Bothersome pop ups
Hello and thank you for reviewing my thread. Currently, I am experiencing a ton of pop ups occurring at the same time at numerous time even if I have no programs running. Is it possible for you to tell me what is wrong?
My HijackThis Log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:41 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\windows\system32\qkdsregs.exe
C:\WINDOWS\win32108-120405890.exe
C:\WINDOWS\win320908-12040589.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vyxbbcqA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\sys0304058908-12.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\windows\mousepad7.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Common Files\AOL\1139440148\ee\AOLSoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\errorhandler.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\УSTEM~1\fast.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\vyxbbcq.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kwinlraf.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 9 for hijackthis_199.zip\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [gjZC2XV] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{B8-84-4E-E4-ZN}] C:\windows\system32\qkdsregs.exe FI002
O4 - HKLM\..\Run: [win32108-120405890] C:\WINDOWS\win32108-120405890.exe
O4 - HKLM\..\Run: [win320908-12040589] C:\WINDOWS\win320908-12040589.exe
O4 - HKLM\..\Run: [w043e50a.dll] RUNDLL32.EXE w043e50a.dll,I2 0000f9690043e50a
O4 - HKLM\..\Run: [vyxbbcqA] C:\WINDOWS\vyxbbcqA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys0304058908-12] C:\WINDOWS\sys0304058908-12.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [kYWFVFfx] C:\documents and settings\christopher\local settings\temp\kYWFVFfx.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [jtlpvn] c:\windows\system32\kjqdmzq.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139440148\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [E75q] C:\documents and settings\christopher\local settings\temp\E75q.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [Qtlazp] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\?TSTEM~1\fast.exe" -vt ndrv
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
My HijackThis Log is as follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:41 AM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\windows\system32\qkdsregs.exe
C:\WINDOWS\win32108-120405890.exe
C:\WINDOWS\win320908-12040589.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vyxbbcqA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\sys0304058908-12.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\windows\mousepad7.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Common Files\AOL\1139440148\ee\AOLSoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\errorhandler.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\УSTEM~1\fast.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\vyxbbcq.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kwinlraf.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 9 for hijackthis_199.zip\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [gjZC2XV] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{B8-84-4E-E4-ZN}] C:\windows\system32\qkdsregs.exe FI002
O4 - HKLM\..\Run: [win32108-120405890] C:\WINDOWS\win32108-120405890.exe
O4 - HKLM\..\Run: [win320908-12040589] C:\WINDOWS\win320908-12040589.exe
O4 - HKLM\..\Run: [w043e50a.dll] RUNDLL32.EXE w043e50a.dll,I2 0000f9690043e50a
O4 - HKLM\..\Run: [vyxbbcqA] C:\WINDOWS\vyxbbcqA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [sys0304058908-12] C:\WINDOWS\sys0304058908-12.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\rlvknlg.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [kYWFVFfx] C:\documents and settings\christopher\local settings\temp\kYWFVFfx.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [jtlpvn] c:\windows\system32\kjqdmzq.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139440148\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [E75q] C:\documents and settings\christopher\local settings\temp\E75q.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKCU\..\Run: [Qtlazp] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [EQAdvice] "C:\Program Files\EQAdvice\EQAdvice.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\?TSTEM~1\fast.exe" -vt ndrv
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Comments
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Temporary Directory 9 for hijackthis_199.zip\HijackThis.exe
This is a temporary directory. Please make a folder here:
C:\HJT
Place Hijack This into that folder or alternatively drag the HijackThis.exe file to your desktop and run it from there. Please post another Hijack This log after you've done this.
Logfile of HijackThis v1.99.1
Scan saved at 6:34:26 AM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\qkdsregs.exe
C:\WINDOWS\vyxbbcqA.exe
C:\WINDOWS\SYSTEM32\kwinlraf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\vyxbbcq.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [{B8-84-4E-E4-ZN}] C:\windows\system32\qkdsregs.exe FI002
O4 - HKLM\..\Run: [vyxbbcqA] C:\WINDOWS\vyxbbcqA.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\kwinlraf.exe FI002
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Please download Look2Me-Destroyer.exe to your desktop.
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 4/3/2006 1:13:01 PM
Attempting to delete infected files...
Making registry repairs.
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2E53FF3E-8ACE-42B7-80A6-EC00C4633D28}"
HKCR\Clsid\{2E53FF3E-8ACE-42B7-80A6-EC00C4633D28}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
Logfile of HijackThis v1.99.1
Scan saved at 1:19:50 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\qkdsregs.exe
C:\WINDOWS\vyxbbcqA.exe
C:\WINDOWS\SYSTEM32\kwinlraf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\vyxbbcq.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [{B8-84-4E-E4-ZN}] C:\windows\system32\qkdsregs.exe FI002
O4 - HKLM\..\Run: [vyxbbcqA] C:\WINDOWS\vyxbbcqA.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\kwinlraf.exe FI002
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Next step is to download Ewido Anti-Malware also from my signature. Install the program and then set it up according to the instructions below:
You will need to update ewido to the latest definition files.
The update will start and a progress bar will show the updates being installed. After the updates are installed, exit Ewido.
Once the updates are installed do the following:
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Post back with the Panda log, the Ewido log and a fresh Hijack This log.
ewido anti-malware - Scan report
+ Created on: 7:29:42 PM, 4/4/2006
+ Report-Checksum: F2FF146D
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Adware.WebSearch : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads.euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads18.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@banner.newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cliks[3].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@cz9.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Christopher\full.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\A6E2F0.tmp/ny8jr.exe -> Trojan.Runner.h : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\Cookies\christopher@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\echo.exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\i2F1.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\i79.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\iA6.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\mndcntas.tmp -> Adware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\MONEY1.exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\q2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\q4.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\q6.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\Transpd.dll -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\xxx1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temp\z2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[2].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\IB2NEX2R\rcverlib[2].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\NetworkService\Cookies\christopher@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\Program Files\FCAdvice\FCAdvice.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3962FCF0-8045-497F-9095-33415C\9C344A11-B819-4770-80FD-3CA10E -> Hijacker.Agent.dh : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7DACC9CB-A1DD-4D5F-9487-570B67\D3B2A1B9-7841-478F-BD6A-23E490 -> Adware.WebHancer : Cleaned with backup
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001347.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001348.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001351.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001352.dll -> Adware.SafeSurfing : Cleaned with backup
C:\temp\NCasePackage.exe -> Adware.180Solutions : Cleaned with backup
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\DH.dll_ -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\enhtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\keoinrxwz.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\olxrnjft.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\rlvknlg.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\sms112x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\sys0304058908-12.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\SYSTEM32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\ibdnhahb.dll -> Adware.Agent : Cleaned with backup
C:\WINDOWS\SYSTEM32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ny8jr.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\oins.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\SYSTEM32\paytime.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\SYSTEM32\q.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\q3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\q5.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\qmdsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\tool1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool3.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool4.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\vyvhftcx.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\vyxbbcqA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\win320908-12040589.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\win32108-120405890.exe -> Downloader.VB.tw : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 7:36:20 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\kwinlraf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe\
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll (file missing)
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\kwinlraf.exe FI002
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Log of ActiveScan
Incident Status Location
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\QKDSREGS.EXE
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\pioqahks.dll
Adware:Adware/Zenosearch Not disinfected C:\windows\system32\qkdsregs.exe
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\system32\dmonwv.dll
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\desgwbv.dll
Adware:adware/zenosearch Not disinfected C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\Zeno.lnk
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\cfout.txt
Adware:adware/cws.loadadv Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\loadadv640.exe
Adware:adware/deskwizz Not disinfected C:\WINDOWS\SYSTEM32\ad.html
Adware:adware/mediatickets Not disinfected C:\WINDOWS\SYSTEM32\oins.exe
Adware:adware/cws Not disinfected C:\WINDOWS\SYSTEM32\paytime.exe
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\rk.bin
Adware:adware/igetnet Not disinfected C:\WINDOWS\SYSTEM\rules.dat
Adware:adware/ncase Not disinfected C:\TEMP\NCasePackage.exe
Adware:adware/toprebates Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
Adware:adware/zenosearch Not disinfected C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\Zeno.lnk
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Ssk.log
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\satmat.inf
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/startpage.bbc Not disinfected C:\w.exe
Adware:adware/secure32 Not disinfected C:\WINDOWS\country.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.ini
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\tool1.exe
Adware:adware/commad Not disinfected C:\PROGRAM FILES\Network Monitor
Adware:adware/winad Not disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/popper Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@112.2o7[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@2o7[2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@64.62.232[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@888[2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adrevolver[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@azjmp[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@a[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@banners.searchingbooth[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@belnk[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@btg.btgrab[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@cassava[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@cliks[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@entrepreneur[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@errorguard[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@i.screensavers[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@image.checkmystats.com[2].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@intercasino.touchclarity[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@Kiddo[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@kinghost[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@kmpads[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@mediaplex[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@microsofteup.112.2o7[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@mmm.media-motor[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@overture[2].txt
Spyware:Cookie/Transponder Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@pyn.pynix[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@revenue[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@rightmedia[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@serving-sys[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@spywarestormer[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@statse.webtrendslive[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@tribalfusion[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@webpower[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@winfixer[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.burstbeacon[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.myaffiliateprogram[1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.toprebates[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@zedo[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@112.2o7[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@2o7[2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@64.62.232[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@888[2].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@abetterinternet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ad.yieldmanager[3].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adrevolver[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@apmebf[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@azjmp[2].txt
Spyware:Cookie/BetterInet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@a[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@banners.searchingbooth[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@belnk[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@bluestreak[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@btg.btgrab[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@c.enhance[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@cassava[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@cliks[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@dist.belnk[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@entrepreneur[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@errorguard[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@errorsafe[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@fastclick[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@hitbox[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@i.screensavers[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@image.checkmystats.com[2].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@intercasino.touchclarity[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@Kiddo[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@kinghost[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@kmpads[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@mediaplex[1].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@microsofteup.112.2o7[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@mmm.media-motor[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@overture[2].txt
Spyware:Cookie/Transponder Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@pyn.pynix[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@qksrv[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@revenue[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@rightmedia[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@serving-sys[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@spywarestormer[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@statse.webtrendslive[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@tribalfusion[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@webpower[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@winfixer[1].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.advnt01[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.burstbeacon[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.errorsafe[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.myaffiliateprogram[1].txt
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@www.toprebates[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Christopher\Cookies\christopher@zedo[2].txt
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\full.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\Cookies\christopher@ad.yieldmanager[1].txt
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\echo.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\f10959328.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\f4240109.exe
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\f4433500.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\i2F1.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\i79.tmp
Spyware:Spyware/SurfSideKick Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\iA6.tmp
Adware:Adware/Secure32 Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\loadadv640.exe
Spyware:Spyware/Media-motor Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\mmxp2passion.exe
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\q2.exe
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\q4.exe
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\q6.exe
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\xxx1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temp\z2.exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[1].exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[2].exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[3].exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\8PIF0H6V\rcverlib[1].exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\CXIFK567\rcverlib[1].exe
Adware:Adware/QoolAid Not disinfected C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\IB2NEX2R\rcverlib[2].exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\NetworkService\Cookies\christopher@2o7[1].txt
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload46a.exe
Adware:Adware/Qoologic Not disinfected C:\installerwnus.exe
Adware:Adware/FCHelp Not disinfected C:\Program Files\FCAdvice\FCAdvice.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\InetGet2\gimmysmileysB.exe
Adware:Adware/BrowserAid Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3962FCF0-8045-497F-9095-33415C\9C344A11-B819-4770-80FD-3CA10E
Adware:Adware/WebHancer Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\7DACC9CB-A1DD-4D5F-9487-570B67\D3B2A1B9-7841-478F-BD6A-23E490
Adware:Adware/Deskwizz Not disinfected C:\sk02.exe
Adware:Adware/nCase Not disinfected C:\temp\NCasePackage.exe
Adware:Adware/PurityScan Not disinfected C:\Veracruz.exe
Virus:Trj/SCBop.E Not disinfected C:\WINDOWS\CheckS02.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\country.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\DH.dll_
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\WinadX.inf
Virus:Trj/Imiserv.I Not disinfected C:\WINDOWS\enhtb.exe
Virus:Trj/sosmyn.A Not disinfected C:\WINDOWS\errorhandler.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\INF\satmat.inf
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\kl1.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\olxrnjft.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2hyaXN0b3BoZXI\kZ1VurhXva1CtrK.vbs
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\SYSTEM32\ad.html
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\SYSTEM32\cthjr.dat
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\SYSTEM32\dmonwv.dll
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\dwdsregt.exe
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\SYSTEM32\installer.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\SYSTEM32\MTE2ODI6ODoxNg.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\SYSTEM32\paytime.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\pioqahks.dll
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\q.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\q3.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\q5.exe
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\qkdsregs.exe
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\qmdsregp.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\SYSTEM32\Setup94.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\xxx2.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\z1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\SYSTEM32\z3.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\tool2.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\tool3.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\tool4.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\toolbar.exe
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\uniq
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\vyvhftcx.dll
Adware:Adware/2Z0o Not disinfected C:\WINDOWS\vyxbbcq.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\?уstem32\fast.exe
I can modify the text if it is hard to read like this.
If you told the Panda Scan to autoclean then go directly to the step below.
After that I would like you to run a Kaspersky online scan next. You can do it from my signature. It will generate a log as well. After this scan if we don't get any further then we'll have to resort to manually killing all this junk. That's OK if we do though....we'll fight the good fight!
C:\Documents and Settings\Christopher\Desktop\Kaspersky report My Computer.html
Wednesday, April 05, 2006 2:09:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/04/2006
Kaspersky Anti-Virus database records: 175139
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 89215
Number of viruses found 28
Number of infected objects 79
Number of suspicious objects 0
Duration of the scan process 01:17:12
Infected Object Name Virus Name Last Action
C:\328520.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\ac2_0003.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\f10959328.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\f4240109.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\f4433500.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\FT_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\FT_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\FT_SilentSudokuInstaller.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\SC_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\SC_SudokuInstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\Setup93.exe NSIS: infected - 4 skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\win.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Christopher\Local Settings\Temp\win.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\0HUJ0XEN\rcverlib[3].exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\8PIF0H6V\rcverlib[1].exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\Christopher\Local Settings\Temporary Internet Files\Content.IE5\CXIFK567\rcverlib[1].exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\drsmartload46a.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\installerwnus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\sk02.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001110.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001111.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001112.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001355.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001356.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001360.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001363.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001367.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001368.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001372.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001373.exe Infected: Trojan.Win32.Runner.h skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001374.exe Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001375.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001376.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001377.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001378.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001381.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001382.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001383.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001384.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001385.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001386.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001387.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001388.exe Infected: Exploit.HTML.ObjData skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001390.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001391.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001392.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Veracruz.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Veracruz.exe NSIS: infected - 2 skipped
C:\WINDOWS\bu7dyo4f.exe Infected: Trojan-Downloader.Win32.Small.afi skipped
C:\WINDOWS\CheckS02.exe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\DHU.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\DHU.exe NSIS: infected - 1 skipped
C:\WINDOWS\errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\WINDOWS\mousepad7.exe Infected: Trojan.Win32.VB.ali skipped
C:\WINDOWS\pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\pf78bb.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\cthjr.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\SYSTEM32\dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\WINDOWS\SYSTEM32\drsmartload482a.exe Infected: Trojan-Downloader.Win32.Adload.af skipped
C:\WINDOWS\SYSTEM32\installer.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\w043e50a.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\WINDOWS\SYSTEM32\Win3.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\SYSTEM32\Win3.exe NSIS: infected - 1 skipped
C:\WINDOWS\YazzleBundle-1119.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\YazzleBundle-1119.exe NSIS: infected - 1 skipped
C:\WINDOWS\ѕуstem32\fast.exe Infected: Trojan-Downloader.Win32.PurityScan.cc skipped
Scan process completed.
Wednesday, April 05, 2006 12:21:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 5/04/2006
Kaspersky Anti-Virus database records: 175139
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 18554
Number of viruses found 14
Number of infected objects 38
Number of suspicious objects 0
Duration of the scan process 00:20:06
Infected Object Name Virus Name Last Action
C:\WINDOWS\bu7dyo4f.exe Infected: Trojan-Downloader.Win32.Small.afi skipped
C:\WINDOWS\CheckS02.exe Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\DHU.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\DHU.exe NSIS: infected - 1 skipped
C:\WINDOWS\errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\WINDOWS\mousepad7.exe Infected: Trojan.Win32.VB.ali skipped
C:\WINDOWS\pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\pf78bb.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\cthjr.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\SYSTEM32\dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\WINDOWS\SYSTEM32\drsmartload482a.exe Infected: Trojan-Downloader.Win32.Adload.af skipped
C:\WINDOWS\SYSTEM32\installer.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\SYSTEM32\Setup94.exe NSIS: infected - 4 skipped
C:\WINDOWS\SYSTEM32\w043e50a.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\WINDOWS\SYSTEM32\Win3.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\SYSTEM32\Win3.exe NSIS: infected - 1 skipped
C:\WINDOWS\YazzleBundle-1119.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\YazzleBundle-1119.exe NSIS: infected - 1 skipped
C:\WINDOWS\ѕуstem32\fast.exe Infected: Trojan-Downloader.Win32.PurityScan.cc skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\f10959328.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\f4240109.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\f4433500.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\FT_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\FT_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\FT_SilentSudokuInstaller.exe NSIS: infected - 2 skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\SC_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\SC_SudokuInstaller.exe NSIS: infected - 1 skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Setup93.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Setup93.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Setup93.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Setup93.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Setup93.exe NSIS: infected - 4 skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\win.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\win.exe NSIS: infected - 1 skipped
Scan process completed.
Seems like it's time for us to get our hands dirty
Logfile of HijackThis v1.99.1
Scan saved at 9:37:51 PM, on 4/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\kwinlraf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll (file missing)
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\kwinlraf.exe FI002
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
OK. Let's get to work. First thing I need you to do is to download Ad-Aware from my signature below. Install the program and update it but don't run it yet. Also download Spybot from my signature. Same as before, install it, update it but don't run it yet. Next, follow the instructions below:
Make sure that you can see hidden files and folders:
Next click Start--->Run. In the run box type services.msc. In the windows that appears click on the extended tab at the bottom. Look through the services listed in the right hand pane and find this entry:
Windows Overlay Components
Right click on it and then click stop. Next right click on it again and click properties. In the box that appears is a field in the middle with a pull down arrow to the right. Pull down the arrow and select disabled. Close the services window.
Next run Hijack This and put a check (tick) next to the following entries:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xbqopxk. exe
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsn35.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {6C68175F-D497-F940-CC0C-AE98CE11A4BC} - C:\WINDOWS\system32\pioqahks.dll (file missing)
O2 - BHO: (no name) - {7080A8F0-773A-E2D1-4F5B-2055C432D669} - C:\WINDOWS\yczpdddd.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwkxw.dll
O2 - BHO: (no name) - {A808F557-669A-4C47-C35E-4EA6FEAA39B0} - C:\WINDOWS\System32\knsbdf.dll (file missing)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Search - {3229840A-B635-5B48-CFCF-38DBB600813F} - C:\WINDOWS\yczpdddd.dll (file missing)
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\kwinlraf.exe FI002
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\kwinlraf.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: Shell Extentions - C:\WINDOWS\system32\syobject.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vyxbbcq.exe (file missing)
Close all other browsers/windows and click Fix Checked. Close Hijack This.
Next restart the PC in safe mode. Do this by rebooting and then repeatedly tapping the F8 key. Keep tapping the F8 key until the advanced boot options menu appears. Scroll to the top choice which is safe mode then press enter. Your PC will now boot into safe mode just like we did in the Ewido Scan.
Now using Windows Explorer please delete the following (do not worry if you can't find one, just move on to the next):
C:\WINDOWS\system32\ngjkf.exe<----This file.
C:\WINDOWS\system32\xbqopxk. exe<----This file.
C:\WINDOWS\system32\nsn35.dll<----This file.
C:\WINDOWS\system32\pioqahks.dll<----This file.
C:\WINDOWS\yczpdddd.dll<----This file.
C:\WINDOWS\system32\irsmwkxw.dll<----This file.
C:\WINDOWS\System32\knsbdf.dll<----This file.
C:\WINDOWS\SYSTEM32\kwinlraf.exeThis file.
C:\WINDOWS\SYSTEM32\dwdsregt.exe<----This file.
C:\WINDOWS\system32\syobject.dll<----This file.
C:\WINDOWS\vyxbbcq.exe<----This file.
Next run a full scan with Ad-Aware and Spybot both in safe mode. When you are finished please reboot into normal mode and post a fresh Hijack This log. It is likely we'll have to do more but this should be a good start.
Scan saved at 4:30:46 PM, on 4/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\EQAdvice\EQAdvice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - AppInit_DLLs: Runner.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O20 - AppInit_DLLs: Runner.dll
Close all other browsers/windows and click Fix Checked. If an error screen appears please disregard it.
I need you to download FindQool.zip from here:
http://downloads.subratam.org/Lon/FindQool.zip
Please extract the program to the root C:\ directory. Open the folder and run Qlocate.bat. Please post the log that this program generates.
.....
C:\WINDOWS\system32\AUTOEXEC.NT not there
.....
End check for missing files
.....
VXD Check "vdd REG_MULTI_SZ \0"
SteelWerX Registry Console Tool 1.0
Written by Bobbi Flekman ゥ 2005
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\virtualdevicedrivers
vdd REG_MULTI_SZ \0
.....
End vxd check
Please post this in the forum
Scan saved at 5:13:56 AM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
Close any other browsers/windows and click Fix Checked. Close Hijack This. Next use Windows Explorer to delete the following:
C:\WINDOWS\system32\ngjkf.exe<----This file.
C:\WINDOWS\SYSTEM32\xbqopxk. exe<----This file.
C:\WINDOWS\system32\dmonwv.dll<----This file.
In addition to using Windows Explorer also use the Windows Search feature to search for the above files. Be sure to look in hidden folders as well. If found delete every instance of them. When finished please reboot and post a fresh Hijack This log.
Logfile of HijackThis v1.99.1
Scan saved at 6:02:05 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Copy the following text into notepad:
Save the file to your desktop as qoolfix.reg. Make sure to save it as all files in the file type field.
Next please double click on the file we just made. It will ask you if you want to allow this file to merge with the registry. Click OK to allow this action.
After this please run Hijack This again and put a check (tick) next to the following:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
Close all other browsers/windows and click Fix Checked.
Next reboot into safe mode and do a search for the following files:
ngjkf.exe
xbqopxk. exe
Delete every instance you find of these.
Next empty your recycle bin.
Reboot the PC and post a fresh Hijack This log.
Scan saved at 5:50:08 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Install the program to your desktop. Open the program by double clicking. When the program opens select the radio button thay says delete on reboot. Next copy and paste the full path of the file below into the box:
C:\WINDOWS\system32\ngjkf.exe
Once you've done that click on the button with the red circle with the white X in the center, then click exit. If your computer doesn't reboot by itself please reboot it manually. When the PC start back up run Hijack This again and put a check (tick) next to the following entries (do not worry if the first one is gone):
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
Close all other browsers/windows and click Fix Checked.
Reboot the PC into safe mode and use the Windows Search utility to search for the following file:
xbqopxk. exe
Delete every instance that you find.
Reboot into normal mode and run Hijack This again. If the following line is still there fix it with Hijack This:
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
If the line is gone just post another log. If you had to fix with Hijack This please reboot again. In either case post a fresh Hijack This log when finished.
Logfile of HijackThis v1.99.1
Scan saved at 12:11:17 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
For some reason, the "xbqopxk. exe" files wouldn't come up on search at all even if search hidden files is checked.
Next thing to do is to double click the qoolfix.reg file we made earlier. Allow the file to merge with the registry. Next open killbox and this time highlight the radio button that says standard file kill. Copy and paste this path into the killbox:
C:\WINDOWS\system32\ngjkf.exe
Press the button with the white X and then click exit. If it gives you an error message of some kind then do the same thing again except this time select the delete on reboot radio button.
After that run Hijack This while still in safe mode and have the program fix the following entries:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
Reboot the PC and run Hijack This again. Look for those entries. If they are still there then try to fix with Hijack This. In either case post a fresh log after your efforts.
If this doesn't work we will have to use killbox again except this time we'll have to ask it to kill files and end the explorer shell at the same time. We'll get it out eventually.
Logfile of HijackThis v1.99.1
Scan saved at 7:26:50 AM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
C:\findqool
That would be the directory and then within that directory the file qlocate.bat should be present. We may have to use it again so I want to make sure it's in the right place. Now follow the instructions below to see if this will kill this thing:
Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:
C:\WINDOWS\system32\ngjkf.exe
C:\WINDOWS\system32\xbqopxk. exe
Once the PC restarts run Hijack This again and fix the lines below if present:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk. exe
Post another Hijack This log when finished. This infection is a Qoologic infection that can, as you are aware of right now, be somewhat difficult to remove because it requires a very precise method to kill these files. If this method fails there is one more to try. Hang in there with me and we'll get it.
Seems like we are up to our last method
Logfile of HijackThis v1.99.1
Scan saved at 12:42:10 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ngjkf.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,xbqopxk.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Thank you again for spending your time trying to fix my PC