[inactive]pleas help me i have the proj1 virus
halo2_god
New York state
Logfile of HijackThis v1.99.1
Scan saved at 1:25:05 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\aol\1121838437\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,qsdimlk.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {07389CA5-44DB-0C5E-33AF-F0DA5451BAB7} - C:\WINDOWS\system32\vxxdjfao.dll
O2 - BHO: (no name) - {0A1581AA-EB9A-6E66-2EEA-52FE4AC13278} - C:\WINDOWS\system32\gciirwur.dll
O2 - BHO: (no name) - {1A39FBDB-FAFF-A350-3E14-F7A1DC10D56D} - (no file)
O2 - BHO: (no name) - {1B5FC7D1-856F-F2EC-4993-1A83985518D5} - (no file)
O2 - BHO: (no name) - {37E0143D-C110-C4F6-1CAF-9B1FC09388DE} - C:\WINDOWS\system32\jtaahhrv.dll
O2 - BHO: (no name) - {3A3C995F-9C90-620A-0F57-D0A0AE36BE75} - C:\WINDOWS\system32\mwcnikgh.dll
O2 - BHO: (no name) - {43980379-5A77-8214-736A-1A7F85D20B02} - C:\WINDOWS\system32\lzwidprm.dll
O2 - BHO: (no name) - {4DB8043C-408D-C20C-69F9-0DF933855F2F} - C:\WINDOWS\system32\rwntcgxx.dll
O2 - BHO: (no name) - {4F806A66-D942-27B8-A7FF-8C59BD0FBA5D} - C:\WINDOWS\system32\mgwbmiek.dll
O2 - BHO: (no name) - {5650cded-2cc2-4048-9c52-9a839509b03b} - C:\WINDOWS\system32\mllvid.dll
O2 - BHO: (no name) - {603ADC6C-FA75-4359-2C75-8B09474554B3} - (no file)
O2 - BHO: (no name) - {605603AA-5B0D-3046-C1A0-46B9F00DC54D} - (no file)
O2 - BHO: (no name) - {6AFC1A49-C7F9-9F63-87F2-69D30BAE9523} - (no file)
O2 - BHO: (no name) - {72D37AFD-40C0-217C-E055-B52A5D6910AD} - (no file)
O2 - BHO: (no name) - {806482D1-8D20-8AD4-4762-D33EF2A7B16D} - (no file)
O2 - BHO: (no name) - {807E1415-3F29-AD1A-5E52-F0A394D7FA87} - (no file)
O2 - BHO: (no name) - {841CF6F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {842C08F3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {844CFEF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {846CC7F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {848CEFEF-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {849C9EF2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {84A0D9C6-2133-D93F-6D4B-B10A77C18B4B} - (no file)
O2 - BHO: (no name) - {84AC7EF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {8AEEA103-F31C-B8D6-46ED-5607E705D85D} - C:\WINDOWS\system32\flqnzkra.dll
O2 - BHO: (no name) - {90F40961-6129-8955-A5DD-B9DBBC53800D} - (no file)
O2 - BHO: (no name) - {99150B3F-2555-B63B-F00D-A10EE8D52F34} - (no file)
O2 - BHO: (no name) - {9AD1459A-4F97-C1CC-1FD7-4779B355027B} - C:\WINDOWS\system32\qgdnxkyn.dll
O2 - BHO: (no name) - {A3BC44B8-F568-D830-7CF0-52D65D1F5CDF} - (no file)
O2 - BHO: (no name) - {ACCE14C3-7624-7899-F1AA-9A9A8E645178} - C:\WINDOWS\system32\ebarfwct.dll
O2 - BHO: (no name) - {ACE95B6D-A1A6-49BF-333C-813C25BC64BF} - C:\WINDOWS\system32\kkhxmojh.dll
O2 - BHO: (no name) - {B522B51D-CAF2-7DCF-559B-9DD673EC5883} - (no file)
O2 - BHO: (no name) - {B8711B9A-0E5A-4415-4ED7-A049F7A1B7D3} - (no file)
O2 - BHO: (no name) - {B998D7F5-0217-A9BD-94AA-558D6D69D42E} - (no file)
O2 - BHO: (no name) - {BA82498A-7FB9-23B0-B5C7-F23C83F756FB} - C:\WINDOWS\system32\bpfaipvj.dll
O2 - BHO: (no name) - {C8B788E7-0CFD-72BB-8E59-7DD7B6C57DB2} - (no file)
O2 - BHO: (no name) - {CBDA5522-BEF6-8C19-3471-DDFF248A4946} - (no file)
O2 - BHO: (no name) - {CEAC6319-458A-83FC-59CF-E3285DF68390} - C:\WINDOWS\system32\ixawimst.dll
O2 - BHO: (no name) - {D3149679-1F6E-1334-86F5-A3E7AB8A1C0C} - C:\WINDOWS\system32\lupzgifu.dll
O2 - BHO: (no name) - {DB0A5A06-F441-7D6A-E18F-AEF1BA801D50} - (no file)
O2 - BHO: (no name) - {DC758241-D26D-C272-4584-B7C671A57D21} - C:\WINDOWS\system32\prwtckng.dll
O2 - BHO: (no name) - {E3CC6BB5-82EA-9545-CD1C-AC3FE2A0EDB0} - (no file)
O2 - BHO: (no name) - {F09913F2-C2D0-1502-B570-B74EF9DABDA9} - (no file)
O2 - BHO: (no name) - {F0F8FBFE-FC29-B9F1-48D0-C7DAFA0EC1B5} - (no file)
O2 - BHO: (no name) - {F12C443D-05E1-899D-3D97-25047B1F08B6} - (no file)
O2 - BHO: (no name) - {F8ABD9B6-7C33-64C5-9B5B-8BCE6629EC3F} - C:\WINDOWS\system32\mhyltzsx.dll
O2 - BHO: (no name) - {FC187ECD-1DF0-78B6-32BF-F280F435F18C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Comedy-Planet] C:\Program Files\Comedy-Planet\comedy-planet.exe
O4 - HKLM\..\Run: [sncuxpaw] C:\WINDOWS\system32\sncuxpaw.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [fdelpmnt] C:\WINDOWS\system32\fdelpmnt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ewd2efe1] RUNDLL32.EXE w81e9966.dll,n 0052efdc0000000381e9966
O4 - HKLM\..\Run: [Configuration Manager]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [lcqtd] C:\WINDOWS\system32\pofbcg.exe reg_run
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149431802984
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\sylogcfg.dll (file missing)
O20 - Winlogon Notify: mllvid - C:\WINDOWS\SYSTEM32\mllvid.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: wvtgvxeopaeo (6) - Unknown owner - C:\WINDOWS\system32\6.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Scan saved at 1:25:05 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\Program Files\AIM\aim.exe
c:\program files\common files\aol\1121838437\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,qsdimlk.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {07389CA5-44DB-0C5E-33AF-F0DA5451BAB7} - C:\WINDOWS\system32\vxxdjfao.dll
O2 - BHO: (no name) - {0A1581AA-EB9A-6E66-2EEA-52FE4AC13278} - C:\WINDOWS\system32\gciirwur.dll
O2 - BHO: (no name) - {1A39FBDB-FAFF-A350-3E14-F7A1DC10D56D} - (no file)
O2 - BHO: (no name) - {1B5FC7D1-856F-F2EC-4993-1A83985518D5} - (no file)
O2 - BHO: (no name) - {37E0143D-C110-C4F6-1CAF-9B1FC09388DE} - C:\WINDOWS\system32\jtaahhrv.dll
O2 - BHO: (no name) - {3A3C995F-9C90-620A-0F57-D0A0AE36BE75} - C:\WINDOWS\system32\mwcnikgh.dll
O2 - BHO: (no name) - {43980379-5A77-8214-736A-1A7F85D20B02} - C:\WINDOWS\system32\lzwidprm.dll
O2 - BHO: (no name) - {4DB8043C-408D-C20C-69F9-0DF933855F2F} - C:\WINDOWS\system32\rwntcgxx.dll
O2 - BHO: (no name) - {4F806A66-D942-27B8-A7FF-8C59BD0FBA5D} - C:\WINDOWS\system32\mgwbmiek.dll
O2 - BHO: (no name) - {5650cded-2cc2-4048-9c52-9a839509b03b} - C:\WINDOWS\system32\mllvid.dll
O2 - BHO: (no name) - {603ADC6C-FA75-4359-2C75-8B09474554B3} - (no file)
O2 - BHO: (no name) - {605603AA-5B0D-3046-C1A0-46B9F00DC54D} - (no file)
O2 - BHO: (no name) - {6AFC1A49-C7F9-9F63-87F2-69D30BAE9523} - (no file)
O2 - BHO: (no name) - {72D37AFD-40C0-217C-E055-B52A5D6910AD} - (no file)
O2 - BHO: (no name) - {806482D1-8D20-8AD4-4762-D33EF2A7B16D} - (no file)
O2 - BHO: (no name) - {807E1415-3F29-AD1A-5E52-F0A394D7FA87} - (no file)
O2 - BHO: (no name) - {841CF6F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {842C08F3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {844CFEF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {846CC7F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {848CEFEF-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {849C9EF2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {84A0D9C6-2133-D93F-6D4B-B10A77C18B4B} - (no file)
O2 - BHO: (no name) - {84AC7EF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {8AEEA103-F31C-B8D6-46ED-5607E705D85D} - C:\WINDOWS\system32\flqnzkra.dll
O2 - BHO: (no name) - {90F40961-6129-8955-A5DD-B9DBBC53800D} - (no file)
O2 - BHO: (no name) - {99150B3F-2555-B63B-F00D-A10EE8D52F34} - (no file)
O2 - BHO: (no name) - {9AD1459A-4F97-C1CC-1FD7-4779B355027B} - C:\WINDOWS\system32\qgdnxkyn.dll
O2 - BHO: (no name) - {A3BC44B8-F568-D830-7CF0-52D65D1F5CDF} - (no file)
O2 - BHO: (no name) - {ACCE14C3-7624-7899-F1AA-9A9A8E645178} - C:\WINDOWS\system32\ebarfwct.dll
O2 - BHO: (no name) - {ACE95B6D-A1A6-49BF-333C-813C25BC64BF} - C:\WINDOWS\system32\kkhxmojh.dll
O2 - BHO: (no name) - {B522B51D-CAF2-7DCF-559B-9DD673EC5883} - (no file)
O2 - BHO: (no name) - {B8711B9A-0E5A-4415-4ED7-A049F7A1B7D3} - (no file)
O2 - BHO: (no name) - {B998D7F5-0217-A9BD-94AA-558D6D69D42E} - (no file)
O2 - BHO: (no name) - {BA82498A-7FB9-23B0-B5C7-F23C83F756FB} - C:\WINDOWS\system32\bpfaipvj.dll
O2 - BHO: (no name) - {C8B788E7-0CFD-72BB-8E59-7DD7B6C57DB2} - (no file)
O2 - BHO: (no name) - {CBDA5522-BEF6-8C19-3471-DDFF248A4946} - (no file)
O2 - BHO: (no name) - {CEAC6319-458A-83FC-59CF-E3285DF68390} - C:\WINDOWS\system32\ixawimst.dll
O2 - BHO: (no name) - {D3149679-1F6E-1334-86F5-A3E7AB8A1C0C} - C:\WINDOWS\system32\lupzgifu.dll
O2 - BHO: (no name) - {DB0A5A06-F441-7D6A-E18F-AEF1BA801D50} - (no file)
O2 - BHO: (no name) - {DC758241-D26D-C272-4584-B7C671A57D21} - C:\WINDOWS\system32\prwtckng.dll
O2 - BHO: (no name) - {E3CC6BB5-82EA-9545-CD1C-AC3FE2A0EDB0} - (no file)
O2 - BHO: (no name) - {F09913F2-C2D0-1502-B570-B74EF9DABDA9} - (no file)
O2 - BHO: (no name) - {F0F8FBFE-FC29-B9F1-48D0-C7DAFA0EC1B5} - (no file)
O2 - BHO: (no name) - {F12C443D-05E1-899D-3D97-25047B1F08B6} - (no file)
O2 - BHO: (no name) - {F8ABD9B6-7C33-64C5-9B5B-8BCE6629EC3F} - C:\WINDOWS\system32\mhyltzsx.dll
O2 - BHO: (no name) - {FC187ECD-1DF0-78B6-32BF-F280F435F18C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Comedy-Planet] C:\Program Files\Comedy-Planet\comedy-planet.exe
O4 - HKLM\..\Run: [sncuxpaw] C:\WINDOWS\system32\sncuxpaw.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [fdelpmnt] C:\WINDOWS\system32\fdelpmnt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ewd2efe1] RUNDLL32.EXE w81e9966.dll,n 0052efdc0000000381e9966
O4 - HKLM\..\Run: [Configuration Manager]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [lcqtd] C:\WINDOWS\system32\pofbcg.exe reg_run
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149431802984
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\sylogcfg.dll (file missing)
O20 - Winlogon Notify: mllvid - C:\WINDOWS\SYSTEM32\mllvid.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: wvtgvxeopaeo (6) - Unknown owner - C:\WINDOWS\system32\6.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
This discussion has been closed.
Comments
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Post back with the combofix log and a fresh Hijack This log.
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Patrick\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{F31E878C-355C-4EF3-8BCC-89650F9CC764}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F31E878C-355C-4EF3-8BCC-89650F9CC764}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F31E878C-355C-4EF3-8BCC-89650F9CC764}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F31E878C-355C-4EF3-8BCC-89650F9CC764}\InprocServer32]
@="C:\\WINDOWS\\system32\\sylogcfg.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-01 08:11 142 ojlhs.dll.qoo
06-10-01 08:10 53 vqqvol.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\Duce6.exe
C:\dfndrff_e19.exe
C:\drsmartload.exe
C:\drsmartload45a45a45p.exe
C:\deskbar.exe
C:\deskbar_e18.exe
C:\deskbar_e19.exe
C:\kybrdff_e19.exe
C:\nwnmff_e19.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))
2006-10-01 08:15 32,768 --a
C:\WINDOWS\zootxeyh.exe
2006-10-01 08:11 147,456 --a
C:\InstallerC.exe
2006-10-01 08:11 1,233 --a
C:\WINDOWS\system32\ewd2efe1.sys
2006-10-01 08:10 367,616 --a
C:\919_133.exe
2006-10-01 08:10 339,968 --a
C:\921_135.exe
2006-10-01 08:10 307,824 -r-hs---- C:\WINDOWS\ypxswxoA.exe
2006-10-01 08:10 217,276 --a
C:\WINDOWS\srveytjaxo.exe
2006-10-01 08:10 183,478 --a
C:\WINDOWS\srvrjmfotn.exe
2006-10-01 08:10 1,118,784 -r-hs---- C:\WINDOWS\ypxswxo.exe
2006-09-26 13:07 77,824 --a
C:\WINDOWS\system32\driverif.dll
2006-09-26 13:07 75,776 --a
C:\WINDOWS\zllsputility.exe
2006-09-26 13:07 733,236 --a
C:\WINDOWS\system32\vete.dll
2006-09-26 13:07 541,733 --a
C:\WINDOWS\system32\drivers\vetmonnt.sys
2006-09-26 13:07 21,605 --a
C:\WINDOWS\system32\drivers\vet-filt.sys
2006-09-26 13:07 15,668 --a
C:\WINDOWS\system32\drivers\vet-rec.sys
2006-09-26 13:07 12,288 --a
C:\WINDOWS\system32\vetntmsg.dll
2006-09-26 13:07 11,264 --a
C:\WINDOWS\system32\SpOrder.dll
2006-09-26 13:07 108,453 --a
C:\WINDOWS\system32\drivers\vetfddnt.sys
2006-09-15 14:21 53,248 --a
C:\WINDOWS\uninst108.exe
2006-09-15 14:16 53,248 --a
C:\WINDOWS\uni_e6h.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-05 18:17
d
C:\Program Files\Yahoo!
2006-10-05 14:20
d
C:\Program Files\Common Files
2006-10-02 08:32
d
C:\Program Files\CCleaner
2006-10-01 20:41
d
C:\Program Files\PSDream
2006-10-01 08:12
d
C:\Program Files\PartyPoker
2006-09-29 22:16
d
C:\Program Files\World of Warcraft
2006-09-29 16:25
d
C:\Program Files\Google
2006-09-26 15:50
d
C:\Documents and Settings\Patrick\Application Data\Yahoo!
2006-09-26 15:08
d
C:\Program Files\WildTangent
2006-09-26 15:08
d
C:\Program Files\Common Files\Oem Common
2006-09-26 15:01
d
C:\Documents and Settings\Patrick\Application Data\MailFrontier
2006-09-26 13:07
d
C:\Program Files\Zone Labs
2006-09-26 13:00
d
C:\Documents and Settings\Patrick\Application Data\Google
2006-09-24 20:29 138624 --a
C:\WINDOWS\system32\mod.dll
2006-09-24 20:29 124416 --a
C:\WINDOWS\system32\npmod32.dll
2006-09-24 07:58
d
C:\Program Files\Internet Explorer
2006-09-24 07:54
d
C:\Program Files\Outlook Express
2006-09-24 07:54
d
C:\Program Files\Common Files\System
2006-09-23 21:55
d
C:\Program Files\Cheat Engine
2006-09-23 19:18
d
C:\Program Files\Symantec
2006-09-23 19:18
d
C:\Program Files\Norton AntiVirus
2006-09-15 22:52 91904 --a
C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:52 124016 --a
C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-08-21 05:21 16896 --a
C:\WINDOWS\system32\fltlib.dll
2006-08-21 02:14 23040 --a
C:\WINDOWS\system32\fltmc.exe
2006-08-21 02:14 128896 --a
C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-27 06:24 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-07-21 01:24 72704 --a
C:\WINDOWS\system32\hlink.dll
2006-07-20 12:24 14872 --a
C:\WINDOWS\system32\SBBD.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"DXDllRegExe"="dxdllreg.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"Comedy-Planet"="C:\\Program Files\\Comedy-Planet\\comedy-planet.exe"
"sncuxpaw"="C:\\WINDOWS\\system32\\sncuxpaw.exe"
"Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
"fdelpmnt"="C:\\WINDOWS\\system32\\fdelpmnt.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1121838437\\ee\\AOLHostManager.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Optimum Online net guide"="\"C:\\Program Files\\Optimum Online\\Netsurf.exe\" -trayicon"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"ewd2efe1"="RUNDLL32.EXE w81e9966.dll,n 0052efdc0000000381e9966"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,ed,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllvid
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - mcnichoj.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-10-05 18:41:10.56
ComboFix.txt
Scan saved at 22:43, on 06-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cscript.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1121838437\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Patrick\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {07389CA5-44DB-0C5E-33AF-F0DA5451BAB7} - C:\WINDOWS\system32\vxxdjfao.dll
O2 - BHO: (no name) - {0A1581AA-EB9A-6E66-2EEA-52FE4AC13278} - C:\WINDOWS\system32\gciirwur.dll
O2 - BHO: (no name) - {1A39FBDB-FAFF-A350-3E14-F7A1DC10D56D} - (no file)
O2 - BHO: (no name) - {1B5FC7D1-856F-F2EC-4993-1A83985518D5} - (no file)
O2 - BHO: (no name) - {37E0143D-C110-C4F6-1CAF-9B1FC09388DE} - C:\WINDOWS\system32\jtaahhrv.dll
O2 - BHO: (no name) - {3A3C995F-9C90-620A-0F57-D0A0AE36BE75} - C:\WINDOWS\system32\mwcnikgh.dll
O2 - BHO: (no name) - {43980379-5A77-8214-736A-1A7F85D20B02} - C:\WINDOWS\system32\lzwidprm.dll
O2 - BHO: (no name) - {4DB8043C-408D-C20C-69F9-0DF933855F2F} - C:\WINDOWS\system32\rwntcgxx.dll
O2 - BHO: (no name) - {4F806A66-D942-27B8-A7FF-8C59BD0FBA5D} - C:\WINDOWS\system32\mgwbmiek.dll
O2 - BHO: (no name) - {5650cded-2cc2-4048-9c52-9a839509b03b} - C:\WINDOWS\system32\mllvid.dll
O2 - BHO: (no name) - {603ADC6C-FA75-4359-2C75-8B09474554B3} - (no file)
O2 - BHO: (no name) - {605603AA-5B0D-3046-C1A0-46B9F00DC54D} - (no file)
O2 - BHO: (no name) - {6AFC1A49-C7F9-9F63-87F2-69D30BAE9523} - (no file)
O2 - BHO: (no name) - {72D37AFD-40C0-217C-E055-B52A5D6910AD} - (no file)
O2 - BHO: (no name) - {806482D1-8D20-8AD4-4762-D33EF2A7B16D} - (no file)
O2 - BHO: (no name) - {807E1415-3F29-AD1A-5E52-F0A394D7FA87} - (no file)
O2 - BHO: (no name) - {841CF6F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {842C08F3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {844CFEF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {846CC7F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {848CEFEF-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {849C9EF2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {84A0D9C6-2133-D93F-6D4B-B10A77C18B4B} - (no file)
O2 - BHO: (no name) - {84AC7EF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {8AEEA103-F31C-B8D6-46ED-5607E705D85D} - C:\WINDOWS\system32\flqnzkra.dll
O2 - BHO: (no name) - {90F40961-6129-8955-A5DD-B9DBBC53800D} - (no file)
O2 - BHO: (no name) - {99150B3F-2555-B63B-F00D-A10EE8D52F34} - (no file)
O2 - BHO: (no name) - {9AD1459A-4F97-C1CC-1FD7-4779B355027B} - C:\WINDOWS\system32\qgdnxkyn.dll
O2 - BHO: (no name) - {A3BC44B8-F568-D830-7CF0-52D65D1F5CDF} - (no file)
O2 - BHO: (no name) - {ACCE14C3-7624-7899-F1AA-9A9A8E645178} - C:\WINDOWS\system32\ebarfwct.dll
O2 - BHO: (no name) - {ACE95B6D-A1A6-49BF-333C-813C25BC64BF} - C:\WINDOWS\system32\kkhxmojh.dll
O2 - BHO: (no name) - {B522B51D-CAF2-7DCF-559B-9DD673EC5883} - (no file)
O2 - BHO: (no name) - {B8711B9A-0E5A-4415-4ED7-A049F7A1B7D3} - (no file)
O2 - BHO: (no name) - {B998D7F5-0217-A9BD-94AA-558D6D69D42E} - (no file)
O2 - BHO: (no name) - {BA82498A-7FB9-23B0-B5C7-F23C83F756FB} - C:\WINDOWS\system32\bpfaipvj.dll
O2 - BHO: (no name) - {C8B788E7-0CFD-72BB-8E59-7DD7B6C57DB2} - (no file)
O2 - BHO: (no name) - {CBDA5522-BEF6-8C19-3471-DDFF248A4946} - (no file)
O2 - BHO: (no name) - {CEAC6319-458A-83FC-59CF-E3285DF68390} - C:\WINDOWS\system32\ixawimst.dll
O2 - BHO: (no name) - {D3149679-1F6E-1334-86F5-A3E7AB8A1C0C} - C:\WINDOWS\system32\lupzgifu.dll
O2 - BHO: (no name) - {DB0A5A06-F441-7D6A-E18F-AEF1BA801D50} - (no file)
O2 - BHO: (no name) - {DC758241-D26D-C272-4584-B7C671A57D21} - C:\WINDOWS\system32\prwtckng.dll
O2 - BHO: (no name) - {E3CC6BB5-82EA-9545-CD1C-AC3FE2A0EDB0} - (no file)
O2 - BHO: (no name) - {F09913F2-C2D0-1502-B570-B74EF9DABDA9} - (no file)
O2 - BHO: (no name) - {F0F8FBFE-FC29-B9F1-48D0-C7DAFA0EC1B5} - (no file)
O2 - BHO: (no name) - {F12C443D-05E1-899D-3D97-25047B1F08B6} - (no file)
O2 - BHO: (no name) - {F8ABD9B6-7C33-64C5-9B5B-8BCE6629EC3F} - C:\WINDOWS\system32\mhyltzsx.dll
O2 - BHO: (no name) - {FC187ECD-1DF0-78B6-32BF-F280F435F18C} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Comedy-Planet] C:\Program Files\Comedy-Planet\comedy-planet.exe
O4 - HKLM\..\Run: [sncuxpaw] C:\WINDOWS\system32\sncuxpaw.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [fdelpmnt] C:\WINDOWS\system32\fdelpmnt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ewd2efe1] RUNDLL32.EXE w81e9966.dll,n 0052efdc0000000381e9966
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149431802984
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: mllvid - C:\WINDOWS\SYSTEM32\mllvid.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: wvtgvxeopaeo (6) - Unknown owner - C:\WINDOWS\system32\6.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
The specified module could not be found." than there is an ok button irhgt below the text i dont know if its bad or not but i thought i should let you know
so just tell as much as you can while your on cause im only gonna be on for 2hrs thanks lots
Please download VundoFix.exe to your desktop.
I'm sorry but I will need to see those logs before we can start fixing entries with Hijack This.
Error Loading W81e9966.dll
The specified mpdule could not be found.
ok
Scan saved at 11:03, on 06-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Optimum Online\Netsurf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1121838437\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1121838437\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Patrick\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: (no name) - {07389CA5-44DB-0C5E-33AF-F0DA5451BAB7} - C:\WINDOWS\system32\vxxdjfao.dll
O2 - BHO: (no name) - {0A1581AA-EB9A-6E66-2EEA-52FE4AC13278} - C:\WINDOWS\system32\gciirwur.dll
O2 - BHO: (no name) - {1A39FBDB-FAFF-A350-3E14-F7A1DC10D56D} - (no file)
O2 - BHO: (no name) - {1B5FC7D1-856F-F2EC-4993-1A83985518D5} - (no file)
O2 - BHO: (no name) - {37E0143D-C110-C4F6-1CAF-9B1FC09388DE} - C:\WINDOWS\system32\jtaahhrv.dll
O2 - BHO: (no name) - {3A3C995F-9C90-620A-0F57-D0A0AE36BE75} - C:\WINDOWS\system32\mwcnikgh.dll
O2 - BHO: (no name) - {43980379-5A77-8214-736A-1A7F85D20B02} - C:\WINDOWS\system32\lzwidprm.dll
O2 - BHO: (no name) - {4DB8043C-408D-C20C-69F9-0DF933855F2F} - C:\WINDOWS\system32\rwntcgxx.dll
O2 - BHO: (no name) - {4F806A66-D942-27B8-A7FF-8C59BD0FBA5D} - C:\WINDOWS\system32\mgwbmiek.dll
O2 - BHO: (no name) - {5650cded-2cc2-4048-9c52-9a839509b03b} - C:\WINDOWS\system32\mllvid.dll (file missing)
O2 - BHO: (no name) - {603ADC6C-FA75-4359-2C75-8B09474554B3} - (no file)
O2 - BHO: (no name) - {605603AA-5B0D-3046-C1A0-46B9F00DC54D} - (no file)
O2 - BHO: (no name) - {6AFC1A49-C7F9-9F63-87F2-69D30BAE9523} - (no file)
O2 - BHO: (no name) - {72D37AFD-40C0-217C-E055-B52A5D6910AD} - (no file)
O2 - BHO: (no name) - {806482D1-8D20-8AD4-4762-D33EF2A7B16D} - (no file)
O2 - BHO: (no name) - {807E1415-3F29-AD1A-5E52-F0A394D7FA87} - (no file)
O2 - BHO: (no name) - {841CF6F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {842C08F3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {844CFEF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {846CC7F2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {848CEFEF-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {849C9EF2-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {84A0D9C6-2133-D93F-6D4B-B10A77C18B4B} - (no file)
O2 - BHO: (no name) - {84AC7EF3-2C01-5080-0000-000005000000} - (no file)
O2 - BHO: (no name) - {8AEEA103-F31C-B8D6-46ED-5607E705D85D} - C:\WINDOWS\system32\flqnzkra.dll
O2 - BHO: (no name) - {90F40961-6129-8955-A5DD-B9DBBC53800D} - (no file)
O2 - BHO: (no name) - {99150B3F-2555-B63B-F00D-A10EE8D52F34} - (no file)
O2 - BHO: (no name) - {9AD1459A-4F97-C1CC-1FD7-4779B355027B} - C:\WINDOWS\system32\qgdnxkyn.dll
O2 - BHO: (no name) - {A3BC44B8-F568-D830-7CF0-52D65D1F5CDF} - (no file)
O2 - BHO: (no name) - {ACCE14C3-7624-7899-F1AA-9A9A8E645178} - C:\WINDOWS\system32\ebarfwct.dll
O2 - BHO: (no name) - {ACE95B6D-A1A6-49BF-333C-813C25BC64BF} - C:\WINDOWS\system32\kkhxmojh.dll
O2 - BHO: (no name) - {B522B51D-CAF2-7DCF-559B-9DD673EC5883} - (no file)
O2 - BHO: (no name) - {B8711B9A-0E5A-4415-4ED7-A049F7A1B7D3} - (no file)
O2 - BHO: (no name) - {B998D7F5-0217-A9BD-94AA-558D6D69D42E} - (no file)
O2 - BHO: (no name) - {BA82498A-7FB9-23B0-B5C7-F23C83F756FB} - C:\WINDOWS\system32\bpfaipvj.dll
O2 - BHO: (no name) - {C8B788E7-0CFD-72BB-8E59-7DD7B6C57DB2} - (no file)
O2 - BHO: (no name) - {CBDA5522-BEF6-8C19-3471-DDFF248A4946} - (no file)
O2 - BHO: (no name) - {CEAC6319-458A-83FC-59CF-E3285DF68390} - C:\WINDOWS\system32\ixawimst.dll
O2 - BHO: (no name) - {D3149679-1F6E-1334-86F5-A3E7AB8A1C0C} - C:\WINDOWS\system32\lupzgifu.dll
O2 - BHO: (no name) - {DB0A5A06-F441-7D6A-E18F-AEF1BA801D50} - (no file)
O2 - BHO: (no name) - {DC758241-D26D-C272-4584-B7C671A57D21} - C:\WINDOWS\system32\prwtckng.dll
O2 - BHO: (no name) - {E3CC6BB5-82EA-9545-CD1C-AC3FE2A0EDB0} - (no file)
O2 - BHO: (no name) - {F09913F2-C2D0-1502-B570-B74EF9DABDA9} - (no file)
O2 - BHO: (no name) - {F0F8FBFE-FC29-B9F1-48D0-C7DAFA0EC1B5} - (no file)
O2 - BHO: (no name) - {F12C443D-05E1-899D-3D97-25047B1F08B6} - (no file)
O2 - BHO: (no name) - {F8ABD9B6-7C33-64C5-9B5B-8BCE6629EC3F} - C:\WINDOWS\system32\mhyltzsx.dll
O2 - BHO: (no name) - {FC187ECD-1DF0-78B6-32BF-F280F435F18C} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Comedy-Planet] C:\Program Files\Comedy-Planet\comedy-planet.exe
O4 - HKLM\..\Run: [sncuxpaw] C:\WINDOWS\system32\sncuxpaw.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [fdelpmnt] C:\WINDOWS\system32\fdelpmnt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121838437\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Optimum Online net guide] "C:\Program Files\Optimum Online\Netsurf.exe" -trayicon
O4 - HKLM\..\Run: [ewd2efe1] RUNDLL32.EXE w81e9966.dll,n 0052efdc0000000381e9966
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149431802984
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: wvtgvxeopaeo (6) - Unknown owner - C:\WINDOWS\system32\6.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\system32\msupd5.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
C:\VundoFix.txt
Once I see that log we have a lot of work to do with Hijack This and I might ask you to run another Anti-Spyware program.
VundoFix V6.2.2
Checking Java version...
Java version is 1.4.2.3
Java version is 1.5.0.6
Scan started at 10:29:51 06-10-15
Listing files found while scanning....
C:\WINDOWS\system32\mllvid.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllvid.dll
C:\WINDOWS\system32\mllvid.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllvid.dll
C:\WINDOWS\system32\mllvid.dll Has been deleted!
Performing Repairs to the registry.
Done!
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Below are some images to help you out. The one circled in red is the one you want.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Scan done at 20:34:36.18, 06-12-01
Run from C:\Documents and Settings\Patrick\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\keyboard1.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrick\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Download ATF cleaner from here.
Locate ATF Cleaner.exe and open it.
Under Main select the following:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG.AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
______________________________Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
- Click on Scanner on the toolbar.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
______________________________
Please post:
- c:\rapport.txt
- AVG log
- A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum
If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead