOWS\system32\ycyfwlf.dll
2007-04-24 16:19:29 63,488 ----a-w C:\WINDOWS\system32\wgbyiwn.dll
2007-04-24 01:44:23 1,406,444 --sh--w C:\WINDOWS\system32\svvwa.bak1
2007-04-24 00:28:11 -------- d-----w C:\Program Files\LimeWire
2007-04-23 11:52:05 63,488 ----a-w C:\WINDOWS\system32\qjwgdrd.dll
2007-04-23 11:52:04 86,016 ----a-w C:\WINDOWS\system32\xpksmhn.dll
2007-04-22 14:09:00 4,083 ----a-w C:\WINDOWS\system32\ddccb.dll
2007-04-22 10:03:23 86,528 ----a-w C:\WINDOWS\system32\xnpgxm.dll
2007-04-22 10:03:23 63,488 ----a-w C:\WINDOWS\system32\lhmzmq.dll
2007-04-21 08:04:37 225,280 ----a-w C:\WINDOWS\system32\ccc3.dll
2007-04-21 08:04:14 86,528 ----a-w C:\WINDOWS\system32\hvjtihd.dll
2007-04-21 08:04:14 63,488 ----a-w C:\WINDOWS\system32\ziccdrj.dll
2007-04-20 17:53:01 -------- d-----w C:\Program Files\MySpace
2007-04-20 12:08:35 269,803 ----a-w C:\WINDOWS\system32\pmnnn.dll
2007-04-19 00:20:18 1,400,178 --sh--w C:\WINDOWS\system32\wycdd.bak1
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 00:20:04 1,394,750 --sh--w C:\WINDOWS\system32\wycdd.bak2
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 16:19:28 86,016 ----a-w C:\WINDOWS\system32\tdblxbe.dll
2007-04-16 16:19:28 63,488 ----a-w C:\WINDOWS\system32\ggvsmlg.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-12 19:45:27 86,528 ----a-w C:\WINDOWS\system32\zohvrse.dll
2007-04-12 19:45:27 64,000 ----a-w C:\WINDOWS\system32\neizojg.dll
2007-04-10 02:37:57 26,694 ------w C:\WINDOWS\system32\nnnmjkl.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:13:44 350 ----a-w C:\WINDOWS\system32\vfw_32.reg
2006-06-16 00:11:32 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{05AA754E-35FA-FDCF-F0C6-02CBD2EF7953}=C:\WINDOWS\system32\ekgzipi.dll [2007-04-27 02:54]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 20:02]
{075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C}=C:\WINDOWS\system32\ggvsmlg.dll [2007-04-16 09:19]
{0902BEBD-A638-D767-9C24-03D7FE29622D}=C:\WINDOWS\system32\tdblxbe.dll [2007-04-16 09:19]
{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}=c:\windows\registration\crmlog\olelog.dll [2007-04-27 11:00]
{0AE5365B-97FC-471C-9980-7DEFF8141A43}=C:\WINDOWS\system32\ddcyy.dll [2007-05-13 18:42]
{14A714F9-F11A-9622-85CD-06DF6A39C544}=C:\WINDOWS\system32\lhmzmq.dll [2007-04-22 03:03]
{248D8ED0-2897-63D2-D555-0A35EE90CFA6}=C:\WINDOWS\system32\ziccdrj.dll [2007-04-21 01:04]
{2E12C9DF-39EE-353F-CF7A-0B0DD5174E44}=C:\WINDOWS\system32\wgbyiwn.dll [2007-04-24 09:19]
{2E887CAB-8390-4BBF-B4B9-E5796266346D}=C:\WINDOWS\system32\gebcy.dll []
{35D3810F-5636-A7C1-51F1-07E019A89F67}=C:\WINDOWS\system32\zohvrse.dll [2007-04-12 12:45]
{3E508C18-4B6C-AA38-7C37-015C60582AF2}=C:\WINDOWS\system32\ztkmged.dll [2007-04-30 05:25]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{59B956DE-8B06-A767-A9F8-09C7EE3966EC}=C:\WINDOWS\system32\hvjtihd.dll [2007-04-21 01:04]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\jqtgeirv.dll [2007-06-13 09:45]
{5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424}=C:\WINDOWS\system32\jkhfd.dll []
{6CDBBA58-25ED-D768-1E27-0B45FA88BF39}=C:\WINDOWS\system32\xnpgxm.dll [2007-04-22 03:03]
{71D93778-31D9-F7A2-321C-04BD4EEE6E4A}=C:\WINDOWS\system32\qjwgdrd.dll [2007-04-23 04:52]
{73E0DDC2-A93A-4D64-97B5-646627F61DD2}=C:\WINDOWS\system32\ccc3.dll [2007-04-21 01:04]
{745B4715-CFAE-9023-C49A-08061C46B4A5}=C:\WINDOWS\system32\vopnzag.dll [2007-04-28 07:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{76253FF7-A828-08C3-4792-0B03AEDE12F8}=C:\WINDOWS\system32\neizojg.dll [2007-04-12 12:45]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{A416D604-EAA3-4618-958C-2ECA22414616}=C:\WINDOWS\system32\nnnmjkl.dll [2007-04-09 19:37]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{E57AE6A3-C900-4C48-AAF1-7BA94730E98F}=C:\WINDOWS\system32\geedb.dll []
{ECC0A5E9-68BD-4223-BCD4-6061BF347ED8}=C:\WINDOWS\system32\awvvs.dll []
{F1D0758E-4218-42A7-B369-2FBEFAE618BA}=C:\WINDOWS\system32\ddcyw.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 18:42]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-01-09 01:39 C:\WINDOWS\system32\cthelper.exe]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" []
"LTMSG"="LTMSG.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"HostManager"="C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe" [2006-09-25 17:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-15 18:42]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" []
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL" []
"sscRun"="C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe" []
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 16:57]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 12:13]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 16:05]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 13:42]
"Error Nuker"="C:\Program Files\Error Nuker\bin\ErrorNuker.exe" []
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" []
"SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"hozihatk.exe"="C:\Documents and Settings\All Users\Application Data\hozihatk.exe" []
"gtcfaxaz.exe"="C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe" [2007-06-13 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" []
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-11 22:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBAudigy\PlayCenter2"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A416D604-EAA3-4618-958C-2ECA22414616}"="C:\WINDOWS\system32\nnnmjkl.dll" [2007-04-09 19:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy]
C:\WINDOWS\system32\ddcyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
C:\WINDOWS\system32\geedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmjkl]
nnnmjkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olelog]
c:\windows\registration\crmlog\olelog.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhf]
opnkkhf.dll

*Newly Created Service* - ATWPKT2

Contents of the 'Scheduled Tasks' folder
2007-06-04 20:30:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-15 02:00:36 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 18:59:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\yycdd.ini

scan completed successfully
hidden files: 1

**************************************************************************

Completion time: 2007-06-14 19:11:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-14 19:11

--- E O F ---

by the way thanks for the help i thought my comp was gonna crash

Blade81 · Jun 15, 2007

Hi

Before giving any further instructions I'd like to see a fresh hjt log as well. Could you post it, please?

ibcaleb · Jun 15, 2007

here you go

Logfile of HijackThis v1.99.1
Scan saved at 12:00:17 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1150422044\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05AA754E-35FA-FDCF-F0C6-02CBD2EF7953} - C:\WINDOWS\system32\ekgzipi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C} - C:\WINDOWS\system32\ggvsmlg.dll
O2 - BHO: (no name) - {0902BEBD-A638-D767-9C24-03D7FE29622D} - C:\WINDOWS\system32\tdblxbe.dll
O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\registration\crmlog\olelog.dll
O2 - BHO: (no name) - {0AE5365B-97FC-471C-9980-7DEFF8141A43} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: (no name) - {14A714F9-F11A-9622-85CD-06DF6A39C544} - C:\WINDOWS\system32\lhmzmq.dll
O2 - BHO: (no name) - {248D8ED0-2897-63D2-D555-0A35EE90CFA6} - C:\WINDOWS\system32\ziccdrj.dll
O2 - BHO: (no name) - {2E12C9DF-39EE-353F-CF7A-0B0DD5174E44} - C:\WINDOWS\system32\wgbyiwn.dll
O2 - BHO: (no name) - {2E887CAB-8390-4BBF-B4B9-E5796266346D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {35D3810F-5636-A7C1-51F1-07E019A89F67} - C:\WINDOWS\system32\zohvrse.dll
O2 - BHO: (no name) - {3E508C18-4B6C-AA38-7C37-015C60582AF2} - C:\WINDOWS\system32\ztkmged.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59B956DE-8B06-A767-A9F8-09C7EE3966EC} - C:\WINDOWS\system32\hvjtihd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\jqtgeirv.dll
O2 - BHO: (no name) - {5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {6CDBBA58-25ED-D768-1E27-0B45FA88BF39} - C:\WINDOWS\system32\xnpgxm.dll
O2 - BHO: (no name) - {71D93778-31D9-F7A2-321C-04BD4EEE6E4A} - C:\WINDOWS\system32\qjwgdrd.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\system32\ccc3.dll
O2 - BHO: (no name) - {745B4715-CFAE-9023-C49A-08061C46B4A5} - C:\WINDOWS\system32\vopnzag.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {76253FF7-A828-08C3-4792-0B03AEDE12F8} - C:\WINDOWS\system32\neizojg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - C:\WINDOWS\system32\nnnmjkl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E57AE6A3-C900-4C48-AAF1-7BA94730E98F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {ECC0A5E9-68BD-4223-BCD4-6061BF347ED8} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F1D0758E-4218-42A7-B369-2FBEFAE618BA} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jreylqxq.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: nnnmjkl - C:\WINDOWS\SYSTEM32\nnnmjkl.dll
O20 - Winlogon Notify: olelog - c:\windows\registration\crmlog\olelog.dll
O20 - Winlogon Notify: opnkkhf - opnkkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

Blade81 · Jun 15, 2007

Still quite much work to do

Hi

You may want to print out these instructions for reference, since you
will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make
sure Run fixit is checked and click Finish. The fix will
begin; follow the prompts. You will be asked to reboot your computer;
please do so. Your system may take longer than usual to load; this is
normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of
the logfile C:\fixwareout\report.txt

ibcaleb · Jun 16, 2007

fixwareout

ok well i had a major problem with my internet
so i ended up having to do a system restor to get on the internet
so this is the logs you asked for and i hope i did'nt mess it up by doing a system restore
i had to go back 2 days

thanks again

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KYE_Showicon"="\"C:\\Program Files\\USB Storage RW\\shwicon.exe\" -t\"KYE\\USB Storage RW\""
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"AutoTBar"="C:\\hp\\bin\\autotbar.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"LTMSG"="LTMSG.exe 7"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\AOLSoftware.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\SSCRun.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"Error Nuker"="C:\\Program Files\\Error Nuker\\bin\\ErrorNuker.exe autostart"
"outlook"="C:\\Program Files\\outlook\\outlook.exe /auto"
"winupdates"="C:\\Program Files\\winupdates\\winupdates.exe /auto"
"PaperPort PTD"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\BRMFLPRO\\BrDefPrt.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"xnpgxm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\xnpgxm.dll,egvubyc"
"xpksmhn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\xpksmhn.dll,xpirfi"
"ycyfwlf.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ycyfwlf.dll,anrfby"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hozihatk.exe"="C:\\Documents and Settings\\All Users\\Application Data\\hozihatk.exe"
"GPLv3"="rundll32.exe \"C:\\WINDOWS\\system32\\tfuhsidg.dll\",realset"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvfuk.dll,startup"
"gtcfaxaz.exe"="C:\\Documents and Settings\\All Users\\Application Data\\gtcfaxaz.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

ibcaleb · Jun 16, 2007

hjt

Logfile of HijackThis v1.99.1
Scan saved at 7:13:11 PM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\WINDOWS\ehome\ehSched.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\New Folder\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05AA754E-35FA-FDCF-F0C6-02CBD2EF7953} - C:\WINDOWS\system32\ekgzipi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C} - C:\WINDOWS\system32\ggvsmlg.dll
O2 - BHO: (no name) - {0902BEBD-A638-D767-9C24-03D7FE29622D} - C:\WINDOWS\system32\tdblxbe.dll
O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\registration\crmlog\olelog.dll
O2 - BHO: (no name) - {0EDD4C2F-295C-4FFB-8BA7-4EB8E34D5EBb} - C:\WINDOWS\system32\wabeapgn.dll
O2 - BHO: (no name) - {14A714F9-F11A-9622-85CD-06DF6A39C544} - C:\WINDOWS\system32\lhmzmq.dll
O2 - BHO: (no name) - {248D8ED0-2897-63D2-D555-0A35EE90CFA6} - C:\WINDOWS\system32\ziccdrj.dll
O2 - BHO: (no name) - {2E12C9DF-39EE-353F-CF7A-0B0DD5174E44} - C:\WINDOWS\system32\wgbyiwn.dll
O2 - BHO: (no name) - {2E887CAB-8390-4BBF-B4B9-E5796266346D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {35D3810F-5636-A7C1-51F1-07E019A89F67} - C:\WINDOWS\system32\zohvrse.dll
O2 - BHO: (no name) - {3E508C18-4B6C-AA38-7C37-015C60582AF2} - C:\WINDOWS\system32\ztkmged.dll
O2 - BHO: (no name) - {467F9031-C96F-442B-8904-7641C6BE334A} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59B956DE-8B06-A767-A9F8-09C7EE3966EC} - C:\WINDOWS\system32\hvjtihd.dll
O2 - BHO: (no name) - {5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {6CDBBA58-25ED-D768-1E27-0B45FA88BF39} - C:\WINDOWS\system32\xnpgxm.dll
O2 - BHO: (no name) - {71D93778-31D9-F7A2-321C-04BD4EEE6E4A} - C:\WINDOWS\system32\qjwgdrd.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\system32\ccc3.dll
O2 - BHO: (no name) - {745B4715-CFAE-9023-C49A-08061C46B4A5} - C:\WINDOWS\system32\vopnzag.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {76253FF7-A828-08C3-4792-0B03AEDE12F8} - C:\WINDOWS\system32\neizojg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - C:\WINDOWS\system32\nnnmjkl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ofyanrpj.dll
O2 - BHO: (no name) - {E57AE6A3-C900-4C48-AAF1-7BA94730E98F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {ECC0A5E9-68BD-4223-BCD4-6061BF347ED8} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F1D0758E-4218-42A7-B369-2FBEFAE618BA} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xnpgxm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xnpgxm.dll,egvubyc
O4 - HKLM\..\Run: [xpksmhn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\xpksmhn.dll,xpirfi
O4 - HKLM\..\Run: [ycyfwlf.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ycyfwlf.dll,anrfby
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\tfuhsidg.dll",realset
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvfuk.dll,startup
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: nnnmjkl - C:\WINDOWS\SYSTEM32\nnnmjkl.dll
O20 - Winlogon Notify: olelog - c:\windows\registration\crmlog\olelog.dll
O20 - Winlogon Notify: opnkkhf - opnkkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

Blade81 · Jun 16, 2007

Sad news

Well... doing system restore brought back all pests we had already cleaned :sad: We need to start again by running Combofix.

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

PS. Do you have more than one computer which you can use to access internet? That would be helpful in case you lose internet connection again.

ibcaleb · Jun 16, 2007

well

well thats a bummer :sad: but here is the scan and a new hjt log

ComboFix 07-06-13.3 - C:\New Folder\ComboFix.exe
"Administrator" - 2007-06-16 10:10:10 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\abldvkjo.dll
C:\WINDOWS\system32\axgipvju.dll
C:\WINDOWS\system32\bjxqitdp.dll
C:\WINDOWS\system32\ccpmkfmr.dll
C:\WINDOWS\system32\eunryeaw.dll
C:\WINDOWS\system32\ggwqowrr.dll
C:\WINDOWS\system32\gjwaxvlt.dll
C:\WINDOWS\system32\hnxwlrhu.dll
C:\WINDOWS\system32\ijffubis.dll
C:\WINDOWS\system32\jnxclwwu.dll
C:\WINDOWS\system32\kqadnoxt.dll
C:\WINDOWS\system32\lcumqegg.dll
C:\WINDOWS\system32\mpjkqrfu.dll
C:\WINDOWS\system32\nghnbncy.dll
C:\WINDOWS\system32\ofyanrpj.dll
C:\WINDOWS\system32\pmytltnk.dll
C:\WINDOWS\system32\pohmxmro.dll
C:\WINDOWS\system32\shhsdhuq.dll
C:\WINDOWS\system32\tfuhsidg.dll
C:\WINDOWS\system32\vrbbsipu.dll
C:\WINDOWS\system32\wabeapgn.dll
C:\WINDOWS\system32\wkenviti.dll
C:\WINDOWS\system32\wwknepmb.dll
C:\WINDOWS\system32\xnljfglq.dll
C:\WINDOWS\system32\xwudirxx.dll
C:\WINDOWS\system32\ylfpexqv.dll
C:\WINDOWS\system32\rqrpppo.dll
C:\WINDOWS\system32\ssqolli.dll
C:\WINDOWS\system32\vtutrpp.dll
C:\WINDOWS\system32\vtuusqp.dll
C:\WINDOWS\system32\urwcsgbx.exe
C:\WINDOWS\system32\winhoq32.dll
C:\WINDOWS\system32\rmfkmpcc.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\waeyrnue.ini
C:\WINDOWS\system32\tlvxawjg.ini
C:\WINDOWS\system32\sibuffji.ini
C:\WINDOWS\system32\uwwlcxnj.ini
C:\WINDOWS\system32\quhdshhs.ini
C:\WINDOWS\system32\gdishuft.ini
C:\WINDOWS\system32\itivnekw.ini
C:\WINDOWS\system32\qlgfjlnx.ini
C:\WINDOWS\system32\xxriduwx.ini
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\nnnmjkl.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\2T7XWW2J\www.broadcaster.com
C:\DOCUME~1\ADMINI~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Program Files\Common Files\{3C530~1
C:\Program Files\Common Files\{3C530~1\Bar888.dll
C:\Program Files\Common Files\{3C530~1\UnInstall.exe
C:\Program Files\Common Files\{4C530~1
C:\Program Files\outlook
C:\Program Files\winupdates
C:\WINDOWS\Registration\CRMLog\ntp2.ini
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\j6291635.dll

((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 )))))))))))))))))))))))))))))))

2007-06-16 10:09 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 20:29 62,516 --a------ C:\WINDOWS\system32\qebuxwnx.dll
2007-06-15 18:21 10,226 --a------ C:\dnsbak.reg
2007-06-13 15:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-06-13 13:21 <DIR> d-------- C:\New Folder
2007-06-13 01:07 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gtcfaxaz.exe
2007-06-06 21:59 55,316 --a------ C:\WINDOWS\system32\naybjuut.dll
2007-06-05 21:53 14,868 --a------ C:\WINDOWS\system32\htgnurjn.exe
2007-06-04 21:53 2,580 --a------ C:\WINDOWS\system32\jswiwsut.exe
2007-06-04 10:54 2,580 --a------ C:\WINDOWS\system32\eyyfpauk.exe
2007-06-03 10:54 2,580 --a------ C:\WINDOWS\system32\jjttahks.exe
2007-06-03 10:27 2,580 --a------ C:\WINDOWS\system32\kxaduuea.exe
2007-06-02 10:27 2,580 --a------ C:\WINDOWS\system32\mgdgpxhp.exe
2007-06-01 11:43 2,580 --a------ C:\WINDOWS\system32\dwnptxdm.exe
2007-06-01 11:29 2,580 --a------ C:\WINDOWS\system32\ppmtgwjk.exe
2007-05-21 15:17 <DIR> d-------- C:\Program Files\QuickTime
2007-05-19 17:40 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 17:33:33 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2007-06-16 17:33:32 288 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2007-06-14 01:01:08 -------- d-----w C:\Program Files\America Online 9.0a
2007-06-12 21:59:23 -------- d-----w C:\Program Files\iTunes
2007-06-05 03:02:41 -------- d-----w C:\Program Files\Messenger
2007-06-04 17:11:39 -------- d-----w C:\Program Files\PokerStars
2007-05-20 00:42:53 -------- d-----w C:\Program Files\Hewlett-Packard
2007-05-16 20:42:09 -------- d-----w C:\Program Files\AOL Pictures
2007-05-13 00:14:58 1,494,932 --sha-w C:\WINDOWS\system32\ycbeg.bak2
2007-05-12 05:34:13 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-12 00:14:45 1,495,347 --sha-w C:\WINDOWS\system32\ycbeg.bak1
2007-05-11 23:19:05 -------- d-----w C:\Program Files\hp deskjet 930c series
2007-05-03 22:03:44 1,252,495 --sha-w C:\WINDOWS\system32\bdeeg.bak2
2007-05-03 00:08:15 -------- d-----w C:\Program Files\Kylix Ringtone Maker
2007-04-30 12:25:45 64,000 ----a-w C:\WINDOWS\system32\ztkmged.dll
2007-04-30 12:25:44 86,528 ----a-w C:\WINDOWS\system32\khuyapm.dll
2007-04-28 14:04:04 86,528 ----a-w C:\WINDOWS\system32\zfdeihg.dll
2007-04-28 14:04:04 64,000 ----a-w C:\WINDOWS\system32\vopnzag.dll
2007-04-27 18:00:49 1,245,537 --sha-w C:\WINDOWS\system32\bdeeg.bak1
2007-04-27 16:00:46 244,983 ----a-w C:\WINDOWS\system32\pmnnm.dll
2007-04-27 15:00:29 246,443 ----a-w C:\WINDOWS\system32\mlljj.dll
2007-04-27 13:00:24 218,703 ----a-w C:\WINDOWS\system32\mlljk.dll
2007-04-27 12:00:22 228,923 ----a-w C:\WINDOWS\system32\ssqpp.dll
2007-04-27 11:00:25 266,883 ----a-w C:\WINDOWS\system32\mljgf.dll
2007-04-27 11:00:25 247,903 ----a-w C:\WINDOWS\system32\pmkji.dll
2007-04-27 09:54:21 86,528 ----a-w C:\WINDOWS\system32\lxzvaqb.dll
2007-04-27 09:54:21 63,488 ----a-w C:\WINDOWS\system32\ekgzipi.dll
2007-04-27 01:40:03 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-04-26 18:17:58 1,402,038 --sha-w C:\WINDOWS\system32\dfhkj.bak1
2007-04-24 16:19:29 86,528 ----a-w C:\WINDOWS\system32\ycyfwlf.dll
2007-04-24 16:19:29 63,488 ----a-w C:\WINDOWS\system32\wgbyiwn.dll
2007-04-24 01:44:23 1,406,444 --sha-w C:\WINDOWS\system32\svvwa.bak1
2007-04-24 00:28:11 -------- d-----w C:\Program Files\LimeWire
2007-04-23 11:52:05 63,488 ----a-w C:\WINDOWS\system32\qjwgdrd.dll
2007-04-23 11:52:04 86,016 ----a-w C:\WINDOWS\system32\xpksmhn.dll
2007-04-22 14:09:00 4,083 ----a-w C:\WINDOWS\system32\ddccb.dll
2007-04-22 10:03:23 86,528 ----a-w C:\WINDOWS\system32\xnpgxm.dll
2007-04-22 10:03:23 63,488 ----a-w C:\WINDOWS\system32\lhmzmq.dll
2007-04-21 08:04:37 225,280 ----a-w C:\WINDOWS\system32\ccc3.dll
2007-04-21 08:04:14 86,528 ----a-w C:\WINDOWS\system32\hvjtihd.dll
2007-04-21 08:04:14 63,488 ----a-w C:\WINDOWS\system32\ziccdrj.dll
2007-04-20 17:53:01 -------- d-----w C:\Program Files\MySpace
2007-04-20 12:08:35 269,803 ----a-w C:\WINDOWS\system32\pmnnn.dll
2007-04-19 00:20:18 1,400,178 --sha-w C:\WINDOWS\system32\wycdd.bak1
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 00:20:04 1,394,750 --sha-w C:\WINDOWS\system32\wycdd.bak2
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 16:19:28 86,016 ----a-w C:\WINDOWS\system32\tdblxbe.dll
2007-04-16 16:19:28 63,488 ----a-w C:\WINDOWS\system32\ggvsmlg.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2007-04-12 19:45:27 86,528 ----a-w C:\WINDOWS\system32\zohvrse.dll
2007-04-12 19:45:27 64,000 ----a-w C:\WINDOWS\system32\neizojg.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 23:13:44 350 ----a-w C:\WINDOWS\system32\vfw_32.reg
2006-06-16 00:11:32 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{05AA754E-35FA-FDCF-F0C6-02CBD2EF7953}=C:\WINDOWS\system32\ekgzipi.dll [2007-04-27 02:54]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 20:02]
{075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C}=C:\WINDOWS\system32\ggvsmlg.dll [2007-04-16 09:19]
{0902BEBD-A638-D767-9C24-03D7FE29622D}=C:\WINDOWS\system32\tdblxbe.dll [2007-04-16 09:19]
{0A99A153-E4A0-4124-9DBE-AFADC0C902B6}=c:\windows\registration\crmlog\olelog.dll [2007-04-27 11:00]
{14A714F9-F11A-9622-85CD-06DF6A39C544}=C:\WINDOWS\system32\lhmzmq.dll [2007-04-22 03:03]
{248D8ED0-2897-63D2-D555-0A35EE90CFA6}=C:\WINDOWS\system32\ziccdrj.dll [2007-04-21 01:04]
{2E12C9DF-39EE-353F-CF7A-0B0DD5174E44}=C:\WINDOWS\system32\wgbyiwn.dll [2007-04-24 09:19]
{2E887CAB-8390-4BBF-B4B9-E5796266346D}=C:\WINDOWS\system32\gebcy.dll []
{35D3810F-5636-A7C1-51F1-07E019A89F67}=C:\WINDOWS\system32\zohvrse.dll [2007-04-12 12:45]
{3E508C18-4B6C-AA38-7C37-015C60582AF2}=C:\WINDOWS\system32\ztkmged.dll [2007-04-30 05:25]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{59B956DE-8B06-A767-A9F8-09C7EE3966EC}=C:\WINDOWS\system32\hvjtihd.dll [2007-04-21 01:04]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\qebuxwnx.dll [2007-06-15 20:29]
{5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424}=C:\WINDOWS\system32\jkhfd.dll []
{6CDBBA58-25ED-D768-1E27-0B45FA88BF39}=C:\WINDOWS\system32\xnpgxm.dll [2007-04-22 03:03]
{71D93778-31D9-F7A2-321C-04BD4EEE6E4A}=C:\WINDOWS\system32\qjwgdrd.dll [2007-04-23 04:52]
{73E0DDC2-A93A-4D64-97B5-646627F61DD2}=C:\WINDOWS\system32\ccc3.dll [2007-04-21 01:04]
{745B4715-CFAE-9023-C49A-08061C46B4A5}=C:\WINDOWS\system32\vopnzag.dll [2007-04-28 07:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
{76253FF7-A828-08C3-4792-0B03AEDE12F8}=C:\WINDOWS\system32\neizojg.dll [2007-04-12 12:45]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{E57AE6A3-C900-4C48-AAF1-7BA94730E98F}=C:\WINDOWS\system32\geedb.dll []
{ECC0A5E9-68BD-4223-BCD4-6061BF347ED8}=C:\WINDOWS\system32\awvvs.dll []
{F1D0758E-4218-42A7-B369-2FBEFAE618BA}=C:\WINDOWS\system32\ddcyw.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 18:42]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01]
"AutoTBar"="C:\hp\bin\autotbar.exe" []
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-01-09 01:39 C:\WINDOWS\system32\cthelper.exe]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" []
"LTMSG"="LTMSG.exe" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"HostManager"="C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe" [2006-09-25 17:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-15 18:42]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" []
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL" []
"sscRun"="C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe" []
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 16:57]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 12:13]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 16:05]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 13:42]
"Error Nuker"="C:\Program Files\Error Nuker\bin\ErrorNuker.exe" []
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" []
"SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" []
"hozihatk.exe"="C:\Documents and Settings\All Users\Application Data\hozihatk.exe" []
"gtcfaxaz.exe"="C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe" [2007-06-13 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" []
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-11 22:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBAudigy\PlayCenter2"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvs]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]
C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]
C:\WINDOWS\system32\geedb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olelog]
c:\windows\registration\crmlog\olelog.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhf]
opnkkhf.dll

Contents of the 'Scheduled Tasks' folder
2007-06-04 20:30:06 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-16 01:58:07 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 10:35:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"

Completion time: 2007-06-16 10:41:39 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 10:41

--- E O F ---

to be continued

ibcaleb · Jun 16, 2007

hjt

Logfile of HijackThis v1.99.1
Scan saved at 10:48:03 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1150422044\ee\SSCEvtHdlr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\New Folder\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05AA754E-35FA-FDCF-F0C6-02CBD2EF7953} - C:\WINDOWS\system32\ekgzipi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C} - C:\WINDOWS\system32\ggvsmlg.dll
O2 - BHO: (no name) - {0902BEBD-A638-D767-9C24-03D7FE29622D} - C:\WINDOWS\system32\tdblxbe.dll
O2 - BHO: PsapiAnalyzer Object - {0A99A153-E4A0-4124-9DBE-AFADC0C902B6} - c:\windows\registration\crmlog\olelog.dll
O2 - BHO: (no name) - {14A714F9-F11A-9622-85CD-06DF6A39C544} - C:\WINDOWS\system32\lhmzmq.dll
O2 - BHO: (no name) - {248D8ED0-2897-63D2-D555-0A35EE90CFA6} - C:\WINDOWS\system32\ziccdrj.dll
O2 - BHO: (no name) - {2E12C9DF-39EE-353F-CF7A-0B0DD5174E44} - C:\WINDOWS\system32\wgbyiwn.dll
O2 - BHO: (no name) - {2E887CAB-8390-4BBF-B4B9-E5796266346D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {35D3810F-5636-A7C1-51F1-07E019A89F67} - C:\WINDOWS\system32\zohvrse.dll
O2 - BHO: (no name) - {3E508C18-4B6C-AA38-7C37-015C60582AF2} - C:\WINDOWS\system32\ztkmged.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59B956DE-8B06-A767-A9F8-09C7EE3966EC} - C:\WINDOWS\system32\hvjtihd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\qebuxwnx.dll
O2 - BHO: (no name) - {5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {6CDBBA58-25ED-D768-1E27-0B45FA88BF39} - C:\WINDOWS\system32\xnpgxm.dll
O2 - BHO: (no name) - {71D93778-31D9-F7A2-321C-04BD4EEE6E4A} - C:\WINDOWS\system32\qjwgdrd.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\system32\ccc3.dll
O2 - BHO: (no name) - {745B4715-CFAE-9023-C49A-08061C46B4A5} - C:\WINDOWS\system32\vopnzag.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {76253FF7-A828-08C3-4792-0B03AEDE12F8} - C:\WINDOWS\system32\neizojg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E57AE6A3-C900-4C48-AAF1-7BA94730E98F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {ECC0A5E9-68BD-4223-BCD4-6061BF347ED8} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F1D0758E-4218-42A7-B369-2FBEFAE618BA} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: olelog - c:\windows\registration\crmlog\olelog.dll
O20 - Winlogon Notify: opnkkhf - opnkkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

ibcaleb · Jun 16, 2007

oh yea

i have a laptop that i can use :bigthumb:
how long would the internet be out on this comp for???
i guess if it needs it it's ok

thanks for all the help!!!!!!!!

Blade81 · Jun 16, 2007

Hi

Hopefully net won't become disconnected anymore

Anyway, could you now run Fixwareout again (instructions in one of my previous replies)? Then we could run Vundofix too.

Please download
VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from
Click the Scan for Vundo button when VundoFix appears at reboot.

Please post the contents of C:\vundofix.txt, the contents of
the logfile C:\fixwareout\report.txt and a fresh HiJackThis log.

ibcaleb · Jun 16, 2007

hjt after 2 others

Logfile of HijackThis v1.99.1
Scan saved at 3:57:20 PM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Common Files\AOL\1150422044\ee\SSCEvtHdlr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1150422044\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\New Folder\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {05AA754E-35FA-FDCF-F0C6-02CBD2EF7953} - C:\WINDOWS\system32\ekgzipi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {075CA83D-FDEC-D1F0-8CC4-06B3BD7DF97C} - C:\WINDOWS\system32\ggvsmlg.dll
O2 - BHO: (no name) - {0902BEBD-A638-D767-9C24-03D7FE29622D} - C:\WINDOWS\system32\tdblxbe.dll
O2 - BHO: (no name) - {14A714F9-F11A-9622-85CD-06DF6A39C544} - C:\WINDOWS\system32\lhmzmq.dll
O2 - BHO: (no name) - {248D8ED0-2897-63D2-D555-0A35EE90CFA6} - C:\WINDOWS\system32\ziccdrj.dll
O2 - BHO: (no name) - {2E12C9DF-39EE-353F-CF7A-0B0DD5174E44} - C:\WINDOWS\system32\wgbyiwn.dll
O2 - BHO: (no name) - {2E887CAB-8390-4BBF-B4B9-E5796266346D} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {35D3810F-5636-A7C1-51F1-07E019A89F67} - C:\WINDOWS\system32\zohvrse.dll
O2 - BHO: (no name) - {3E508C18-4B6C-AA38-7C37-015C60582AF2} - C:\WINDOWS\system32\ztkmged.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59B956DE-8B06-A767-A9F8-09C7EE3966EC} - C:\WINDOWS\system32\hvjtihd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\qebuxwnx.dll
O2 - BHO: (no name) - {5EAAAD19-AFC2-45B3-B15C-44BD9A0BB424} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {6CDBBA58-25ED-D768-1E27-0B45FA88BF39} - C:\WINDOWS\system32\xnpgxm.dll
O2 - BHO: (no name) - {71D93778-31D9-F7A2-321C-04BD4EEE6E4A} - C:\WINDOWS\system32\qjwgdrd.dll
O2 - BHO: RdTasker - {73E0DDC2-A93A-4D64-97B5-646627F61DD2} - C:\WINDOWS\system32\ccc3.dll
O2 - BHO: (no name) - {745B4715-CFAE-9023-C49A-08061C46B4A5} - C:\WINDOWS\system32\vopnzag.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {76253FF7-A828-08C3-4792-0B03AEDE12F8} - C:\WINDOWS\system32\neizojg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E57AE6A3-C900-4C48-AAF1-7BA94730E98F} - C:\WINDOWS\system32\geedb.dll (file missing)
O2 - BHO: (no name) - {ECC0A5E9-68BD-4223-BCD4-6061BF347ED8} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: (no name) - {F1D0758E-4218-42A7-B369-2FBEFAE618BA} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150422044\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1150422044\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hozihatk.exe] C:\Documents and Settings\All Users\Application Data\hozihatk.exe
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.6.9/cab/aolpPlugins.10.6.0.4.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/polarbowler/install.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{8947A532-9C99-4F92-94A9-0B21B3B1B87B}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF3BDCC-F46C-4958-8D2A-A82C8E35C903}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{14C70953-49E0-4DF2-867E-53AF08976851}: NameServer = 85.255.115.4,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\system32\ddcyw.dll (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll (file missing)
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O20 - Winlogon Notify: opnkkhf - opnkkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1150422044\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe (file missing)

ibcaleb · Jun 16, 2007

fixwareout

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"KYE_Showicon"="\"C:\\Program Files\\USB Storage RW\\shwicon.exe\" -t\"KYE\\USB Storage RW\""
"Share-to-Web Namespace Daemon"="c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"CamMonitor"="c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"AutoTBar"="C:\\hp\\bin\\autotbar.exe"
"nwiz"="nwiz.exe /install"
"CTHelper"="CTHELPER.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe\""
"LTMSG"="LTMSG.exe 7"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\AOLSoftware.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\MWSBAR.DLL,S"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\SSCRun.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1150422044\\ee\\services\\safetyCore\\ver210_5_2_1\\AOLSP Scheduler.exe"
"Error Nuker"="C:\\Program Files\\Error Nuker\\bin\\ErrorNuker.exe autostart"
"PaperPort PTD"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\BRMFLPRO\\BrDefPrt.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"hozihatk.exe"="C:\\Documents and Settings\\All Users\\Application Data\\hozihatk.exe"
"gtcfaxaz.exe"="C:\\Documents and Settings\\All Users\\Application Data\\gtcfaxaz.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\2.bin\\mwsoemon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0a\\AOL.EXE\" -b"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

ibcaleb · Jun 17, 2007

vundofix

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 3:35:03 PM 6/16/2007

Listing files found while scanning....

c:\windows\registration\crmlog\olelog.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini

Beginning removal...

Attempting to delete c:\windows\registration\crmlog\olelog.dll
c:\windows\registration\crmlog\olelog.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\wycdd.tmp
C:\WINDOWS\system32\wycdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

ok now what that took a while but i got it to work and kept my internet
i had to reinstall dnsbak.reg but other than that it worked great!!!!!!!!!!

:

Help Please

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus

New member

New member

New member