Infected by trojan...please help...
Logfile of HijackThis v1.99.1
Scan saved at 11:55:33 PM, on 02/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre6\bin\jusched.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\System32\GEARSec.exe
C:\Comodo\COMODO Internet Security\cfp.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\System32\HPZipm12.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: D - {C11CEF36-0992-3702-9327-CCED81CCE97B} - G:\WINDOWS\system32\xwr26484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 11:55:33 PM, on 02/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre6\bin\jusched.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\WINDOWS\System32\GEARSec.exe
C:\Comodo\COMODO Internet Security\cfp.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\System32\HPZipm12.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: D - {C11CEF36-0992-3702-9327-CCED81CCE97B} - G:\WINDOWS\system32\xwr26484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Comments
Logfile of HijackThis v1.99.1
Scan saved at 10:42:31 PM, on 02/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
C:\Comodo\COMODO Internet Security\cfp.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\utilities\Microsoft Word\Office10\WINWORD.EXE
G:\WINDOWS\msagent\AgentSvr.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: D - {C11CEF36-0992-3702-9327-CCED81CCE97B} - G:\WINDOWS\system32\xwr26484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Please do the following....
1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
- Double-click ATF Cleaner.exe to open it.
- Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program
2. Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt
3. I need to see another log from HijackThis.- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
4. Please post the following...Malwarebyes log
Uninstall list
New HijackThis log
Database version: 1798
Windows 5.1.2600 Service Pack 2
02/24/2009 6:36:04 AM
mbam-log-2009-02-24 (06-35-43).txt
Scan type: Full Scan (C:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 198003
Time elapsed: 2 hour(s), 17 minute(s), 4 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
Memory Modules Infected:
G:\WINDOWS\system32\xwr26484.dll (Trojan.Vundo.H) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{65626559-1b99-353e-b085-29edd5f2ec67} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{83d4cf82-852d-3eaf-b931-ff9599aff745} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.BHO) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
G:\WINDOWS\system32\xwr26484.dll (Trojan.Vundo.H) -> No action taken.
C:\Mirc\mirc.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.Installer) -> No action taken.
G:\WINDOWS\system32\wr26484.dll (Trojan.Vundo.H) -> No action taken.
J:\WebfettiSetup2.3.50.22.ZKman000.exe (Adware.MyWebSearch) -> No action taken.
K:\mIRC\mirc.exe (Backdoor.Bot) -> No action taken.
G:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> No action taken.
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
G:\Program Files\KB34533.exe (Trojan.Agent) -> No action taken.
G:\Program Files\KB50173.exe (Trojan.Agent) -> No action taken.
G:\WINDOWS\xccdf16_090123a.dll (Spyware.OnlineGames) -> No action taken.
G:\WINDOWS\xccdf32_090123a.dll (Spyware.OnlineGames) -> No action taken.
G:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken.
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
ABBYY FineReader 5.0 Sprint Plus
ACDSee 5.0 PowerPack
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe SVG Viewer 3.0
ADS Tech Master Installer V3.8
ADS Tech V3.8 DVD Xpress DX2 CapWiz
Alambik Viewer
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ASAPI Update
a-squared Free 3.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVI DivX MPEG to DVD Converter & Burner Pro 2.9
BayGenie eBay Auction Sniper Pro Edition 3.1.3.0
BEACH CLUB BINGO PINBALL SIMULATION
Belltech Business Cards Designer Pro 1.3
Bit Che
Blaze Media Pro
CCleaner (remove only)
CDRWIN
Clean 5
COMODO Internet Security
coverXP (remove only)
Creative DVD Audio Plugin for Audigy Series
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
Cypress USB Mass Storage Driver Installation
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dream Aquarium
DVD and CD Cover Print
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.6
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
dvd43 1.4
DVDFab Platinum 4.0.6.0 Beta
DVDZip Pro 3.0.1.1
Easy Video Joiner 5.21
Easy Video Splitter 1.28
EasyCleaner
EPSON PictureMate User's Guide
EPSON Printer Software
Exact Audio Copy 0.95b4
FLAC Installer 1.1.2a (remove only)
FlashFXP
FLV Player 2.0, build 23
Freez FLV to MP3 Converter
Garmin WebUpdater
Gayety BINGO PINBALL SIMULATION
Google Desktop
Google Earth Pro 4.2
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Gravis Xperience 4.5
Hallmark Card Studio 2009
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Photo Imaging Software
HP Photo Printing Software
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
InterActual Player
InterVideo WinDVD 7
iPod for Windows 2005-09-23
IsoBuster 1.8
iTunes
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Online Scanner
KBEC T34M BinTool
Label Editor
Links Modification
LiSTBoX Studio v2.2.150
Magic DVD Ripper V4.1
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Links 2003
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.6)
Mp3Doctor 5.11.055
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nero 6 Ultra Edition
Night Club BINGO PINBALL SIMULATION
Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)
Open Ports Scanner 2.3
OpenOffice.org Installer 1.0
Panda ActiveScan
PC Alert 4
PFConfig 1.0.144
Poppy for Windows
PowerISO
Printscreen 2000 V8.0
Qtrax 0.2beta (20080125)
QuickTime
RealPlayer
Registry Mechanic 7.0
Rhapsody Player Engine
Safari
SafeCast Shared Components
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sentinel System Driver
SereneScreen Marine Aquarium 2
SILVER SAILS BINGO PINBALL SIMULATION
Snappy Invoice System v5.0.3
SpywareBlaster v3.3
Tar98
TMPGEnc DVD Author 1.6
Ulead Straight-to-Disc SDK
Ulead VideoStudio 9.0 SE DVD
UltraISO V6.52 SR-2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
USB Storage Adapter FX (SM1)
Virtual Serial Ports Driver XP 5.1 (5.1.7.60)
Visual Pinball
Vodei Multimedia Processor 2.10
Voxware Audio decoder 1.6
WaveLab Lite
Wicked Atmega Loader
Winamp
WinAVI Video Converter 9.0
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip 11.1
XVID MPEG-4 CODEC
XviD MPEG-4 Video Codec
Logfile of HijackThis v1.99.1
Scan saved at 5:51:16 PM, on 02/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\WINDOWS\System32\GEARSec.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Utilities\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Common Files\ACD Systems\IDBSvr.exe
G:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: D - {C11CEF36-0992-3702-9327-CCED81CCE97B} - G:\WINDOWS\system32\xwr26484.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
You did not fix the problems with Malwarebtyes' as the log shows "-> No action taken".
Please update and rescan with Malwarebytes' making sure to remove the infected items. Refer to my instructions above on how to do this.
Post the new Malwarebytes log, along with a new HijackThis log.
Database version: 1798
Windows 5.1.2600 Service Pack 2
02/26/2009 7:03:28 PM
mbam-log-2009-02-26 (19-03-28).txt
Scan type: Full Scan (C:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 197893
Time elapsed: 1 hour(s), 24 minute(s), 32 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{65626559-1b99-353e-b085-29edd5f2ec67} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{83d4cf82-852d-3eaf-b931-ff9599aff745} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c11cef36-0992-3702-9327-cced81cce97b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
G:\WINDOWS\system32\xwr26484.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Mirc\mirc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\wr26484.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
J:\WebfettiSetup2.3.50.22.ZKman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
K:\mIRC\mirc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
G:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully.
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully.
G:\Program Files\KB34533.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\Program Files\KB50173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\WINDOWS\xccdf16_090123a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\WINDOWS\xccdf32_090123a.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
G:\Documents and Settings\Randy\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Scan saved at 7:59:06 PM, on 02/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\WINDOWS\System32\GEARSec.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
G:\Program Files\Java\jre6\bin\jqs.exe
C:\Comodo\COMODO Internet Security\cfp.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\WINDOWS\System32\HPZipm12.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Please do the following...
1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Follow these steps to remove older versions of Java components and update to the latest version...
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
- Double-click on JavaRa.exe to start the program.
- From the drop-down menu, choose English and click on Select.
- JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
- Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
- A logfile will pop up. Please save it to a convenient location.
Now download and install Java SE Runtime Environment (JRE) 6 Update 12.2. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
SafeCast Shared Components
3. Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Scan Mail Bases
Please post the Kaspersky report back here.
The Kaspersky Online Scanner works and scans for awhile about an hour then locks the computer up. I have tryed 4 times and it locks up every time. Is there another program I can use?
Here is a new highjack this log.....thankyou
Logfile of HijackThis v1.99.1
Scan saved at 3:51:10 PM, on 03/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
C:\Comodo\COMODO Internet Security\cmdagent.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\utilities\A-squared Free\a2service.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\WINDOWS\System32\GEARSec.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\WINDOWS\System32\HPZipm12.exe
C:\Hallmark Card Studio 2009\Planner\PLNRnote.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\WINDOWS\system32\devldr32.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\utilities\Malwarebytes' Anti-Malware\mbamservice.exe
G:\Program Files\MSN Messenger\usnsvc.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
G:\Utilities\Hijackthis\Nutty110.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nfohump.com/index.php?switchto=nfos&menu=sections§ionid=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nforce.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDrvCheck] G:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATICCC] "G:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "G:\utilities\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EPSON PictureMate PM 240] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBCA.EXE /FU "G:\WINDOWS\TEMP\E_S1EB.tmp" /EF "HKCU"
O4 - Global Startup: Event Planner Reminder 2009.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\UTILIT~1\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - G:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136916728625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160562902890
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com//games/v47/h2hpool/h2hpool.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - G:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\utilities\A-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - G:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Utilities\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - G:\Program Files\Java\jre6\bin\jqs.exe" -service -config "G:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - G:\utilities\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft .NET Framework v1.1.4322 Update (NetFxUpdate_v1.1.4322) - Unknown owner - G:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
If you did not add the following to your Host files, remove them..
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
Apart from that, the HijackThis log is clean. Are you still having problems?
You can close this thread now.....thanks so much for all your help
This site rocks!!
ltr.....
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
(Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Prevention
Each does a different job, so you can have more than one
Windows Updates (a must!)
It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there
Internet Browsers
Using a different web browser can help stop malware getting on your machine.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
Also PLEASE read these articles: So How Did I Get Infected In The First Place and Malware Prevention: Prevent Re-infection
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again