Clean up

ChibiBifu

Good morning and I thank you in advance for aiding me in the removal of my Spyware.

Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:12:19 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\web\aolspy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\civimgg.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Impulse\PolicyKey.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [jg] C:\WINDOWS\system32\jg.exe
O4 - HKLM\..\Run: [xydmanfg] C:\WINDOWS\system32\xydmanfg.exe
O4 - HKLM\..\Run: [fwnzywkn] C:\WINDOWS\system32\fwnzywkn.exe
O4 - HKLM\..\Run: [civimgg] C:\WINDOWS\system32\civimgg.exe
O4 - HKLM\..\Run: [zwedwzd] C:\WINDOWS\system32\zwedwzd.exe
O4 - HKLM\..\Run: [aftgxomqtbcx] C:\WINDOWS\system32\aftgxomqtbcx.exe
O4 - HKLM\..\Run: [olpcloupx] C:\WINDOWS\system32\olpcloupx.exe
O4 - HKLM\..\Run: [q] C:\WINDOWS\system32\q.exe
O4 - HKLM\..\Run: [tsvoslvdyegu] C:\WINDOWS\system32\tsvoslvdyegu.exe
O4 - HKLM\..\Run: [mbmhuvxjvyp] C:\WINDOWS\system32\mbmhuvxjvyp.exe
O4 - HKLM\..\Run: [qjzla] C:\WINDOWS\system32\qjzla.exe
O4 - HKLM\..\Run: [a] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\Run: [jzavdb] C:\WINDOWS\system32\jzavdb.exe
O4 - HKLM\..\Run: [seyzesjuojvx] C:\WINDOWS\system32\seyzesjuojvx.exe
O4 - HKLM\..\Run: [eg] C:\WINDOWS\system32\eg.exe
O4 - HKLM\..\Run: [bjzcqgmrksm] C:\WINDOWS\system32\bjzcqgmrksm.exe
O4 - HKLM\..\Run: [gzfpj] C:\WINDOWS\system32\gzfpj.exe
O4 - HKLM\..\Run: [cmksrsmifrcl] C:\WINDOWS\system32\cmksrsmifrcl.exe
O4 - HKLM\..\Run: [jvhymlumoa] C:\WINDOWS\system32\jvhymlumoa.exe
O4 - HKLM\..\Run: [nwknm] C:\WINDOWS\system32\nwknm.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\system32\y.exe
O4 - HKLM\..\Run: [fsgsfm] C:\WINDOWS\system32\fsgsfm.exe
O4 - HKLM\..\Run: [iezxg] C:\WINDOWS\system32\iezxg.exe
O4 - HKLM\..\Run: [au] C:\WINDOWS\system32\au.exe
O4 - HKLM\..\Run: [ntloexiq] C:\WINDOWS\system32\ntloexiq.exe
O4 - HKLM\..\Run: [ciwrazz] C:\WINDOWS\system32\ciwrazz.exe
O4 - HKLM\..\Run: [picaknkhjeay] C:\WINDOWS\system32\picaknkhjeay.exe
O4 - HKLM\..\Run: [oejsswwguxa] C:\WINDOWS\system32\oejsswwguxa.exe
O4 - HKLM\..\Run: [hn] C:\WINDOWS\system32\hn.exe
O4 - HKLM\..\Run: [iepz] C:\WINDOWS\system32\iepz.exe
O4 - HKLM\..\Run: [ixp] C:\WINDOWS\system32\ixp.exe
O4 - HKLM\..\Run: [zlboskwmj] C:\WINDOWS\system32\zlboskwmj.exe
O4 - HKLM\..\Run: [gwghmalslcs] C:\WINDOWS\system32\gwghmalslcs.exe
O4 - HKLM\..\Run: [rc] C:\WINDOWS\system32\rc.exe
O4 - HKLM\..\Run: [sladk] C:\WINDOWS\system32\sladk.exe
O4 - HKLM\..\Run: [o] C:\WINDOWS\system32\o.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\RunServices: [jg] C:\WINDOWS\system32\jg.exe
O4 - HKLM\..\RunServices: [xydmanfg] C:\WINDOWS\system32\xydmanfg.exe
O4 - HKLM\..\RunServices: [fwnzywkn] C:\WINDOWS\system32\fwnzywkn.exe
O4 - HKLM\..\RunServices: [civimgg] C:\WINDOWS\system32\civimgg.exe
O4 - HKLM\..\RunServices: [zwedwzd] C:\WINDOWS\system32\zwedwzd.exe
O4 - HKLM\..\RunServices: [aftgxomqtbcx] C:\WINDOWS\system32\aftgxomqtbcx.exe
O4 - HKLM\..\RunServices: [olpcloupx] C:\WINDOWS\system32\olpcloupx.exe
O4 - HKLM\..\RunServices: [q] C:\WINDOWS\system32\q.exe
O4 - HKLM\..\RunServices: [tsvoslvdyegu] C:\WINDOWS\system32\tsvoslvdyegu.exe
O4 - HKLM\..\RunServices: [mbmhuvxjvyp] C:\WINDOWS\system32\mbmhuvxjvyp.exe
O4 - HKLM\..\RunServices: [qjzla] C:\WINDOWS\system32\qjzla.exe
O4 - HKLM\..\RunServices: [a] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\RunServices: [jzavdb] C:\WINDOWS\system32\jzavdb.exe
O4 - HKLM\..\RunServices: [seyzesjuojvx] C:\WINDOWS\system32\seyzesjuojvx.exe
O4 - HKLM\..\RunServices: [eg] C:\WINDOWS\system32\eg.exe
O4 - HKLM\..\RunServices: [bjzcqgmrksm] C:\WINDOWS\system32\bjzcqgmrksm.exe
O4 - HKLM\..\RunServices: [gzfpj] C:\WINDOWS\system32\gzfpj.exe
O4 - HKLM\..\RunServices: [cmksrsmifrcl] C:\WINDOWS\system32\cmksrsmifrcl.exe
O4 - HKLM\..\RunServices: [jvhymlumoa] C:\WINDOWS\system32\jvhymlumoa.exe
O4 - HKLM\..\RunServices: [nwknm] C:\WINDOWS\system32\nwknm.exe
O4 - HKLM\..\RunServices: [y] C:\WINDOWS\system32\y.exe
O4 - HKLM\..\RunServices: [fsgsfm] C:\WINDOWS\system32\fsgsfm.exe
O4 - HKLM\..\RunServices: [iezxg] C:\WINDOWS\system32\iezxg.exe
O4 - HKLM\..\RunServices: [au] C:\WINDOWS\system32\au.exe
O4 - HKLM\..\RunServices: [ntloexiq] C:\WINDOWS\system32\ntloexiq.exe
O4 - HKLM\..\RunServices: [ciwrazz] C:\WINDOWS\system32\ciwrazz.exe
O4 - HKLM\..\RunServices: [picaknkhjeay] C:\WINDOWS\system32\picaknkhjeay.exe
O4 - HKLM\..\RunServices: [oejsswwguxa] C:\WINDOWS\system32\oejsswwguxa.exe
O4 - HKLM\..\RunServices: [hn] C:\WINDOWS\system32\hn.exe
O4 - HKLM\..\RunServices: [iepz] C:\WINDOWS\system32\iepz.exe
O4 - HKLM\..\RunServices: [ixp] C:\WINDOWS\system32\ixp.exe
O4 - HKLM\..\RunServices: [zlboskwmj] C:\WINDOWS\system32\zlboskwmj.exe
O4 - HKLM\..\RunServices: [gwghmalslcs] C:\WINDOWS\system32\gwghmalslcs.exe
O4 - HKLM\..\RunServices: [rc] C:\WINDOWS\system32\rc.exe
O4 - HKLM\..\RunServices: [sladk] C:\WINDOWS\system32\sladk.exe
O4 - HKLM\..\RunServices: [o] C:\WINDOWS\system32\o.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PolicyKey.lnk = C:\Program Files\Impulse\PolicyKey.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146318712046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Anti-Spyware Service (AOL_SpywareServ) - Unknown owner - C:\WINDOWS\web\aolspy.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Print Spooler Service (euouyeitpp3y) - Unknown owner - C:\WINDOWS\system32\gpp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Baabiouz

Hi!

What firewall do you use?

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

ChibiBifu

Unfortunately, I do not use a FireWall. I haven't been able to find a good one. Can you recommend one?

As for my logs

ComboFix 07-08-09.3 - "Christopher" 2007-08-12 8:48:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.932.81.1033.18.160 [GMT -4:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\e.exe
C:\WINDOWS\system32\g.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\o.exe
C:\WINDOWS\system32\q.exe
C:\WINDOWS\system32\y.exe


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 05:43 95,232 --a

---

C:\WINDOWS\SYSTEM32\khkqosyttiuj.exe
2007-08-11 20:12 119,808 --a

---

C:\WINDOWS\SYSTEM32\ozmruv.exe
2007-08-11 16:26 148,480 --a

---

C:\WINDOWS\SYSTEM32\lnqgimz.exe
2007-08-11 16:15 148,480 --a

---

C:\WINDOWS\SYSTEM32\zook.exe
2007-08-10 15:02 140,288 --a

---

C:\WINDOWS\SYSTEM32\ypdq.exe
2007-08-10 12:29 82,944 --a

---

C:\WINDOWS\SYSTEM32\ak.exe
2007-08-10 09:06 144,384 --a

---

C:\WINDOWS\SYSTEM32\qyeanmf.exe
2007-08-10 06:04 119,808 --a

---

C:\WINDOWS\SYSTEM32\trkjfdckpta.exe
2007-08-09 20:58 82,944 --a

---

C:\WINDOWS\SYSTEM32\bs.exe
2007-08-09 19:05 82,944 --a

---

C:\WINDOWS\SYSTEM32\uph.exe
2007-08-09 09:58 144,384 --a

---

C:\WINDOWS\SYSTEM32\gyby.exe
2007-08-09 05:37 103,424 --a

---

C:\WINDOWS\SYSTEM32\gpp.exe
2007-08-08 16:31 <DIR> d

---

C:\Program Files\PlayLinc
2007-08-08 16:27 <DIR> d

---

C:\DOCUME~1\CHRIST~1\APPLIC~1\Motive
2007-08-08 16:23 <DIR> d

---

C:\WINDOWS\bin
2007-08-08 16:23 <DIR> d

---

C:\DOCUME~1\CHRIST~1\APPLIC~1\Verizon
2007-08-08 16:23 <DIR> d

---

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Verizon
2007-08-08 16:10 <DIR> d

---

C:\Program Files\Verizon
2007-08-08 09:17 91,136 --a

---

C:\WINDOWS\SYSTEM32\sladk.exe
2007-08-08 06:05 160,768 --a

---

C:\WINDOWS\SYSTEM32\rc.exe
2007-08-07 20:27 91,136 --a

---

C:\WINDOWS\SYSTEM32\gwghmalslcs.exe
2007-08-07 19:40 87,040 --a

---

C:\WINDOWS\SYSTEM32\zlboskwmj.exe
2007-08-05 09:31 <DIR> d

---

C:\WINDOWS\network diagnostic
2007-07-31 10:00 148,480 --a

---

C:\WINDOWS\SYSTEM32\ixp.exe
2007-07-31 09:14 148,480 --a

---

C:\WINDOWS\SYSTEM32\vrblpprmcd.exe
2007-07-30 11:51 144,384 --a

---

C:\WINDOWS\SYSTEM32\iepz.exe
2007-07-30 05:26 148,480 --a

---

C:\WINDOWS\SYSTEM32\hn.exe
2007-07-28 07:25 132,608 --a

---

C:\WINDOWS\SYSTEM32\oejsswwguxa.exe
2007-07-21 10:47 95,232 --a

---

C:\WINDOWS\SYSTEM32\picaknkhjeay.exe
2007-07-19 19:20 <DIR> d

---

C:\DOCUME~1\CHRIST~1\APPLIC~1\DivX
2007-07-19 19:19 2,560

---

C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-07-19 19:19 2,432

---

C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-07-19 19:19 129,784

---

C:\WINDOWS\SYSTEM32\pxafs.dll
2007-07-19 19:19 118,520

---

C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-07-19 19:19 116,472

---

C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-07-17 06:38 <DIR> d

---

C:\Program Files\Educational Simulations
2007-07-14 11:15 95,232 --a

---

C:\WINDOWS\SYSTEM32\ciwrazz.exe
2007-07-12 18:44 74,752 --a

---

C:\WINDOWS\SYSTEM32\ntloexiq.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 08:45 42414 --a

---

C:\DOCUME~1\CHRIST~1\APPLIC~1\wklnhst.dat
2007-08-08 16:21

---

d

---

C:\Program Files\Common Files\Motive
2007-08-08 16:10

---

d

---

C:\Program Files\Common Files\SupportSoft
2007-08-08 10:47

---

d

---

C:\Program Files\BitTorrent
2007-07-19 19:19

---

d

---

C:\Program Files\DivX
2007-07-11 18:28 74752 --a

---

C:\WINDOWS\system32\au.exe
2007-07-11 05:51 152576 --a

---

C:\WINDOWS\system32\iezxg.exe
2007-07-10 16:56 82944 --a

---

C:\WINDOWS\system32\gkjmevcvrd.exe
2007-07-09 15:07 524288 --a

---

C:\WINDOWS\system32\DivXsm.exe
2007-07-09 15:07 36624

---

C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-09 15:07 3596288 --a

---

C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 15:07 200704 --a

---

C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1044480 --a

---

C:\WINDOWS\system32\libdivx.dll
2007-07-09 15:05 823296 --a

---

C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 15:05 823296 --a

---

C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 15:05 802816 --a

---

C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 15:05 740442 --a

---

C:\WINDOWS\system32\DivX.dll
2007-07-09 15:05 73728 --a

---

C:\WINDOWS\system32\dpl100.dll
2007-07-09 15:05 593920 --a

---

C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 15:05 57344 --a

---

C:\WINDOWS\system32\dpv11.dll
2007-07-09 15:05 53248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 15:05 344064 --a

---

C:\WINDOWS\system32\dpus11.dll
2007-07-09 15:05 294912 --a

---

C:\WINDOWS\system32\dpu11.dll
2007-07-09 15:05 294912 --a

---

C:\WINDOWS\system32\dpu10.dll
2007-07-09 15:05 196608 --a

---

C:\WINDOWS\system32\dtu100.dll
2007-07-09 15:05 124472 --a

---

C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 15:05 12288 --a

---

C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-09 06:01 173056 --a

---

C:\WINDOWS\system32\fsgsfm.exe
2007-07-08 19:14 189440 --a

---

C:\WINDOWS\system32\fqy.exe
2007-07-08 19:12 189440 --a

---

C:\WINDOWS\system32\swj.exe
2007-07-08 18:45 189440 --a

---

C:\WINDOWS\system32\vqydpv.exe
2007-07-08 08:21 185344 --a

---

C:\WINDOWS\system32\nwknm.exe
2007-07-07 13:10 99328 --a

---

C:\WINDOWS\system32\jvhymlumoa.exe
2007-07-06 19:39 193536 --a

---

C:\WINDOWS\system32\cmksrsmifrcl.exe
2007-07-06 16:44 148480 --a

---

C:\WINDOWS\system32\gzfpj.exe
2007-07-05 18:03 222208 --a

---

C:\WINDOWS\system32\bjzcqgmrksm.exe
2007-07-05 05:50 123904 --a

---

C:\WINDOWS\system32\eg.exe
2007-07-04 19:43 173056 --a

---

C:\WINDOWS\system32\seyzesjuojvx.exe
2007-07-03 18:32 82944 --a

---

C:\WINDOWS\system32\jzavdb.exe
2007-07-02 21:01 95232 --a

---

C:\WINDOWS\system32\qjzla.exe
2007-07-02 21:00 119808 --a

---

C:\WINDOWS\system32\mbmhuvxjvyp.exe
2007-06-30 10:50 168960 --a

---

C:\WINDOWS\system32\tsvoslvdyegu.exe
2007-06-27 19:29 99328 --a

---

C:\WINDOWS\system32\olpcloupx.exe
2007-06-27 13:24 115712 --a

---

C:\WINDOWS\system32\aftgxomqtbcx.exe
2007-06-22 18:29 136192 --a

---

C:\WINDOWS\system32\zwedwzd.exe
2007-06-20 17:54 128000 --a

---

C:\WINDOWS\system32\civimgg.exe
2007-06-18 18:40

---

d

---

C:\DOCUME~1\CHRIST~1\APPLIC~1\DNA
2007-06-17 16:33 168960 --a

---

C:\WINDOWS\system32\fwnzywkn.exe
2007-06-17 00:11 51200 --a

---

C:\WINDOWS\nircmd.exe
2007-06-16 19:34 209920 --a

---

C:\WINDOWS\system32\xydmanfg.exe
2007-06-16 08:17 185344 --a

---

C:\WINDOWS\system32\jg.exe
2007-06-13 05:59

---

d

---

C:\Program Files\Viewpoint
2007-06-13 05:59

---

d

---

C:\Program Files\AIM6
2007-05-17 11:56 1156 --a

---

C:\WINDOWS\mozver.dat
2007-05-16 11:12 86528 --a

---

C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a

---

C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a

---

C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 --a

---

C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 --a

---

C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a

---

C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-19 16:18 73064 --a--c--- C:\DOCUME~1\CHRIST~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-09-20 18:14 94939 --ah-c--- C:\DOCUME~1\CHRIST~1\APPLIC~1\ptads.bin
2004-07-22 10:51 3432656 --a--c--- C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a--c--- C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a--c--- C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a--c--- C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a--c--- C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a--c--- C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a--c--- C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a--c--- C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a--c--- C:\Program Files\DSETUP.dll
2002-08-29 10:00:00 520,192 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2005-05-13 17:40:10 56 -csh--r C:\WINDOWS\SYSTEM32\F1EF70BCD8.sys
2005-05-13 17:40:10 1,890 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 08:47]
"jg"="C:\WINDOWS\system32\jg.exe" [2007-06-16 08:17]
"xydmanfg"="C:\WINDOWS\system32\xydmanfg.exe" [2007-06-16 19:34]
"fwnzywkn"="C:\WINDOWS\system32\fwnzywkn.exe" [2007-06-17 16:33]
"civimgg"="C:\WINDOWS\system32\civimgg.exe" [2007-06-20 17:54]
"zwedwzd"="C:\WINDOWS\system32\zwedwzd.exe" [2007-06-22 18:29]
"aftgxomqtbcx"="C:\WINDOWS\system32\aftgxomqtbcx.exe" [2007-06-27 13:24]
"olpcloupx"="C:\WINDOWS\system32\olpcloupx.exe" [2007-06-27 19:29]
"q"="C:\WINDOWS\system32\q.exe" []
"tsvoslvdyegu"="C:\WINDOWS\system32\tsvoslvdyegu.exe" [2007-06-30 10:50]
"mbmhuvxjvyp"="C:\WINDOWS\system32\mbmhuvxjvyp.exe" [2007-07-02 21:00]
"qjzla"="C:\WINDOWS\system32\qjzla.exe" [2007-07-02 21:01]
"jzavdb"="C:\WINDOWS\system32\jzavdb.exe" [2007-07-03 18:32]
"seyzesjuojvx"="C:\WINDOWS\system32\seyzesjuojvx.exe" [2007-07-04 19:43]
"eg"="C:\WINDOWS\system32\eg.exe" [2007-07-05 05:50]
"bjzcqgmrksm"="C:\WINDOWS\system32\bjzcqgmrksm.exe" [2007-07-05 18:03]
"gzfpj"="C:\WINDOWS\system32\gzfpj.exe" [2007-07-06 16:44]
"cmksrsmifrcl"="C:\WINDOWS\system32\cmksrsmifrcl.exe" [2007-07-06 19:39]
"jvhymlumoa"="C:\WINDOWS\system32\jvhymlumoa.exe" [2007-07-07 13:10]
"nwknm"="C:\WINDOWS\system32\nwknm.exe" [2007-07-08 08:21]
"y"="C:\WINDOWS\system32\y.exe" []
"fsgsfm"="C:\WINDOWS\system32\fsgsfm.exe" [2007-07-09 06:01]
"iezxg"="C:\WINDOWS\system32\iezxg.exe" [2007-07-11 05:51]
"au"="C:\WINDOWS\system32\au.exe" [2007-07-11 18:28]
"ntloexiq"="C:\WINDOWS\system32\ntloexiq.exe" [2007-07-12 18:44]
"ciwrazz"="C:\WINDOWS\system32\ciwrazz.exe" [2007-07-14 11:15]
"picaknkhjeay"="C:\WINDOWS\system32\picaknkhjeay.exe" [2007-07-21 10:47]
"oejsswwguxa"="C:\WINDOWS\system32\oejsswwguxa.exe" [2007-07-28 07:25]
"hn"="C:\WINDOWS\system32\hn.exe" [2007-07-30 05:26]
"iepz"="C:\WINDOWS\system32\iepz.exe" [2007-07-30 11:51]
"ixp"="C:\WINDOWS\system32\ixp.exe" [2007-07-31 10:00]
"zlboskwmj"="C:\WINDOWS\system32\zlboskwmj.exe" [2007-08-07 19:40]
"gwghmalslcs"="C:\WINDOWS\system32\gwghmalslcs.exe" [2007-08-07 20:27]
"rc"="C:\WINDOWS\system32\rc.exe" [2007-08-08 06:05]
"sladk"="C:\WINDOWS\system32\sladk.exe" [2007-08-08 09:17]
"o"="C:\WINDOWS\system32\o.exe" []
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 19:52]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20]
"gpp"="C:\WINDOWS\system32\gpp.exe" [2007-08-09 05:37]
"gyby"="C:\WINDOWS\system32\gyby.exe" [2007-08-09 09:58]
"g"="C:\WINDOWS\system32\g.exe" []
"bs"="C:\WINDOWS\system32\bs.exe" [2007-08-09 20:58]
"trkjfdckpta"="C:\WINDOWS\system32\trkjfdckpta.exe" [2007-08-10 06:04]
"qyeanmf"="C:\WINDOWS\system32\qyeanmf.exe" [2007-08-10 09:06]
"ak"="C:\WINDOWS\system32\ak.exe" [2007-08-10 12:29]
"ypdq"="C:\WINDOWS\system32\ypdq.exe" [2007-08-10 15:02]
"lnqgimz"="C:\WINDOWS\system32\lnqgimz.exe" [2007-08-11 16:26]
"ozmruv"="C:\WINDOWS\system32\ozmruv.exe" [2007-08-11 20:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 12:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"jg"=C:\WINDOWS\system32\jg.exe
"xydmanfg"=C:\WINDOWS\system32\xydmanfg.exe
"fwnzywkn"=C:\WINDOWS\system32\fwnzywkn.exe
"civimgg"=C:\WINDOWS\system32\civimgg.exe
"zwedwzd"=C:\WINDOWS\system32\zwedwzd.exe
"aftgxomqtbcx"=C:\WINDOWS\system32\aftgxomqtbcx.exe
"olpcloupx"=C:\WINDOWS\system32\olpcloupx.exe
"q"=C:\WINDOWS\system32\q.exe
"tsvoslvdyegu"=C:\WINDOWS\system32\tsvoslvdyegu.exe
"mbmhuvxjvyp"=C:\WINDOWS\system32\mbmhuvxjvyp.exe
"qjzla"=C:\WINDOWS\system32\qjzla.exe
"a"=C:\WINDOWS\system32\a.exe
"jzavdb"=C:\WINDOWS\system32\jzavdb.exe
"seyzesjuojvx"=C:\WINDOWS\system32\seyzesjuojvx.exe
"eg"=C:\WINDOWS\system32\eg.exe
"bjzcqgmrksm"=C:\WINDOWS\system32\bjzcqgmrksm.exe
"gzfpj"=C:\WINDOWS\system32\gzfpj.exe
"cmksrsmifrcl"=C:\WINDOWS\system32\cmksrsmifrcl.exe
"jvhymlumoa"=C:\WINDOWS\system32\jvhymlumoa.exe
"nwknm"=C:\WINDOWS\system32\nwknm.exe
"y"=C:\WINDOWS\system32\y.exe
"fsgsfm"=C:\WINDOWS\system32\fsgsfm.exe
"iezxg"=C:\WINDOWS\system32\iezxg.exe
"au"=C:\WINDOWS\system32\au.exe
"ntloexiq"=C:\WINDOWS\system32\ntloexiq.exe
"ciwrazz"=C:\WINDOWS\system32\ciwrazz.exe
"picaknkhjeay"=C:\WINDOWS\system32\picaknkhjeay.exe
"oejsswwguxa"=C:\WINDOWS\system32\oejsswwguxa.exe
"hn"=C:\WINDOWS\system32\hn.exe
"iepz"=C:\WINDOWS\system32\iepz.exe
"ixp"=C:\WINDOWS\system32\ixp.exe
"zlboskwmj"=C:\WINDOWS\system32\zlboskwmj.exe
"gwghmalslcs"=C:\WINDOWS\system32\gwghmalslcs.exe
"rc"=C:\WINDOWS\system32\rc.exe
"sladk"=C:\WINDOWS\system32\sladk.exe
"o"=C:\WINDOWS\system32\o.exe
"gpp"=C:\WINDOWS\system32\gpp.exe
"gyby"=C:\WINDOWS\system32\gyby.exe
"g"=C:\WINDOWS\system32\g.exe
"bs"=C:\WINDOWS\system32\bs.exe
"trkjfdckpta"=C:\WINDOWS\system32\trkjfdckpta.exe
"qyeanmf"=C:\WINDOWS\system32\qyeanmf.exe
"ak"=C:\WINDOWS\system32\ak.exe
"ypdq"=C:\WINDOWS\system32\ypdq.exe
"lnqgimz"=C:\WINDOWS\system32\lnqgimz.exe
"ozmruv"=C:\WINDOWS\system32\ozmruv.exe

C:\Documents and Settings\Christopher\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
DESKTOP.INI [2002-09-03 10:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 10:00:00]
PolicyKey.lnk - C:\Program Files\Impulse\PolicyKey.exe [2005-10-04 14:53:00]


R1 FsVga;FsVga;C:\WINDOWS\system32\DRIVERS\fsvga.sys
R2 AOL_SpywareServ;AOL Anti-Spyware Service;"C:\WINDOWS\web\aolspy.exe"
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
S2 euouyeitpp3y;Print Spooler Service;C:\WINDOWS\system32\khkqosyttiuj.exe /service
S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
S3 MREMPR5;MREMPR5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 08:51:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"\31j\x58a8\16f\35g?"="\xff2d\xff33 \x660e\x671d"
"\31j\x58a8\xff740\xff770\xff830\xff6f0?"="\xff2d\xff33 \x30b4\x30b7\x30c3\x30af"
"\xff740\xff770\xff830\xff6f0"="\xff2d\xff33 \x30b4\x30b7\x30c3\x30af"
"z\xf8f3\x30fb|\xf8f3o\xf8f3x\xf8f3?"="\xff2d\xff33 \x30b4\x30b7\x30c3\x30af"
"x\xf8f3p\xf8f3\x30fbt\xf8f3?"="Courier"
"\x80\xf8f3r\xf8f3\x30fb}\xf8f3\x30fb\x30fb\x30fb\x30fb?????"="Times New Roman"
"\x30fb\x30fb\x30fb\x30fb\x30fbv\xf8f3?????"="Arial"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 8:52:40
C:\ComboFix-quarantined-files.txt ... 2007-08-12 08:52
C:\ComboFix2.txt ... 2007-06-11 14:48
C:\ComboFix3.txt ... 2007-06-09 15:12

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 8:54:19 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\web\aolspy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\jg.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Impulse\PolicyKey.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Christopher\Desktop\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [jg] C:\WINDOWS\system32\jg.exe
O4 - HKLM\..\Run: [xydmanfg] C:\WINDOWS\system32\xydmanfg.exe
O4 - HKLM\..\Run: [fwnzywkn] C:\WINDOWS\system32\fwnzywkn.exe
O4 - HKLM\..\Run: [civimgg] C:\WINDOWS\system32\civimgg.exe
O4 - HKLM\..\Run: [zwedwzd] C:\WINDOWS\system32\zwedwzd.exe
O4 - HKLM\..\Run: [aftgxomqtbcx] C:\WINDOWS\system32\aftgxomqtbcx.exe
O4 - HKLM\..\Run: [olpcloupx] C:\WINDOWS\system32\olpcloupx.exe
O4 - HKLM\..\Run: [q] C:\WINDOWS\system32\q.exe
O4 - HKLM\..\Run: [tsvoslvdyegu] C:\WINDOWS\system32\tsvoslvdyegu.exe
O4 - HKLM\..\Run: [mbmhuvxjvyp] C:\WINDOWS\system32\mbmhuvxjvyp.exe
O4 - HKLM\..\Run: [qjzla] C:\WINDOWS\system32\qjzla.exe
O4 - HKLM\..\Run: [jzavdb] C:\WINDOWS\system32\jzavdb.exe
O4 - HKLM\..\Run: [seyzesjuojvx] C:\WINDOWS\system32\seyzesjuojvx.exe
O4 - HKLM\..\Run: [eg] C:\WINDOWS\system32\eg.exe
O4 - HKLM\..\Run: [bjzcqgmrksm] C:\WINDOWS\system32\bjzcqgmrksm.exe
O4 - HKLM\..\Run: [gzfpj] C:\WINDOWS\system32\gzfpj.exe
O4 - HKLM\..\Run: [cmksrsmifrcl] C:\WINDOWS\system32\cmksrsmifrcl.exe
O4 - HKLM\..\Run: [jvhymlumoa] C:\WINDOWS\system32\jvhymlumoa.exe
O4 - HKLM\..\Run: [nwknm] C:\WINDOWS\system32\nwknm.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\system32\y.exe
O4 - HKLM\..\Run: [fsgsfm] C:\WINDOWS\system32\fsgsfm.exe
O4 - HKLM\..\Run: [iezxg] C:\WINDOWS\system32\iezxg.exe
O4 - HKLM\..\Run: [au] C:\WINDOWS\system32\au.exe
O4 - HKLM\..\Run: [ntloexiq] C:\WINDOWS\system32\ntloexiq.exe
O4 - HKLM\..\Run: [ciwrazz] C:\WINDOWS\system32\ciwrazz.exe
O4 - HKLM\..\Run: [picaknkhjeay] C:\WINDOWS\system32\picaknkhjeay.exe
O4 - HKLM\..\Run: [oejsswwguxa] C:\WINDOWS\system32\oejsswwguxa.exe
O4 - HKLM\..\Run: [hn] C:\WINDOWS\system32\hn.exe
O4 - HKLM\..\Run: [iepz] C:\WINDOWS\system32\iepz.exe
O4 - HKLM\..\Run: [ixp] C:\WINDOWS\system32\ixp.exe
O4 - HKLM\..\Run: [zlboskwmj] C:\WINDOWS\system32\zlboskwmj.exe
O4 - HKLM\..\Run: [gwghmalslcs] C:\WINDOWS\system32\gwghmalslcs.exe
O4 - HKLM\..\Run: [rc] C:\WINDOWS\system32\rc.exe
O4 - HKLM\..\Run: [sladk] C:\WINDOWS\system32\sladk.exe
O4 - HKLM\..\Run: [o] C:\WINDOWS\system32\o.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [gpp] C:\WINDOWS\system32\gpp.exe
O4 - HKLM\..\Run: [gyby] C:\WINDOWS\system32\gyby.exe
O4 - HKLM\..\Run: [g] C:\WINDOWS\system32\g.exe
O4 - HKLM\..\Run: [bs] C:\WINDOWS\system32\bs.exe
O4 - HKLM\..\Run: [trkjfdckpta] C:\WINDOWS\system32\trkjfdckpta.exe
O4 - HKLM\..\Run: [qyeanmf] C:\WINDOWS\system32\qyeanmf.exe
O4 - HKLM\..\Run: [ak] C:\WINDOWS\system32\ak.exe
O4 - HKLM\..\Run: [ypdq] C:\WINDOWS\system32\ypdq.exe
O4 - HKLM\..\Run: [lnqgimz] C:\WINDOWS\system32\lnqgimz.exe
O4 - HKLM\..\Run: [ozmruv] C:\WINDOWS\system32\ozmruv.exe
O4 - HKLM\..\RunServices: [jg] C:\WINDOWS\system32\jg.exe
O4 - HKLM\..\RunServices: [xydmanfg] C:\WINDOWS\system32\xydmanfg.exe
O4 - HKLM\..\RunServices: [fwnzywkn] C:\WINDOWS\system32\fwnzywkn.exe
O4 - HKLM\..\RunServices: [civimgg] C:\WINDOWS\system32\civimgg.exe
O4 - HKLM\..\RunServices: [zwedwzd] C:\WINDOWS\system32\zwedwzd.exe
O4 - HKLM\..\RunServices: [aftgxomqtbcx] C:\WINDOWS\system32\aftgxomqtbcx.exe
O4 - HKLM\..\RunServices: [olpcloupx] C:\WINDOWS\system32\olpcloupx.exe
O4 - HKLM\..\RunServices: [q] C:\WINDOWS\system32\q.exe
O4 - HKLM\..\RunServices: [tsvoslvdyegu] C:\WINDOWS\system32\tsvoslvdyegu.exe
O4 - HKLM\..\RunServices: [mbmhuvxjvyp] C:\WINDOWS\system32\mbmhuvxjvyp.exe
O4 - HKLM\..\RunServices: [qjzla] C:\WINDOWS\system32\qjzla.exe
O4 - HKLM\..\RunServices: [a] C:\WINDOWS\system32\a.exe
O4 - HKLM\..\RunServices: [jzavdb] C:\WINDOWS\system32\jzavdb.exe
O4 - HKLM\..\RunServices: [seyzesjuojvx] C:\WINDOWS\system32\seyzesjuojvx.exe
O4 - HKLM\..\RunServices: [eg] C:\WINDOWS\system32\eg.exe
O4 - HKLM\..\RunServices: [bjzcqgmrksm] C:\WINDOWS\system32\bjzcqgmrksm.exe
O4 - HKLM\..\RunServices: [gzfpj] C:\WINDOWS\system32\gzfpj.exe
O4 - HKLM\..\RunServices: [cmksrsmifrcl] C:\WINDOWS\system32\cmksrsmifrcl.exe
O4 - HKLM\..\RunServices: [jvhymlumoa] C:\WINDOWS\system32\jvhymlumoa.exe
O4 - HKLM\..\RunServices: [nwknm] C:\WINDOWS\system32\nwknm.exe
O4 - HKLM\..\RunServices: [y] C:\WINDOWS\system32\y.exe
O4 - HKLM\..\RunServices: [fsgsfm] C:\WINDOWS\system32\fsgsfm.exe
O4 - HKLM\..\RunServices: [iezxg] C:\WINDOWS\system32\iezxg.exe
O4 - HKLM\..\RunServices: [au] C:\WINDOWS\system32\au.exe
O4 - HKLM\..\RunServices: [ntloexiq] C:\WINDOWS\system32\ntloexiq.exe
O4 - HKLM\..\RunServices: [ciwrazz] C:\WINDOWS\system32\ciwrazz.exe
O4 - HKLM\..\RunServices: [picaknkhjeay] C:\WINDOWS\system32\picaknkhjeay.exe
O4 - HKLM\..\RunServices: [oejsswwguxa] C:\WINDOWS\system32\oejsswwguxa.exe
O4 - HKLM\..\RunServices: [hn] C:\WINDOWS\system32\hn.exe
O4 - HKLM\..\RunServices: [iepz] C:\WINDOWS\system32\iepz.exe
O4 - HKLM\..\RunServices: [ixp] C:\WINDOWS\system32\ixp.exe
O4 - HKLM\..\RunServices: [zlboskwmj] C:\WINDOWS\system32\zlboskwmj.exe
O4 - HKLM\..\RunServices: [gwghmalslcs] C:\WINDOWS\system32\gwghmalslcs.exe
O4 - HKLM\..\RunServices: [rc] C:\WINDOWS\system32\rc.exe
O4 - HKLM\..\RunServices: [sladk] C:\WINDOWS\system32\sladk.exe
O4 - HKLM\..\RunServices: [o] C:\WINDOWS\system32\o.exe
O4 - HKLM\..\RunServices: [gpp] C:\WINDOWS\system32\gpp.exe
O4 - HKLM\..\RunServices: [gyby] C:\WINDOWS\system32\gyby.exe
O4 - HKLM\..\RunServices: [g] C:\WINDOWS\system32\g.exe
O4 - HKLM\..\RunServices: [bs] C:\WINDOWS\system32\bs.exe
O4 - HKLM\..\RunServices: [trkjfdckpta] C:\WINDOWS\system32\trkjfdckpta.exe
O4 - HKLM\..\RunServices: [qyeanmf] C:\WINDOWS\system32\qyeanmf.exe
O4 - HKLM\..\RunServices: [ak] C:\WINDOWS\system32\ak.exe
O4 - HKLM\..\RunServices: [ypdq] C:\WINDOWS\system32\ypdq.exe
O4 - HKLM\..\RunServices: [lnqgimz] C:\WINDOWS\system32\lnqgimz.exe
O4 - HKLM\..\RunServices: [ozmruv] C:\WINDOWS\system32\ozmruv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PolicyKey.lnk = C:\Program Files\Impulse\PolicyKey.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146318712046
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Anti-Spyware Service (AOL_SpywareServ) - Unknown owner - C:\WINDOWS\web\aolspy.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Print Spooler Service (euouyeitpp3y) - Unknown owner - C:\WINDOWS\system32\khkqosyttiuj.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Baabiouz

Hi!

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

_______________

After Sdfix, please run combofix again.
_______________

Please, send a fresh hjt log, Sdfix log and combofix log