comp screwed, check my hijack log please...
i have gotten rid of most of the crap but it still runs slow and theres some stuff i can't get rid of, heres the log:
Logfile of HijackThis v1.98.2
Scan saved at 9:43:51 PM, on 6/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\System32\PELMICED.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\lprfmsp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\lnprll.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\system\hxptjpub.exe
C:\WINDOWS\system\xdodqlbwn.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\lfgiui.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
F:\Downloads\ftpserver2\FTPServer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vic Romano\My Documents\Hijack This\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [qF5R3qV] lprfmsp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebvg32.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\lnprll.exe reg_run
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bou5RkZEj] lfgiui.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - Startup: Quick'n Easy FTP Server.lnk = F:\Downloads\ftpserver2\FTPServer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114990285689
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
Logfile of HijackThis v1.98.2
Scan saved at 9:43:51 PM, on 6/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\System32\PELMICED.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\System32\lprfmsp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\lnprll.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\system\hxptjpub.exe
C:\WINDOWS\system\xdodqlbwn.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\lfgiui.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
F:\Downloads\ftpserver2\FTPServer.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vic Romano\My Documents\Hijack This\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [qF5R3qV] lprfmsp.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebvg32.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\lnprll.exe reg_run
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bou5RkZEj] lfgiui.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - Startup: Quick'n Easy FTP Server.lnk = F:\Downloads\ftpserver2\FTPServer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114990285689
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
0
Comments
Please download the current version of Hijackthis and post a new hijackthis log.
http://www.short-media.com/download.php?d=245
Scan saved at 4:16:45 PM, on 6/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\System32\PELMICED.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\utid.exe
F:\Downloads\ftpserver2\FTPServer.exe
C:\WINDOWS\System32\winupdt.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\msxct.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Vic Romano\My Documents\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\ellr0m.dll
O2 - BHO: (no name) - {C370527A-24A7-4583-BE01-72E59000EB17} - C:\WINDOWS\system32\n.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\lnprll.exe reg_run
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [AutoLoaderAproposClient] "C:\WINDOWS\cxtpls_loader.exe" /HideUninstall /HideDir /PC=CP.AMS /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [qF5R3qV] 610px32r.exe
O4 - HKLM\..\Run: [hdlnj74m] C:\WINDOWS\System32\hdlnj74m.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [bou5RkZEj] 28uplug.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [kk7kzir.exe] C:\WINDOWS\System32\kk7kzir.exe /k
O4 - Startup: Quick'n Easy FTP Server.lnk = F:\Downloads\ftpserver2\FTPServer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114990285689
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
Surf Side Kick
Internet Optimizer
Bullseye Network
WeirdOnTheWeb
Download rkfiles.zip
http://skads.org/special/rkfiles.zip
Unzip the contents to a permanent folder.
Reboot your computer into Safe Mode
Doubleclick rkfiles.bat
It will scan for a while, so please be patient.
Wait till the DOS window closes and reboot back to normal mode.
Post the contents of C:\log.txt in your next reply along with a new hijackthis log.
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
C:\WINDOWS\system32\AUNPS2.dll: UPX!
C:\WINDOWS\system32\gvkqg.dat: UPX!
C:\WINDOWS\system32\lnprll.exe: UPX!
C:\WINDOWS\system32\ngrpnnp.dll: UPX!
C:\WINDOWS\system32\ps1.exe: UPX!
C:\WINDOWS\system32\Qool.exe: UPX!
C:\WINDOWS\system32\Qool.exe: UPX!
C:\WINDOWS\system32\Qool.exe: UPX!
C:\WINDOWS\system32\skytown.exe: UPX!
C:\WINDOWS\system32\supdate.dll: UPX!
C:\WINDOWS\system32\uci.exe: UPX!
C:\WINDOWS\system32\02t.sys: PEC2
C:\WINDOWS\system32\09a1kti.sys: PEC2
C:\WINDOWS\system32\0ir6o.sys: PEC2
C:\WINDOWS\system32\0izwe7p.sys: PEC2
C:\WINDOWS\system32\0jg5z4.sys: PEC2
C:\WINDOWS\system32\0qpp1r.sys: PEC2
C:\WINDOWS\system32\0t8o7zl.sys: PEC2
C:\WINDOWS\system32\0v807.sys: PEC2
C:\WINDOWS\system32\177b3wq.sys: PEC2
C:\WINDOWS\system32\1p9exh.exe: PEC2
C:\WINDOWS\system32\1r5.sys: PEC2
C:\WINDOWS\system32\21ered.exe: PEC2
C:\WINDOWS\system32\2cn1ft.sys: PEC2
C:\WINDOWS\system32\2fmnwj.exe: PEC2
C:\WINDOWS\system32\2xbtr5.exe: PEC2
C:\WINDOWS\system32\33dtluu.sys: PEC2
C:\WINDOWS\system32\340g859.sys: PEC2
C:\WINDOWS\system32\37j7dl.sys: PEC2
C:\WINDOWS\system32\3ciado.sys: PEC2
C:\WINDOWS\system32\3t4pde.sys: PEC2
C:\WINDOWS\system32\3vblm.sys: PEC2
C:\WINDOWS\system32\4yl.sys: PEC2
C:\WINDOWS\system32\5modfqb.sys: PEC2
C:\WINDOWS\system32\610k3t.exe: PEC2
C:\WINDOWS\system32\662orlm.sys: PEC2
C:\WINDOWS\system32\68bc.sys: PEC2
C:\WINDOWS\system32\6jc9.sys: PEC2
C:\WINDOWS\system32\78nc.sys: PEC2
C:\WINDOWS\system32\7am.sys: PEC2
C:\WINDOWS\system32\7i5.sys: PEC2
C:\WINDOWS\system32\7t6cx.sys: PEC2
C:\WINDOWS\system32\80c02iz.sys: PEC2
C:\WINDOWS\system32\8hy.sys: PEC2
C:\WINDOWS\system32\8jiavf.sys: PEC2
C:\WINDOWS\system32\8qhzfn1.sys: PEC2
C:\WINDOWS\system32\8y7r53.sys: PEC2
C:\WINDOWS\system32\90ep.sys: PEC2
C:\WINDOWS\system32\9cfw35.sys: PEC2
C:\WINDOWS\system32\9h1cabz.exe: PEC2
C:\WINDOWS\system32\9u7.sys: PEC2
C:\WINDOWS\system32\abc73ea.exe: PEC2
C:\WINDOWS\system32\am25t4.sys: PEC2
C:\WINDOWS\system32\at6.sys: PEC2
C:\WINDOWS\system32\at63p.sys: PEC2
C:\WINDOWS\system32\auagh.sys: PEC2
C:\WINDOWS\system32\bm8.sys: PEC2
C:\WINDOWS\system32\bov.sys: PEC2
C:\WINDOWS\system32\camlc4.sys: PEC2
C:\WINDOWS\system32\ck06z3l.sys: PEC2
C:\WINDOWS\system32\cu8x.sys: PEC2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\DivX.dll: PEC2
C:\WINDOWS\system32\emaik.sys: PEC2
C:\WINDOWS\system32\eti8av.sys: PEC2
C:\WINDOWS\system32\fj1wa8x.exe: PEC2
C:\WINDOWS\system32\g5b6ivt.sys: PEC2
C:\WINDOWS\system32\ga0.sys: PEC2
C:\WINDOWS\system32\gmqx.sys: PEC2
C:\WINDOWS\system32\gw4n.sys: PEC2
C:\WINDOWS\system32\h47u.sys: PEC2
C:\WINDOWS\system32\i5kp1mb.sys: PEC2
C:\WINDOWS\system32\iddm.sys: PEC2
C:\WINDOWS\system32\ikfww.exe: PEC2
C:\WINDOWS\system32\iln.sys: PEC2
C:\WINDOWS\system32\iolrn.sys: PEC2
C:\WINDOWS\system32\iz63o.sys: PEC2
C:\WINDOWS\system32\izog.sys: PEC2
C:\WINDOWS\system32\j9ot2wx.sys: PEC2
C:\WINDOWS\system32\jj2.sys: PEC2
C:\WINDOWS\system32\jl65.sys: PEC2
C:\WINDOWS\system32\jp39fne.sys: PEC2
C:\WINDOWS\system32\k1jeh.sys: PEC2
C:\WINDOWS\system32\k1zj.sys: PEC2
C:\WINDOWS\system32\k2q46.sys: PEC2
C:\WINDOWS\system32\kc17a.exe: PEC2
C:\WINDOWS\system32\kf9w.sys: PEC2
C:\WINDOWS\system32\khjue.sys: PEC2
C:\WINDOWS\system32\kjb2xl3.sys: PEC2
C:\WINDOWS\system32\kk7kzir.exe: PEC2
C:\WINDOWS\system32\klw6.sys: PEC2
C:\WINDOWS\system32\kmi.sys: PEC2
C:\WINDOWS\system32\kqil.sys: PEC2
C:\WINDOWS\system32\kr30b98.sys: PEC2
C:\WINDOWS\system32\l8c9dnr.sys: PEC2
C:\WINDOWS\system32\l9t02.exe: PEC2
C:\WINDOWS\system32\luwb3.exe: PEC2
C:\WINDOWS\system32\m356t.sys: PEC2
C:\WINDOWS\system32\mark.sys: PEC2
C:\WINDOWS\system32\mirindaspf.exe: PEC2
C:\WINDOWS\system32\mkdoc.sys: PEC2
C:\WINDOWS\system32\mxr68yq.sys: PEC2
C:\WINDOWS\system32\mytph.sys: PEC2
C:\WINDOWS\system32\np8wt0.sys: PEC2
C:\WINDOWS\system32\nuy.sys: PEC2
C:\WINDOWS\system32\prl.sys: PEC2
C:\WINDOWS\system32\q008zp.sys: PEC2
C:\WINDOWS\system32\q0qah.exe: PEC2
C:\WINDOWS\system32\q20f2rc.sys: PEC2
C:\WINDOWS\system32\qda.sys: PEC2
C:\WINDOWS\system32\qjpv5.sys: PEC2
C:\WINDOWS\system32\r4o.sys: PEC2
C:\WINDOWS\system32\r7q.sys: PEC2
C:\WINDOWS\system32\r802.sys: PEC2
C:\WINDOWS\system32\rrbijpi.sys: PEC2
C:\WINDOWS\system32\rww.sys: PEC2
C:\WINDOWS\system32\t6pm.sys: PEC2
C:\WINDOWS\system32\tz65.sys: PEC2
C:\WINDOWS\system32\u0quwzd.sys: PEC2
C:\WINDOWS\system32\u0r0n.exe: PEC2
C:\WINDOWS\system32\uw3u.sys: PEC2
C:\WINDOWS\system32\uxc.sys: PEC2
C:\WINDOWS\system32\v0dh16z.sys: PEC2
C:\WINDOWS\system32\v436b2e.sys: PEC2
C:\WINDOWS\system32\v8tfi.exe: PEC2
C:\WINDOWS\system32\vdvu.sys: PEC2
C:\WINDOWS\system32\w2t2lt.exe: PEC2
C:\WINDOWS\system32\wcq0cy8.sys: PEC2
C:\WINDOWS\system32\wi2q8qb.sys: PEC2
C:\WINDOWS\system32\wxqkjx.exe: PEC2
C:\WINDOWS\system32\xjk.sys: PEC2
C:\WINDOWS\system32\xwoqiq.exe: PEC2
C:\WINDOWS\system32\xyjt.sys: PEC2
C:\WINDOWS\system32\yarj4d.exe: PEC2
C:\WINDOWS\system32\yhyny.sys: PEC2
C:\WINDOWS\system32\yvelap.sys: PEC2
C:\WINDOWS\02t.sys: PEC2
C:\WINDOWS\09a1kti.sys: PEC2
C:\WINDOWS\0ir6o.sys: PEC2
C:\WINDOWS\0izwe7p.sys: PEC2
C:\WINDOWS\0jg5z4.sys: PEC2
C:\WINDOWS\0qpp1r.sys: PEC2
C:\WINDOWS\0t8o7zl.sys: PEC2
C:\WINDOWS\0v807.sys: PEC2
C:\WINDOWS\177b3wq.sys: PEC2
C:\WINDOWS\1r5.sys: PEC2
C:\WINDOWS\2cn1ft.sys: PEC2
C:\WINDOWS\33dtluu.sys: PEC2
C:\WINDOWS\340g859.sys: PEC2
C:\WINDOWS\37j7dl.sys: PEC2
C:\WINDOWS\3ciado.sys: PEC2
C:\WINDOWS\3t4pde.sys: PEC2
C:\WINDOWS\3vblm.sys: PEC2
C:\WINDOWS\4yl.sys: PEC2
C:\WINDOWS\5modfqb.sys: PEC2
C:\WINDOWS\662orlm.sys: PEC2
C:\WINDOWS\68bc.sys: PEC2
C:\WINDOWS\6jc9.sys: PEC2
C:\WINDOWS\78nc.sys: PEC2
C:\WINDOWS\7am.sys: PEC2
C:\WINDOWS\7i5.sys: PEC2
C:\WINDOWS\7t6cx.sys: PEC2
C:\WINDOWS\80c02iz.sys: PEC2
C:\WINDOWS\8hy.sys: PEC2
C:\WINDOWS\8jiavf.sys: PEC2
C:\WINDOWS\8qhzfn1.sys: PEC2
C:\WINDOWS\8y7r53.sys: PEC2
C:\WINDOWS\90ep.sys: PEC2
C:\WINDOWS\9cfw35.sys: PEC2
C:\WINDOWS\9u7.sys: PEC2
C:\WINDOWS\am25t4.sys: PEC2
C:\WINDOWS\at6.sys: PEC2
C:\WINDOWS\at63p.sys: PEC2
C:\WINDOWS\auagh.sys: PEC2
C:\WINDOWS\bm8.sys: PEC2
C:\WINDOWS\bov.sys: PEC2
C:\WINDOWS\camlc4.sys: PEC2
C:\WINDOWS\ck06z3l.sys: PEC2
C:\WINDOWS\cu8x.sys: PEC2
C:\WINDOWS\emaik.sys: PEC2
C:\WINDOWS\eti8av.sys: PEC2
C:\WINDOWS\g5b6ivt.sys: PEC2
C:\WINDOWS\ga0.sys: PEC2
C:\WINDOWS\gmqx.sys: PEC2
C:\WINDOWS\gw4n.sys: PEC2
C:\WINDOWS\h47u.sys: PEC2
C:\WINDOWS\i5kp1mb.sys: PEC2
C:\WINDOWS\iddm.sys: PEC2
C:\WINDOWS\iln.sys: PEC2
C:\WINDOWS\iolrn.sys: PEC2
C:\WINDOWS\iz63o.sys: PEC2
C:\WINDOWS\izog.sys: PEC2
C:\WINDOWS\j9ot2wx.sys: PEC2
C:\WINDOWS\jj2.sys: PEC2
C:\WINDOWS\jl65.sys: PEC2
C:\WINDOWS\jp39fne.sys: PEC2
C:\WINDOWS\k1jeh.sys: PEC2
C:\WINDOWS\k1zj.sys: PEC2
C:\WINDOWS\k2q46.sys: PEC2
C:\WINDOWS\kf9w.sys: PEC2
C:\WINDOWS\khjue.sys: PEC2
C:\WINDOWS\kjb2xl3.sys: PEC2
C:\WINDOWS\klw6.sys: PEC2
C:\WINDOWS\kmi.sys: PEC2
C:\WINDOWS\kqil.sys: PEC2
C:\WINDOWS\kr30b98.sys: PEC2
C:\WINDOWS\l8c9dnr.sys: PEC2
C:\WINDOWS\m356t.sys: PEC2
C:\WINDOWS\mark.sys: PEC2
C:\WINDOWS\mkdoc.sys: PEC2
C:\WINDOWS\mxr68yq.sys: PEC2
C:\WINDOWS\mytph.sys: PEC2
C:\WINDOWS\np8wt0.sys: PEC2
C:\WINDOWS\nuy.sys: PEC2
C:\WINDOWS\prl.sys: PEC2
C:\WINDOWS\q008zp.sys: PEC2
C:\WINDOWS\q20f2rc.sys: PEC2
C:\WINDOWS\qda.sys: PEC2
C:\WINDOWS\qjpv5.sys: PEC2
C:\WINDOWS\r4o.sys: PEC2
C:\WINDOWS\r7q.sys: PEC2
C:\WINDOWS\r802.sys: PEC2
C:\WINDOWS\rrbijpi.sys: PEC2
C:\WINDOWS\rww.sys: PEC2
C:\WINDOWS\t6pm.sys: PEC2
C:\WINDOWS\tz65.sys: PEC2
C:\WINDOWS\u0quwzd.sys: PEC2
C:\WINDOWS\uw3u.sys: PEC2
C:\WINDOWS\uxc.sys: PEC2
C:\WINDOWS\v0dh16z.sys: PEC2
C:\WINDOWS\v436b2e.sys: PEC2
C:\WINDOWS\vdvu.sys: PEC2
C:\WINDOWS\wcq0cy8.sys: PEC2
C:\WINDOWS\wi2q8qb.sys: PEC2
C:\WINDOWS\xjk.sys: PEC2
C:\WINDOWS\xyjt.sys: PEC2
C:\WINDOWS\yhyny.sys: PEC2
C:\WINDOWS\yvelap.sys: PEC2
Files Found in all users startup Folder............
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\utid.exe: UPX!
Files Found in all users windows Folder............
C:\WINDOWS\del.tmp: UPX!
C:\WINDOWS\extract.exe: UPX!
C:\WINDOWS\nem220.dll: UPX!
C:\WINDOWS\tct101.dll: UPX!
C:\WINDOWS\weird.exe: UPX!
Finished
bye
Please delete all items listed in rkfiles log except this one.
C:\WINDOWS\system32\dfrg.msc
Do not delete this file, but delete all others.
Please run at least two of these online scans.
Make sure they are set to clean automatically:
Panda Virus Scan
Bit Defender
TrendMicro Housecall
There will be files that these scans will not remove. Please include that information in your next post.
Reboot and post a new hijackthis log, a new rkfiles log, and the info from your virus scans.