Problem : unknown bkkwhygtsstd.exe running, accessing the internet - Poster Levan
In folder : C:\Documents and Settings\default\Application Data\ylanukmgh\bkkwhygtssd.exe
Windows says that the folder / file was created last night
Hijack this shows this as a running process - log pasted below
My ESET firewall alerted me to a new program trying to access the internet. I didn't knowingly download this program or anything else which might have contained it. I think I might have gotten it from surfing the web and closing a pop up window. I did a full system scan with ESET and Pest Patrol, neither identified it as a threat, but the exe is still there.
When trying to post on this forum, I'm seeing a rollover ad for Charleston, SC. Mousing away from it, a new window popped up redirecting me to a local search for "betty crocker recipes" in my zip code.
Thanks for reading. Please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:56 PM, on 6/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Matrox Graphics
Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mgabg.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.DesktopManagement.Host.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Application
Data\ylanukmgh\bkkwhygtssd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\default\Desktop\PC Tools\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated
file!
user_pref("Dick Cox.aim.session.autologin", false);
user_pref("Dick Cox.aim.session.connectionname", "AIM");
user_pref("Dick
Cox.aim.session.password", "0");
user_pref("Dick
Cox.aim.session.storepassword", false);
user_pref("aim.away.disablesound", false);
user_pref("aim.internal.buddy.MaxBuddies", 220);
user_pref("aim.internal.intproxyprotocol", 1);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "icehelmets");
user_pref("aim.session.migrateBuddyList", "Dick Cox");
user_pref("aim.session.screenname", "icehelmets");
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\WINDOWS\\Desktop");
user_pref("browser.history.last_page_visited",
"http://boards.billmaher.com/logout.php?Cat=");
user_pref("browser.search.defaultengine",
"engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugin
s%5CSBWeb_01.src
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} -
(no file)
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
C:\Program Files\Microsoft\Search Enhancement Pack\Search
Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -
C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe
/Autolaunch
O4 - HKLM\..\Run: [MpsOnn]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics
Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program
Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe"
-resume
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch
Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart
Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common
Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [cmdnqgyk] C:\Documents and
Settings\default\Application Data\ylanukmgh\bkkwhygtssd.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]
c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunOnce: [TSC]
"C:\DOCUME~1\default\LOCALS~1\Temp\HouseCall\tsc.exe" /HD
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cmdnqgyk] C:\Documents and
Settings\default\Application Data\ylanukmgh\bkkwhygtssd.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org
3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {1B2897F0-7F93-417D-B240-D720DA9B2339} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {291EA4D8-C8BC-4D70-82FB-15FE40113ACF} -
http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {E941727A-3ABE-4332-93F2-D20FFF992FC2} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} -
http://www.dellnet.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/sab
a/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie
nt/muweb_site.cab?1259480903199
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
- http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program
Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET
Smart Security\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. -
C:\Program Files\Matrox Graphics
Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc -
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology
LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common
Files\Motive\McciCMService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner -
C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 10627 bytes
Windows says that the folder / file was created last night
Hijack this shows this as a running process - log pasted below
My ESET firewall alerted me to a new program trying to access the internet. I didn't knowingly download this program or anything else which might have contained it. I think I might have gotten it from surfing the web and closing a pop up window. I did a full system scan with ESET and Pest Patrol, neither identified it as a threat, but the exe is still there.
When trying to post on this forum, I'm seeing a rollover ad for Charleston, SC. Mousing away from it, a new window popped up redirecting me to a local search for "betty crocker recipes" in my zip code.
Thanks for reading. Please help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:56 PM, on 6/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Matrox Graphics
Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mgabg.exe
C:\SUPERFAX\PROGRAM\PICPMON.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.DesktopManagement.Host.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\default\Application
Data\ylanukmgh\bkkwhygtssd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\default\Desktop\PC Tools\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated
file!
user_pref("Dick Cox.aim.session.autologin", false);
user_pref("Dick Cox.aim.session.connectionname", "AIM");
user_pref("Dick
Cox.aim.session.password", "0");
user_pref("Dick
Cox.aim.session.storepassword", false);
user_pref("aim.away.disablesound", false);
user_pref("aim.internal.buddy.MaxBuddies", 220);
user_pref("aim.internal.intproxyprotocol", 1);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.latestaimscreenname", "icehelmets");
user_pref("aim.session.migrateBuddyList", "Dick Cox");
user_pref("aim.session.screenname", "icehelmets");
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.download.dir", "C:\\WINDOWS\\Desktop");
user_pref("browser.history.last_page_visited",
"http://boards.billmaher.com/logout.php?Cat=");
user_pref("browser.search.defaultengine",
"engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugin
s%5CSBWeb_01.src
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} -
(no file)
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
C:\Program Files\Microsoft\Search Enhancement Pack\Search
Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -
C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe
/Autolaunch
O4 - HKLM\..\Run: [MpsOnn]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics
Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program
Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe"
-resume
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch
Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart
Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common
Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [cmdnqgyk] C:\Documents and
Settings\default\Application Data\ylanukmgh\bkkwhygtssd.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center]
c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunOnce: [TSC]
"C:\DOCUME~1\default\LOCALS~1\Temp\HouseCall\tsc.exe" /HD
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cmdnqgyk] C:\Documents and
Settings\default\Application Data\ylanukmgh\bkkwhygtssd.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org
3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
(no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {1B2897F0-7F93-417D-B240-D720DA9B2339} -
http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {291EA4D8-C8BC-4D70-82FB-15FE40113ACF} -
http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {E941727A-3ABE-4332-93F2-D20FFF992FC2} -
http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} -
http://www.dellnet.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/sab
a/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie
nt/muweb_site.cab?1259480903199
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
- http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ATI Smart - Unknown owner -
C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program
Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET
Smart Security\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program
Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. -
C:\Program Files\Matrox Graphics
Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc -
C:\Program Files\Matrox Graphics Inc\PowerDesk
SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology
LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common
Files\Motive\McciCMService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe
O23 - Service: Pacific Image Comm. Fax Server - Unknown owner -
C:\SUPERFAX\PROGRAM\PICPMON.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner -
C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
--
End of file - 10627 bytes
0
Comments