raze spyware gray/white background

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
Hi this is my first post but i browsed around the site and I managed to get rid of the red and black desktop but now it does that gray/white thing and i need some help on fixing that part

Logfile of HijackThis v1.99.1
Scan saved at 3:29:32 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CDD5CB22-49F6-EC90-2EA2-87E9CBA74AD4} - ABCXYZ.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [SetupExeDll] init32.exe
O4 - HKLM\..\Run: [ABCXYZ] driver64.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [uio] backorif.exe
O4 - HKLM\..\Run: [killall] ssweeper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [dmpay.exe] C:\WINDOWS\system32\dmpay.exe
O4 - HKLM\..\Run: [qewmk.exe] C:\WINDOWS\system32\qewmk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [atl_helper] new32.exe
O4 - HKCU\..\Run: [AliceSD] FLKPT.exe
O4 - HKCU\..\Run: [10010] WTFCTF.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A918F6E-93D9-4171-8852-76F99148A486}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout fom
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
after i did this the red black background returned


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E3A26D9DC29F-29FB-D354-FAD4-6D682E26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5BF30A9141A1-84BB-3534-22CF-D596FCBD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F42CB16A3064-0499-6554-C891-95CA5571{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2BAA228FE421-F66A-FF34-1B86-8ADC926D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97C94FCA7AEE-251B-4724-DE0E-354FDBF9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8A79115DC17-DB79-7C94-083B-BF747F56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6AAB08055F95-12F9-40A4-7020-1CA8C173{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B38729F083E6-33B9-9674-4ED0-BA7A470C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C4343B8EEE47-354A-4384-18FB-6E8F254E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A3FC0165B0E-EDDA-9C44-1344-7D6B3A4E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA1BA65EF75F-794B-E744-57F3-5CA60C7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8D26BBBF436B-1619-6994-E9F2-70A1EC51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D87A1CF95FC6-693A-8FB4-BACA-393795E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CC4E5CC512C7-8BE8-AEC4-A6A1-BBD43890{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}447673A4BFD2-7C39-40C4-8798-E296DE0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AABC9282E475-9528-C724-1876-5FE8CC7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C644CED80C68-0AAB-AEC4-9AF2-517C1340{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4DDC4175A86-C28B-AA24-2034-25639C80{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CACA182E07A-75A9-D634-2D70-9110365F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}853AF6E927AA-C75A-5184-A58D-A6B5CCF1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92CB2C22A454-26B8-FCE4-6B27-A60D00D4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}106179C7B985-01BA-CBC4-3A6E-5AC53C8C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F4904A5E451-6B4B-C474-1828-A6D446B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0AE142A8A006-231A-B6F4-4051-C364CF76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CDB0AF99720-07BB-16A4-5D4E-85ABE136{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}536B2D61F04D-72DA-5C74-8F32-0F8D49B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5293A53661A0-138B-5B34-396D-3D0B9DAB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8654A39CD92-53BA-E054-A676-0600387D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C69BE8F99EF8-DE79-02A4-2791-36E962F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B508128E33B7-7659-A734-D559-C59FD9F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0F582209471-C6CA-C7D4-73A5-A8AE204D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D34CDF9C857D-0578-6854-7FAD-E2112035{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}90F45C9156DE-E9DB-0E84-7753-5F19D300{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC84CE3E8192-FD68-2CD4-25F7-04CD27C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}16976832E63D-E659-02B4-148A-EDD4CA58{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE851C1CBE29-BAAA-A164-FAE9-98C657B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}593DA880109A-604A-A2E4-E4E3-713849F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}528397E36676-F8DA-F1D4-3255-4250B4FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54F8E8346F38-3BBB-A9A4-F963-8F79A0C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9322033D8EF8-DED9-1AB4-815F-9C4C68E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EC5B72C61D2-433B-1E74-9DEF-F503B1B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\yapmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}46991B6D330C-96EA-8D24-BB56-C54D1AD2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2ADA593013FB-DAD8-F9E4-AB12-974F1481{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3456DE0D4442-0C4A-5CA4-B38A-923B570E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}43866AA98A96-C439-29F4-7073-467D34F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}60B509B5DE68-80DB-AE84-F9EC-A8321520{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}755691F6C7AB-131A-78D4-C217-5D6724F0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D225EE68965B-351B-5574-E893-637E486C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DC8E276BD1B-CF28-D484-37E2-AFA12D9E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEA7EAAE418A-DFE8-70A4-3177-3ABFA11F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}25D429D5F704-D79B-26B4-4800-7AB73F52{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}64BBB449E879-1798-C9D4-D710-9419827A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E8A132A4234F-3A68-6D04-65FC-15343E93{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3D78DC3340F8-D879-6F64-B8BA-82D105D1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}979C7595396D-A36A-5284-1022-49D1F78A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9EDF6852B971-29AB-E4E4-419D-8F3F81D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}091AE31C3525-4DEA-23C4-23B2-0968518E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BD42612382F-EE28-4CB4-84F0-9D4AA6E0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}824451F89EFA-880A-B354-33A5-C8E07AF3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}13E59C2EDDFD-857B-2904-216B-1F6E0F11{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28ADF8F627F2-FA7B-2034-B0CE-14B37BD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2384A44948C-E3D8-C5B4-2B00-992C5198{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66AD70D90A0E-A2C9-AA04-CA54-406CDBE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C897B2C9C124-9FF9-D0A4-6BF3-8A9DAE20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmpay.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSQKZ.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSQKZ.EXE 51,216 2006-07-12
C:\WINDOWS\SYSTEM32\DMMZL.EXE 61,965 2004-08-10
C:\WINDOWS\SYSTEM32\DMPAY.EXE 61,965 2004-08-10
C:\WINDOWS\SYSTEM32\DMZOH.EXE 61,965 2004-08-10
Other suspects
Directory of C:\WINDOWS\system32
{4EBDC604-45AC-40AA-9C2A-E0A09D07DA66}.exe
{8915C299-00B2-4B5C-8D3E-C84944A4832C}.exe
{0E6AA4D9-0F48-4BC4-82EE-F28321624DB7}.exe
{7D18F3F8-D914-4E4E-BA92-179B2586FDE9}.exe
{A87F1D94-2201-4825-A63A-D6935957C979}.exe
{1D501D28-AB8B-46F6-978D-8F0433CD87D3}.exe
{39E34351-CF56-40D6-86A3-F4324A231A8E}.exe
{A7289149-017D-4D9C-8971-978E944BBB46}.exe
{25F37BA7-0084-4B62-B97D-407F5D924D52}.exe
{F11AFBA3-7713-4A07-8EFD-A814EAAE7AEA}.exe
{9E86C4C9-F518-4BA1-9DED-8FE8D3302239}.exe
{9C0A97F8-369F-4A9A-BBB3-83F6438E8F45}.exe
{5F948317-3E4E-4E2A-A406-A901088AD395}.exe
{6B756C89-9EAF-461A-AAAB-92EBC1C158ED}.exe
{85AC4DDE-A841-4B20-956E-D36E23867961}.exe
{2C72DC40-7F52-4DC2-86DF-2918E3EC48CF}.exe
{003D91F5-3577-48E0-BD9E-ED6519C54F09}.exe
{D402EA8A-5A37-4D7C-AC6C-174902285F0C}.exe
{2F9DF95C-955D-437A-9567-7B33E821805B}.exe
{2F269E63-1972-4A20-97ED-8FE99F8EB96C}.exe
{D7830060-676A-450E-AB35-29DC93A4568D}.exe
{644678EE-77FC-4325-8E70-B9B982F73941}.exe
{C9983C0B-F186-4E06-8254-A17E0429BA39}.exe

Logfile of HijackThis v1.99.1
Scan saved at 4:05:27 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CDD5CB22-49F6-EC90-2EA2-87E9CBA74AD4} - ABCXYZ.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [SetupExeDll] init32.exe
O4 - HKLM\..\Run: [ABCXYZ] driver64.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [uio] backorif.exe
O4 - HKLM\..\Run: [killall] ssweeper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [sifgy.exe] C:\WINDOWS\system32\sifgy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [atl_helper] new32.exe
O4 - HKCU\..\Run: [AliceSD] FLKPT.exe
O4 - HKCU\..\Run: [10010] WTFCTF.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A918F6E-93D9-4171-8852-76F99148A486}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\System32\CSQKZ.EXE
C:\WINDOWS\SYSTEM32\DMMZL.EXE
C:\WINDOWS\SYSTEM32\DMPAY.EXE
C:\WINDOWS\SYSTEM32\DMZOH.EXE
C:\WINDOWS\system32\{4EBDC604-45AC-40AA-9C2A-E0A09D07DA66}.exe
C:\WINDOWS\system32\{8915C299-00B2-4B5C-8D3E-C84944A4832C}.exe
C:\WINDOWS\system32\{0E6AA4D9-0F48-4BC4-82EE-F28321624DB7}.exe
C:\WINDOWS\system32\{7D18F3F8-D914-4E4E-BA92-179B2586FDE9}.exe
C:\WINDOWS\system32\{A87F1D94-2201-4825-A63A-D6935957C979}.exe
C:\WINDOWS\system32\{1D501D28-AB8B-46F6-978D-8F0433CD87D3}.exe
C:\WINDOWS\system32\{39E34351-CF56-40D6-86A3-F4324A231A8E}.exe
C:\WINDOWS\system32\{A7289149-017D-4D9C-8971-978E944BBB46}.exe
C:\WINDOWS\system32\{25F37BA7-0084-4B62-B97D-407F5D924D52}.exe
C:\WINDOWS\system32\{F11AFBA3-7713-4A07-8EFD-A814EAAE7AEA}.exe
C:\WINDOWS\system32\{9E86C4C9-F518-4BA1-9DED-8FE8D3302239}.exe
C:\WINDOWS\system32\{9C0A97F8-369F-4A9A-BBB3-83F6438E8F45}.exe
C:\WINDOWS\system32\{5F948317-3E4E-4E2A-A406-A901088AD395}.exe
C:\WINDOWS\system32\{6B756C89-9EAF-461A-AAAB-92EBC1C158ED}.exe
C:\WINDOWS\system32\{85AC4DDE-A841-4B20-956E-D36E23867961}.exe
C:\WINDOWS\system32\{2C72DC40-7F52-4DC2-86DF-2918E3EC48CF}.exe
C:\WINDOWS\system32\{003D91F5-3577-48E0-BD9E-ED6519C54F09}.exe
C:\WINDOWS\system32\{D402EA8A-5A37-4D7C-AC6C-174902285F0C}.exe
C:\WINDOWS\system32\{2F9DF95C-955D-437A-9567-7B33E821805B}.exe
C:\WINDOWS\system32\{2F269E63-1972-4A20-97ED-8FE99F8EB96C}.exe
C:\WINDOWS\system32\{D7830060-676A-450E-AB35-29DC93A4568D}.exe
C:\WINDOWS\system32\{644678EE-77FC-4325-8E70-B9B982F73941}.exe
C:\WINDOWS\system32\{C9983C0B-F186-4E06-8254-A17E0429BA39}.exe
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\system32\driver64.exe
C:\WINDOWS\system32\backorif.exe
C:\WINDOWS\system32\ssweeper.exe
C:\WINDOWS\system32\sifgy.exe
C:\WINDOWS\system32\new32.exe
C:\WINDOWS\system32\FLKPT.exe
C:\WINDOWS\system32\WTFCTF.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


when it reboots

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {CDD5CB22-49F6-EC90-2EA2-87E9CBA74AD4} - ABCXYZ.dll (file missing)


O4 - HKLM\..\Run: [SetupExeDll] init32.exe
O4 - HKLM\..\Run: [ABCXYZ] driver64.exe
O4 - HKLM\..\Run: [uio] backorif.exe
O4 - HKLM\..\Run: [killall] ssweeper.exe
O4 - HKLM\..\Run: [sifgy.exe] C:\WINDOWS\system32\sifgy.exe
O4 - HKCU\..\Run: [atl_helper] new32.exe
O4 - HKCU\..\Run: [AliceSD] FLKPT.exe
O4 - HKCU\..\Run: [10010] WTFCTF.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A918F6E-93D9-4171-8852-76F99148A486}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227


Now we need to reset your hijacked DNS settings

To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
Go to My Computer>Dialup Networking.
Right-click your internet connection and select Properties.
A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot &


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

then download & install spysweeper & update it etc but don't run it untril we have seen teh smitfraud report please

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vunusygo

*******************

Script file located at: \??\C:\Program Files\looanyjw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\CSQKZ.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\DMMZL.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\DMPAY.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\DMZOH.EXE deleted successfully.
File C:\WINDOWS\system32\{4EBDC604-45AC-40AA-9C2A-E0A09D07DA66}.exe deleted successfully.
File C:\WINDOWS\system32\{8915C299-00B2-4B5C-8D3E-C84944A4832C}.exe deleted successfully.
File C:\WINDOWS\system32\{0E6AA4D9-0F48-4BC4-82EE-F28321624DB7}.exe deleted successfully.
File C:\WINDOWS\system32\{7D18F3F8-D914-4E4E-BA92-179B2586FDE9}.exe deleted successfully.
File C:\WINDOWS\system32\{A87F1D94-2201-4825-A63A-D6935957C979}.exe deleted successfully.
File C:\WINDOWS\system32\{1D501D28-AB8B-46F6-978D-8F0433CD87D3}.exe deleted successfully.
File C:\WINDOWS\system32\{39E34351-CF56-40D6-86A3-F4324A231A8E}.exe deleted successfully.
File C:\WINDOWS\system32\{A7289149-017D-4D9C-8971-978E944BBB46}.exe deleted successfully.
File C:\WINDOWS\system32\{25F37BA7-0084-4B62-B97D-407F5D924D52}.exe deleted successfully.
File C:\WINDOWS\system32\{F11AFBA3-7713-4A07-8EFD-A814EAAE7AEA}.exe deleted successfully.
File C:\WINDOWS\system32\{9E86C4C9-F518-4BA1-9DED-8FE8D3302239}.exe deleted successfully.
File C:\WINDOWS\system32\{9C0A97F8-369F-4A9A-BBB3-83F6438E8F45}.exe deleted successfully.
File C:\WINDOWS\system32\{5F948317-3E4E-4E2A-A406-A901088AD395}.exe deleted successfully.
File C:\WINDOWS\system32\{6B756C89-9EAF-461A-AAAB-92EBC1C158ED}.exe deleted successfully.
File C:\WINDOWS\system32\{85AC4DDE-A841-4B20-956E-D36E23867961}.exe deleted successfully.
File C:\WINDOWS\system32\{2C72DC40-7F52-4DC2-86DF-2918E3EC48CF}.exe deleted successfully.
File C:\WINDOWS\system32\{003D91F5-3577-48E0-BD9E-ED6519C54F09}.exe deleted successfully.
File C:\WINDOWS\system32\{D402EA8A-5A37-4D7C-AC6C-174902285F0C}.exe deleted successfully.
File C:\WINDOWS\system32\{2F9DF95C-955D-437A-9567-7B33E821805B}.exe deleted successfully.
File C:\WINDOWS\system32\{2F269E63-1972-4A20-97ED-8FE99F8EB96C}.exe deleted successfully.
File C:\WINDOWS\system32\{D7830060-676A-450E-AB35-29DC93A4568D}.exe deleted successfully.
File C:\WINDOWS\system32\{644678EE-77FC-4325-8E70-B9B982F73941}.exe deleted successfully.
File C:\WINDOWS\system32\{C9983C0B-F186-4E06-8254-A17E0429BA39}.exe deleted successfully.


File C:\WINDOWS\system32\init32.exe not found!
Deletion of file C:\WINDOWS\system32\init32.exe failed!

Could not process line:
C:\WINDOWS\system32\init32.exe
Status: 0xc0000034



File C:\WINDOWS\system32\driver64.exe not found!
Deletion of file C:\WINDOWS\system32\driver64.exe failed!

Could not process line:
C:\WINDOWS\system32\driver64.exe
Status: 0xc0000034



File C:\WINDOWS\system32\backorif.exe not found!
Deletion of file C:\WINDOWS\system32\backorif.exe failed!

Could not process line:
C:\WINDOWS\system32\backorif.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ssweeper.exe not found!
Deletion of file C:\WINDOWS\system32\ssweeper.exe failed!

Could not process line:
C:\WINDOWS\system32\ssweeper.exe
Status: 0xc0000034



File C:\WINDOWS\system32\sifgy.exe not found!
Deletion of file C:\WINDOWS\system32\sifgy.exe failed!

Could not process line:
C:\WINDOWS\system32\sifgy.exe
Status: 0xc0000034



File C:\WINDOWS\system32\new32.exe not found!
Deletion of file C:\WINDOWS\system32\new32.exe failed!

Could not process line:
C:\WINDOWS\system32\new32.exe
Status: 0xc0000034



File C:\WINDOWS\system32\FLKPT.exe not found!
Deletion of file C:\WINDOWS\system32\FLKPT.exe failed!

Could not process line:
C:\WINDOWS\system32\FLKPT.exe
Status: 0xc0000034



File C:\WINDOWS\system32\WTFCTF.exe not found!
Deletion of file C:\WINDOWS\system32\WTFCTF.exe failed!

Could not process line:
C:\WINDOWS\system32\WTFCTF.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


SmitFraudFix v2.70

Scan done at 14:48:04.14, Fri 07/14/2006
Run from C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\desktop.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
"FriendlyName"="Security"


Logfile of HijackThis v1.99.1
Scan saved at 2:50:37 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3AC12ED5-2B5D-74DF-8070-0657E964F5CF} - Bogobot.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{8C787BBB-32A1-4B51-A507-426B9E93059A}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{8C787BBB-32A1-4B51-A507-426B9E93059A}.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Testimonials] jopplerg.exe
O4 - HKLM\..\Run: [Shaitan1678] defect08.exe
O4 - HKLM\..\Run: [uwgce.exe] C:\WINDOWS\system32\uwgce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [ssweeper] ExchangeMaster.exe
O4 - HKCU\..\Run: [bingo9] teqq32.exe
O4 - HKCU\..\Run: [TForm1] ActionScr.exe
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A918F6E-93D9-4171-8852-76F99148A486}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
ok run spysweeper & post it's session log and a new hjt log please
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
SpySweeper seems to have fixed it mostly. The desktop is restored and everything is running smoothly. Id thank you now but i dont want to speak too soon in case theres more

Logfile of HijackThis v1.99.1
Scan saved at 1:59:20 AM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3AC12ED5-2B5D-74DF-8070-0657E964F5CF} - Bogobot.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Testimonials] jopplerg.exe
O4 - HKLM\..\Run: [Shaitan1678] defect08.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [czcsi.exe] C:\WINDOWS\system32\czcsi.exe
O4 - HKLM\..\Run: [dmweg.exe] C:\WINDOWS\system32\dmweg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [ssweeper] ExchangeMaster.exe
O4 - HKCU\..\Run: [bingo9] teqq32.exe
O4 - HKCU\..\Run: [TForm1] ActionScr.exe
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


Spysweeper asked if i wanted to restart the computer to get rid of some of the threats and i clicked yes and after it restarted i couldnt figure out how to find the session log
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
still got some problems there

first can you disable the real time protection of spyware doctor as I suspect it's preventinmg soem of the changes being applied



You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout fom
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

when it reboots do this again before posting the hjt log please

Now we need to reset your hijacked DNS settings

To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
Go to My Computer>Dialup Networking.
Right-click your internet connection and select Properties.
A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot &

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
and I'd like to see this log please

  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click " Configure Scan Options"
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMJRZ.EXE 61,965 2004-08-10
C:\WINDOWS\SYSTEM32\DMNOA.EXE 61,965 2004-08-10
C:\WINDOWS\SYSTEM32\DMXKW.EXE 61,965 2004-08-10
Other suspects
Directory of C:\WINDOWS\system32
{68258CE4-1E97-4D41-A87C-662DABB3375F}.exe
{6574DFC6-EFBB-481A-B182-57FE78F7E1BE}.exe
{D578753A-4C1C-4F75-B65C-5C763A4ED23E}.exe
{F0FBDFCB-738B-471E-9183-BE050E3AAC62}.exe
{2DBA3727-B9EF-4CEE-BCB9-31FAB0DA6DCE}.exe
{18D9BDBA-C36E-45D1-8E12-0C04D58D46CB}.exe
{13CC091F-4505-4FF3-898D-6EC881CA641F}.exe
{507B6D70-D256-461C-BB65-0386A87F62DC}.exe
{5A740F86-5D84-4F3A-8BC2-C38B9BAE5FA0}.exe
{EBA7F3FD-7DBD-497E-B90D-C031150FFF0C}.exe
{D1DFD43D-651F-4F2A-9A59-6CF8ADB12BBD}.exe
{349BEB70-069B-44DA-83A7-D762A6A03C88}.exe
{57C11735-B9DC-4574-9359-CE06C0D6B4E4}.exe
{F39559DC-0AB2-4066-B5D1-C63F4A7CE449}.exe
{74BE79F5-D42B-446E-8C8B-737643B847FD}.exe
{4D76598C-DFBF-45CA-9F9D-9E6410294895}.exe
{025201F1-382F-40C2-BFB4-5E25BCEEF188}.exe
{B03EC35E-5BDF-4CE6-96AB-EF77C8245E03}.exe
{E6852D0C-2ACA-468E-BF5C-ACE03C9096E2}.exe
{BEFA542F-6264-48E4-B280-5A0F0F407C94}.exe
{001AEE3C-A494-4CBC-B143-383D790E247A}.exe
{0DD49DA1-C926-4DD6-AF11-69705845A801}.exe
{49F456A1-814B-45F9-9570-5B279F31E5D2}.exe
{B20A7092-362F-42D3-8941-ECB0B3F220AF}.exe
{3F839337-4593-4F17-ADF7-E45559672105}.exe
{E0B735F7-7189-4F4A-BDF0-87565FB50F4A}.exe
{1F675775-4671-48BF-8440-2518B783D2DA}.exe
{38CB22F0-FB2A-48D2-860F-2AFC22776C44}.exe
{0CAB41D8-7347-4A83-A988-E9AEE208C3ED}.exe
{8A751796-15F5-41CB-B7E0-D14AF7BCE4B8}.exe
{6AC698FA-4D31-464C-9A9E-F7E75710C2C8}.exe
{1F05C59D-72AC-4E5F-B121-0501916DD58F}.exe
{451AEC48-8A60-4AF8-BB33-A6CCC27CD01C}.exe
{F62C710F-65E9-4FD8-944D-7D972B1F2454}.exe
{953F0CDC-4334-482C-8038-683D80328C6A}.exe
{147540D2-51B3-42BC-B241-A32547ECF980}.exe
{F8D0502D-EE80-4C4C-83ED-00CA6529340E}.exe
{88CC6DE0-8B1A-4FC1-8C34-7591FD9E486F}.exe
{9CF56672-75B5-4790-ACD9-C1769D0BC158}.exe
{5B195167-8477-4FE6-B6E3-68E617230399}.exe
{1F70AA56-CBF8-4CA1-9275-515059AD87A6}.exe
{51127D80-2FC2-4B0D-99F0-631948850584}.exe
{30D4C65B-2EA6-43D0-9257-3E9E01AA40BE}.exe
{89EEB314-CACE-4C8E-AED2-E56D3CD240CD}.exe
{6228B635-CDD2-4C97-9B13-FEF5AFFF30DD}.exe
{AC791BCD-2965-4ED6-8DF7-E3440EB6B6BB}.exe
{B712C9AB-BDA6-49B6-B95D-C19D00AAB493}.exe
{D1AEA95D-F0FB-4235-8151-31227E8EFF23}.exe
{C489994E-0C7B-4465-95B6-8ED8CB3366AC}.exe
{DB2167A0-1D17-43F2-B7DA-AE48ED39431F}.exe
{2D5D53B2-8C8D-4BBF-BE3B-758AADEB42A3}.exe
{40AB5C8E-2C87-476F-8831-ADE1987DBDC6}.exe
{15187213-90B7-4767-85A5-A75970579ED0}.exe
{AF5CABDE-44B2-4BE7-BFFA-16492580ECDB}.exe
{14F24C21-5797-4C89-B2F4-2E9AC815E2B8}.exe
{9852B7A3-2BA7-44BA-BAC8-9F4AA0C11F1E}.exe
{196847ED-6A5F-4793-92EA-E63DE3073447}.exe
{1DBC6121-85FC-4F42-A1AD-3C080918EE7A}.exe
{620BEE1D-ED53-4D0F-8161-297BEEE9F0C0}.exe
{1484D620-EB9C-46A2-A30E-7A1B97FA87F3}.exe
{6916126B-9A6A-424C-99F3-0B18E93A7019}.exe
{B33DF9D1-2893-4CFC-9F19-B4E16E29EBF1}.exe
{46DDDB20-3063-4572-92F0-98509B84C20B}.exe
{6FD08543-795D-44A1-8F2C-089901BF8A75}.exe
{92C52942-1F68-45A7-9C45-B7B62B0EFA09}.exe
{CC11893E-FBBE-4BEA-86D9-88966A058387}.exe
{90C864DC-DE34-43BA-9100-10BB231706AD}.exe
{6AE7FEEF-B6EB-4E8D-A61D-975649F0A9C1}.exe
{3B374F70-6F9A-47E4-9F22-AF6CE76A46C5}.exe
{7BAAC987-E12A-4B77-BFAB-930CE2645F6A}.exe
{90C20F75-04E3-44A7-9867-12CFDD337A8A}.exe
{50AB5303-7B78-40BB-ABBD-2D6B2EBB293F}.exe
{9E974623-AA54-4268-88E3-717CDB0B1828}.exe
{8B312EE6-6654-4734-B2AB-3E4CBD0A8D0E}.exe
{3A54EC33-C8C1-447F-A310-B90283681135}.exe
{17E55AFF-E3AD-423F-9B03-8710C8DDDE97}.exe
{36C6E79C-6E3D-460F-9FAB-321F8A15030A}.exe
{47BE0FA9-0A6A-4FB6-AB11-BF5FD4FD0D58}.exe
{99E803EC-303F-4504-A59D-24F0D5583A0D}.exe
{0DA32016-D3CE-4EDC-BEC0-075AA7F7CE80}.exe
{8B5C8951-EE98-4DE2-BD82-A6EAC65CC86C}.exe
{343ADD2D-861A-4499-BCB2-A977777230D0}.exe
{48D50C64-A6C7-48E5-9411-BB950BED0CA4}.exe
{BB54C277-7830-48CA-867C-7E66A00C28F6}.exe
{F365E93C-00C5-4E24-A517-4E0CF31A8DD0}.exe
{50FECE44-FD31-46E6-AA2B-612A6CB5760A}.exe
{E67C0257-F001-4A11-ADD8-DC08C9F0C002}.exe
{436C3648-992B-4939-BD1D-5B28A38D42AC}.exe
{648E52C1-22F1-4C17-A154-F43D130F5E4B}.exe
{ED7BB55A-6882-4972-9009-A050A51C91BA}.exe
{D684AF8E-29CB-48C8-97B3-33EDF0C99012}.exe
{BCADCD71-2A29-4027-9EAF-A415A6CD7722}.exe
{D1BBD95D-F840-4123-963D-A1515422EDB2}.exe
{75062958-73F7-4140-878D-D6A6F5DDECFC}.exe
{6C180C35-1032-48CB-89F0-1AF02941E1F8}.exe
{E040B328-EA56-494C-A1E8-485F48583BE5}.exe
{46AD3D5D-D496-4D6B-AD29-2DA42821DB35}.exe
{6497F1D9-18EB-4EA5-9A16-1F48EB68A27E}.exe
{2502D558-B148-42F6-99D5-0FB945B8DA94}.exe
{2088F692-DFE2-4213-9C4A-DCD1F14AE600}.exe
{0DC5B136-C675-4C38-AB3A-1770B4D9DCF9}.exe
{D43B5C53-6603-4751-9EBF-37E01D46AEC6}.exe
{E29B85AB-C825-4B8D-BF04-4CB9298D762F}.exe
{4889DC29-A321-46C6-A04B-E83A562BA1C7}.exe
{E3CDBCEE-5106-4BFF-9EE7-A6CD883BA409}.exe
{9BADC31A-379E-40F5-B2FC-FBDD83DBBFD4}.exe
{236DA184-E308-44BA-85FE-E5EBF09016F4}.exe
{488983F2-FA8A-4A62-9C32-97CF8C95C70F}.exe
{50022817-E455-4732-8FAD-E63F95387DBE}.exe
{BACC1EA1-84CD-4A7D-9279-BA576DBBE9FF}.exe
{0F85DDF5-9701-4CEE-8E56-EF6AF626E08F}.exe
{2A358812-A72C-4FFC-AF5D-536663C83FE1}.exe
{320B6A63-6B3C-4C74-BDDF-CC6922E36A82}.exe
{B4C1C5F1-F8E8-4D11-A1C6-83481EE70572}.exe
{1F2DD5DF-AF00-40E3-B1F0-3839E226E32C}.exe
{874706E1-83C2-43A3-94D8-CDBC2CA9EFBF}.exe
{5F1493E2-5F3A-48B5-A367-85F1F5DA926E}.exe
{2AE0897A-BADD-4E6D-9B63-731128A0D5B6}.exe
{4C8A7CAF-B449-4F1F-BEB5-5B110F410672}.exe
{C3570453-870D-4E16-8F92-FA341F825FDC}.exe
{929C9F31-7E55-4142-8BF9-00419F9AB9F9}.exe
{64176B93-441C-4DA5-90DE-1AB1708156BE}.exe
{B8D441CC-8E1D-4C43-B88D-8730AA3B4885}.exe
{ACD221A4-9E12-4D18-A34E-DD8C7BB2C82E}.exe
{1343CC02-16A5-4609-B5FE-233ED72B52C9}.exe
{6D4A2B97-EEAA-4D8D-8ACE-ED945BDC4CD6}.exe
{9F368FBC-13E4-4DF5-980E-F023DE278463}.exe
{CBA0BB22-68A5-42F4-87B5-9BA69C5BCC45}.exe
{9447A2B6-EE92-49DE-96C8-BA04D667A3F4}.exe
{E4C7DF6F-D1DF-4402-BABD-361D145D8875}.exe
{F254AB96-F97B-4CF2-8870-792F12FF3954}.exe
{A1A5BE2B-CE92-407A-A1A3-C7B8A06C187B}.exe
{66B9AFEF-2D3D-448C-A229-0FF832C5C71D}.exe
{08D26597-1581-4A28-95AC-CC34B5197ABD}.exe
{F0F7FB1F-DC30-4D1D-A44B-C5B9CF4B8A17}.exe
{15F68937-89B9-43A1-ACDE-9E72D94CE067}.exe
{452CD813-CAB3-47F0-A096-9A14745C9F65}.exe
{1702ADDA-79F7-4A27-A5E5-E3C2C4965F8E}.exe
{ABA9F9A1-79A8-4750-BDB6-2BB13D936F00}.exe
{C6A9A34C-C61C-4A0E-90FF-43B103AF891D}.exe
{7C4E88F0-C7A0-4357-A0C4-4E4751FDD2B3}.exe
{044B31B8-FBF6-46B4-AC19-BA8E542F1A08}.exe
{E13FA814-2A40-4CC1-B215-9FEDBE98F787}.exe
{AFFDF45F-7657-4C7C-AD79-C843964C9028}.exe
{4A26E74B-B96F-4831-A1F0-1E3FAEC89CFB}.exe
{39E13466-2FC0-48BA-96BB-27ACA7101243}.exe
{7D9099F0-3D1E-45F6-8093-CB1856065B7B}.exe
{62C35C9A-F0CC-44C6-ADB2-A4127BCDCEF5}.exe
{E1B63546-266A-4788-8E5F-CF4CA9DC4F1B}.exe
{F51EEE19-DC6D-41D3-99EB-67C83E941345}.exe
{82D778BC-7D52-4B34-8AF0-BAE6B9C8B881}.exe
{4E29C674-41B1-4116-8D79-1343D85F34DE}.exe
{F5F11A9E-879B-42CA-ACAF-0F4C7C17435B}.exe
{DFABDB72-A92C-4117-AB42-9F8D3507CD39}.exe
{05AF33F1-A727-4CB8-8922-3D4AE8FBD0A5}.exe
{8AE295B6-5B77-4419-B65A-136878FD24AE}.exe
{565423ED-3F3F-4A7D-B3B5-BFC85D49FB70}.exe
{C533C9A6-231D-48D4-8615-4B3351E3EA3D}.exe
{C695714E-4E6E-4840-A3F6-B1DCF421F127}.exe
{2E7469E6-B4AC-4392-91D9-FF91B4B97DE0}.exe
{855C3DB9-BD45-496A-A332-050F7BB7240F}.exe
{D95C07C7-FF38-4D7F-A29F-1A0B5F3B5228}.exe
{0EB3030A-34B1-4912-A2F0-8661B77697D5}.exe
{B72070A3-6F3B-493A-914A-E1E7DA305D14}.exe
{336FBB17-EC79-48E8-9E38-9361BB8A29C7}.exe
{A6BA4177-1467-413D-932F-60F81BAC1D02}.exe
{2518A71F-E43F-42A2-95FA-F0ED2D9215C4}.exe
{64B40888-ABCB-41CD-A159-7B7211668180}.exe
{CBF5EBD2-73F3-4B6B-AF1B-D204E7C6EFA0}.exe
{4CFEF30C-D110-422C-A6D0-CB94E3BD2F5E}.exe
{2CF70192-6846-41AB-A76D-B28C44B55ACC}.exe
{B9990D1B-9132-4E02-AF88-F96DBC35DA94}.exe
{ECCEA3C0-0D38-46D3-BB3A-12AD9BD22BCD}.exe
{C13C1CE1-C533-4CA1-B52B-B7963FB67069}.exe
{28DB2E74-22C3-418D-97A5-0BA5DB5B8C90}.exe
{DBBC12CD-3C2C-4A86-ACD3-A17E475C6466}.exe
{BA3F17B8-1524-4FFE-908C-3F5D6519B6BB}.exe
{6A67A252-E090-48DF-A866-D56D5AAC45DA}.exe
{53016938-0C9C-4CBB-A011-E28A2ECE93B8}.exe
{CAE279EB-FF44-4336-96AF-B94F273E713B}.exe
{A15D421D-166E-41CE-9E34-B36A9D3EEFD0}.exe
{AB94F3DE-92F2-4DAD-BB38-993B6010F61C}.exe
{2CF4CE8B-4CED-4691-A267-36959550869A}.exe
{31F3C897-0F4E-4F30-84D8-189F748C68F9}.exe
{B1C4888B-ADD9-43F7-BDC7-6159B64A6AF6}.exe
{75BD43E7-8CE1-4015-B3A9-292DA8C40ED2}.exe
{07B1C636-0A9D-4783-99CC-8152D579DDCC}.exe
{E3C49BA0-F125-4CA4-926E-757F252386E7}.exe
{84E2FE2B-8631-4769-909A-550115AC9F38}.exe
{4B9D65D5-586F-4C63-9F00-81B28771CC24}.exe
{9047B82D-A362-494A-BB09-31375699297E}.exe
{33F37F09-2C26-4926-A69C-4E09644FB599}.exe
{E687C883-4BE3-4543-9B66-3ED7EEE4A661}.exe
{B4041713-3F19-479D-A65F-332E18A17C54}.exe
{A0BCD594-9A65-4115-A729-3975C75C9FC9}.exe
{62AC51EC-788A-4D97-8F3B-6842CAED1A52}.exe
{CEAC8D5D-AB6B-4055-8944-9130D5B45996}.exe
{716AD6F2-C00C-43DD-85BD-219906E73F2D}.exe
{CA1F205D-B80F-4A0B-BA65-2664AFB9E6A4}.exe
{0CBC1A4A-A07E-4DD1-B00D-F10C1DE11605}.exe
{E582ED9E-DBCA-428F-8F5A-371F6F7A3D5C}.exe
{DDD5D858-40FB-4CD9-B216-213043749EF9}.exe
{6C0FA57D-B662-4840-BFFC-B703FDC30883}.exe
{0D0642EC-DB62-4F49-BA95-7AD1A38FF9A4}.exe
{2F1E8E87-6D82-4756-8162-910B486CD862}.exe
{A1CBB198-E167-4905-A0AB-7FB37347AF45}.exe
{7E120E6D-78EF-4AE9-8256-6B53D4841534}.exe
{256BA07C-3A46-4D88-BAE2-31CB71B61FD6}.exe
{0CF032B2-B35B-443B-91C8-DA41F9E73982}.exe
{4E785ED6-8F76-4068-A0A0-424A9A20A35A}.exe
{19F0DD6A-B1C6-42B8-9E3F-2646C1374773}.exe
{348EA594-71EA-4C33-89F9-A4213A6C414D}.exe
{498046D6-9976-4E4A-B58B-8D07C6DB9B48}.exe
{F79BE596-BE38-45A3-9C1E-48B8CA840E8A}.exe
{95E19E98-390D-4D19-8AD6-63485DCD6694}.exe
{3AF0CDF9-F8C9-42C8-A9CC-679CEA3FC1AB}.exe
{A108A9B2-E472-4E96-9E69-8996874DDFDF}.exe
{30EC7656-D8AA-4AD9-A979-EF521C929240}.exe
{35AF7E25-0FFA-4AE6-A65D-004526054996}.exe
{74E1E6DB-6307-4BB5-B31D-50CDE04E231B}.exe
{49672D22-4D8C-4AB3-B9CD-ADFC12FEF86D}.exe
{0CDF1C2A-CA2D-456F-815B-F976DFD51BD1}.exe
{9EEBFBD3-9624-4706-94BD-9EEF305147C6}.exe
{65A289EA-6543-4AE8-863E-B0BBEE0F37DA}.exe
{4A545411-5C76-48C0-AE2C-D828A0CE6D9C}.exe
{94FE3A96-86ED-4CFF-9AEF-ABC3E316168A}.exe
{CBB0BA70-F37D-41F1-A74F-25EA04C46AC1}.exe
{CAAFEA8C-D0F0-4E01-9174-60613372AE1F}.exe
{53472971-FCA8-451C-A810-0C0031180B96}.exe
{12B02F93-3F87-418D-9551-D274F1907EEE}.exe
{E19E7557-A1B4-4E78-87E9-9DE21EF605F1}.exe
{B2B71166-B53D-48AA-8CF2-4EA46FEC5DE4}.exe
{7E601680-93BA-4381-89F9-8DC046D8DD56}.exe
{27BA9198-733E-438B-8972-DC15C713F3FB}.exe
{D3762BE6-4965-48F9-9519-C0EE8F8428D0}.exe
{45B6DD4F-5AB1-46BD-9F07-47F685B91187}.exe
{2913B512-005C-46B7-A0E3-C9462ADA6025}.exe
{31818EF7-E04C-4BE7-A8A3-22130B6D95E7}.exe
{0873F0D4-A3EF-424B-AE97-50460A9AD2AB}.exe
{508EE88B-2A10-4F4C-A10F-DAD2BFF2702E}.exe
{EB5C9748-1C8B-4F6E-9E89-2CA38085427E}.exe
{1618B90E-8148-4A99-BC12-0DF5303300CB}.exe
{45B06DB6-D9C3-413D-A35E-E67E4A958674}.exe
{BB2F73CE-5295-415D-82A3-A24932286D8B}.exe
{50ADBDD9-50E2-4D97-B7B7-9C17E959CA12}.exe
{098229E9-B238-4414-AF7D-81312E65FC22}.exe







Logfile of HijackThis v1.99.1
Scan saved at 11:10:10 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {3AC12ED5-2B5D-74DF-8070-0657E964F5CF} - Bogobot.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [Testimonials] jopplerg.exe
O4 - HKLM\..\Run: [Shaitan1678] defect08.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [czcsi.exe] C:\WINDOWS\system32\czcsi.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ssweeper] ExchangeMaster.exe
O4 - HKCU\..\Run: [bingo9] teqq32.exe
O4 - HKCU\..\Run: [TForm1] ActionScr.exe
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\SYSTEM32\DMJRZ.EXE
C:\WINDOWS\SYSTEM32\DMNOA.EXE
C:\WINDOWS\SYSTEM32\DMXKW.EXE
C:\WINDOWS\SYSTEM32\{68258CE4-1E97-4D41-A87C-662DABB3375F}.exe
C:\WINDOWS\SYSTEM32\{6574DFC6-EFBB-481A-B182-57FE78F7E1BE}.exe
C:\WINDOWS\SYSTEM32\{D578753A-4C1C-4F75-B65C-5C763A4ED23E}.exe
C:\WINDOWS\SYSTEM32\{F0FBDFCB-738B-471E-9183-BE050E3AAC62}.exe
C:\WINDOWS\SYSTEM32\{2DBA3727-B9EF-4CEE-BCB9-31FAB0DA6DCE}.exe
C:\WINDOWS\SYSTEM32\{18D9BDBA-C36E-45D1-8E12-0C04D58D46CB}.exe
C:\WINDOWS\SYSTEM32\{13CC091F-4505-4FF3-898D-6EC881CA641F}.exe
C:\WINDOWS\SYSTEM32\{507B6D70-D256-461C-BB65-0386A87F62DC}.exe
C:\WINDOWS\SYSTEM32\{5A740F86-5D84-4F3A-8BC2-C38B9BAE5FA0}.exe
C:\WINDOWS\SYSTEM32\{EBA7F3FD-7DBD-497E-B90D-C031150FFF0C}.exe
C:\WINDOWS\SYSTEM32\{D1DFD43D-651F-4F2A-9A59-6CF8ADB12BBD}.exe
C:\WINDOWS\SYSTEM32\{349BEB70-069B-44DA-83A7-D762A6A03C88}.exe
C:\WINDOWS\SYSTEM32\{57C11735-B9DC-4574-9359-CE06C0D6B4E4}.exe
C:\WINDOWS\SYSTEM32\{F39559DC-0AB2-4066-B5D1-C63F4A7CE449}.exe
C:\WINDOWS\SYSTEM32\{74BE79F5-D42B-446E-8C8B-737643B847FD}.exe
C:\WINDOWS\SYSTEM32\{4D76598C-DFBF-45CA-9F9D-9E6410294895}.exe
C:\WINDOWS\SYSTEM32\{025201F1-382F-40C2-BFB4-5E25BCEEF188}.exe
C:\WINDOWS\SYSTEM32\{B03EC35E-5BDF-4CE6-96AB-EF77C8245E03}.exe
C:\WINDOWS\SYSTEM32\{E6852D0C-2ACA-468E-BF5C-ACE03C9096E2}.exe
C:\WINDOWS\SYSTEM32\{BEFA542F-6264-48E4-B280-5A0F0F407C94}.exe
C:\WINDOWS\SYSTEM32\{001AEE3C-A494-4CBC-B143-383D790E247A}.exe
C:\WINDOWS\SYSTEM32\{0DD49DA1-C926-4DD6-AF11-69705845A801}.exe
C:\WINDOWS\SYSTEM32\{49F456A1-814B-45F9-9570-5B279F31E5D2}.exe
C:\WINDOWS\SYSTEM32\{B20A7092-362F-42D3-8941-ECB0B3F220AF}.exe
C:\WINDOWS\SYSTEM32\{3F839337-4593-4F17-ADF7-E45559672105}.exe
C:\WINDOWS\SYSTEM32\{E0B735F7-7189-4F4A-BDF0-87565FB50F4A}.exe
C:\WINDOWS\SYSTEM32\{1F675775-4671-48BF-8440-2518B783D2DA}.exe
C:\WINDOWS\SYSTEM32\{38CB22F0-FB2A-48D2-860F-2AFC22776C44}.exe
C:\WINDOWS\SYSTEM32\{0CAB41D8-7347-4A83-A988-E9AEE208C3ED}.exe
C:\WINDOWS\SYSTEM32\{8A751796-15F5-41CB-B7E0-D14AF7BCE4B8}.exe
C:\WINDOWS\SYSTEM32\{6AC698FA-4D31-464C-9A9E-F7E75710C2C8}.exe
C:\WINDOWS\SYSTEM32\{1F05C59D-72AC-4E5F-B121-0501916DD58F}.exe
C:\WINDOWS\SYSTEM32\{451AEC48-8A60-4AF8-BB33-A6CCC27CD01C}.exe
C:\WINDOWS\SYSTEM32\{F62C710F-65E9-4FD8-944D-7D972B1F2454}.exe
C:\WINDOWS\SYSTEM32\{953F0CDC-4334-482C-8038-683D80328C6A}.exe
C:\WINDOWS\SYSTEM32\{147540D2-51B3-42BC-B241-A32547ECF980}.exe
C:\WINDOWS\SYSTEM32\{F8D0502D-EE80-4C4C-83ED-00CA6529340E}.exe
C:\WINDOWS\SYSTEM32\{88CC6DE0-8B1A-4FC1-8C34-7591FD9E486F}.exe
C:\WINDOWS\SYSTEM32\{9CF56672-75B5-4790-ACD9-C1769D0BC158}.exe
C:\WINDOWS\SYSTEM32\{5B195167-8477-4FE6-B6E3-68E617230399}.exe
C:\WINDOWS\SYSTEM32\{1F70AA56-CBF8-4CA1-9275-515059AD87A6}.exe
C:\WINDOWS\SYSTEM32\{51127D80-2FC2-4B0D-99F0-631948850584}.exe
C:\WINDOWS\SYSTEM32\{30D4C65B-2EA6-43D0-9257-3E9E01AA40BE}.exe
C:\WINDOWS\SYSTEM32\{89EEB314-CACE-4C8E-AED2-E56D3CD240CD}.exe
C:\WINDOWS\SYSTEM32\{6228B635-CDD2-4C97-9B13-FEF5AFFF30DD}.exe
C:\WINDOWS\SYSTEM32\{AC791BCD-2965-4ED6-8DF7-E3440EB6B6BB}.exe
C:\WINDOWS\SYSTEM32\{B712C9AB-BDA6-49B6-B95D-C19D00AAB493}.exe
C:\WINDOWS\SYSTEM32\{D1AEA95D-F0FB-4235-8151-31227E8EFF23}.exe
C:\WINDOWS\SYSTEM32\{C489994E-0C7B-4465-95B6-8ED8CB3366AC}.exe
C:\WINDOWS\SYSTEM32\{DB2167A0-1D17-43F2-B7DA-AE48ED39431F}.exe
C:\WINDOWS\SYSTEM32\{2D5D53B2-8C8D-4BBF-BE3B-758AADEB42A3}.exe
C:\WINDOWS\SYSTEM32\{40AB5C8E-2C87-476F-8831-ADE1987DBDC6}.exe
C:\WINDOWS\SYSTEM32\{15187213-90B7-4767-85A5-A75970579ED0}.exe
C:\WINDOWS\SYSTEM32\{AF5CABDE-44B2-4BE7-BFFA-16492580ECDB}.exe
C:\WINDOWS\SYSTEM32\{14F24C21-5797-4C89-B2F4-2E9AC815E2B8}.exe
C:\WINDOWS\SYSTEM32\{9852B7A3-2BA7-44BA-BAC8-9F4AA0C11F1E}.exe
C:\WINDOWS\SYSTEM32\{196847ED-6A5F-4793-92EA-E63DE3073447}.exe
C:\WINDOWS\SYSTEM32\{1DBC6121-85FC-4F42-A1AD-3C080918EE7A}.exe
C:\WINDOWS\SYSTEM32\{620BEE1D-ED53-4D0F-8161-297BEEE9F0C0}.exe
C:\WINDOWS\SYSTEM32\{1484D620-EB9C-46A2-A30E-7A1B97FA87F3}.exe
C:\WINDOWS\SYSTEM32\{6916126B-9A6A-424C-99F3-0B18E93A7019}.exe
C:\WINDOWS\SYSTEM32\{B33DF9D1-2893-4CFC-9F19-B4E16E29EBF1}.exe
C:\WINDOWS\SYSTEM32\{46DDDB20-3063-4572-92F0-98509B84C20B}.exe
C:\WINDOWS\SYSTEM32\{6FD08543-795D-44A1-8F2C-089901BF8A75}.exe
C:\WINDOWS\SYSTEM32\{92C52942-1F68-45A7-9C45-B7B62B0EFA09}.exe
C:\WINDOWS\SYSTEM32\{CC11893E-FBBE-4BEA-86D9-88966A058387}.exe
C:\WINDOWS\SYSTEM32\{90C864DC-DE34-43BA-9100-10BB231706AD}.exe
C:\WINDOWS\SYSTEM32\{6AE7FEEF-B6EB-4E8D-A61D-975649F0A9C1}.exe
C:\WINDOWS\SYSTEM32\{3B374F70-6F9A-47E4-9F22-AF6CE76A46C5}.exe
C:\WINDOWS\SYSTEM32\{7BAAC987-E12A-4B77-BFAB-930CE2645F6A}.exe
C:\WINDOWS\SYSTEM32\{90C20F75-04E3-44A7-9867-12CFDD337A8A}.exe
C:\WINDOWS\SYSTEM32\{50AB5303-7B78-40BB-ABBD-2D6B2EBB293F}.exe
C:\WINDOWS\SYSTEM32\{9E974623-AA54-4268-88E3-717CDB0B1828}.exe
C:\WINDOWS\SYSTEM32\{8B312EE6-6654-4734-B2AB-3E4CBD0A8D0E}.exe
C:\WINDOWS\SYSTEM32\{3A54EC33-C8C1-447F-A310-B90283681135}.exe
C:\WINDOWS\SYSTEM32\{17E55AFF-E3AD-423F-9B03-8710C8DDDE97}.exe
C:\WINDOWS\SYSTEM32\{36C6E79C-6E3D-460F-9FAB-321F8A15030A}.exe
C:\WINDOWS\SYSTEM32\{47BE0FA9-0A6A-4FB6-AB11-BF5FD4FD0D58}.exe
C:\WINDOWS\SYSTEM32\{99E803EC-303F-4504-A59D-24F0D5583A0D}.exe
C:\WINDOWS\SYSTEM32\{0DA32016-D3CE-4EDC-BEC0-075AA7F7CE80}.exe
C:\WINDOWS\SYSTEM32\{8B5C8951-EE98-4DE2-BD82-A6EAC65CC86C}.exe
C:\WINDOWS\SYSTEM32\{343ADD2D-861A-4499-BCB2-A977777230D0}.exe
C:\WINDOWS\SYSTEM32\{48D50C64-A6C7-48E5-9411-BB950BED0CA4}.exe
C:\WINDOWS\SYSTEM32\{BB54C277-7830-48CA-867C-7E66A00C28F6}.exe
C:\WINDOWS\SYSTEM32\{F365E93C-00C5-4E24-A517-4E0CF31A8DD0}.exe
C:\WINDOWS\SYSTEM32\{50FECE44-FD31-46E6-AA2B-612A6CB5760A}.exe
C:\WINDOWS\SYSTEM32\{E67C0257-F001-4A11-ADD8-DC08C9F0C002}.exe
C:\WINDOWS\SYSTEM32\{436C3648-992B-4939-BD1D-5B28A38D42AC}.exe
C:\WINDOWS\SYSTEM32\{648E52C1-22F1-4C17-A154-F43D130F5E4B}.exe
C:\WINDOWS\SYSTEM32\{ED7BB55A-6882-4972-9009-A050A51C91BA}.exe
C:\WINDOWS\SYSTEM32\{D684AF8E-29CB-48C8-97B3-33EDF0C99012}.exe
C:\WINDOWS\SYSTEM32\{BCADCD71-2A29-4027-9EAF-A415A6CD7722}.exe
C:\WINDOWS\SYSTEM32\{D1BBD95D-F840-4123-963D-A1515422EDB2}.exe
C:\WINDOWS\SYSTEM32\{75062958-73F7-4140-878D-D6A6F5DDECFC}.exe
C:\WINDOWS\SYSTEM32\{6C180C35-1032-48CB-89F0-1AF02941E1F8}.exe
C:\WINDOWS\SYSTEM32\{E040B328-EA56-494C-A1E8-485F48583BE5}.exe
C:\WINDOWS\SYSTEM32\{46AD3D5D-D496-4D6B-AD29-2DA42821DB35}.exe
C:\WINDOWS\SYSTEM32\{6497F1D9-18EB-4EA5-9A16-1F48EB68A27E}.exe
C:\WINDOWS\SYSTEM32\{2502D558-B148-42F6-99D5-0FB945B8DA94}.exe
C:\WINDOWS\SYSTEM32\{2088F692-DFE2-4213-9C4A-DCD1F14AE600}.exe
C:\WINDOWS\SYSTEM32\{0DC5B136-C675-4C38-AB3A-1770B4D9DCF9}.exe
C:\WINDOWS\SYSTEM32\{D43B5C53-6603-4751-9EBF-37E01D46AEC6}.exe
C:\WINDOWS\SYSTEM32\{E29B85AB-C825-4B8D-BF04-4CB9298D762F}.exe
C:\WINDOWS\SYSTEM32\{4889DC29-A321-46C6-A04B-E83A562BA1C7}.exe
C:\WINDOWS\SYSTEM32\{E3CDBCEE-5106-4BFF-9EE7-A6CD883BA409}.exe
C:\WINDOWS\SYSTEM32\{9BADC31A-379E-40F5-B2FC-FBDD83DBBFD4}.exe
C:\WINDOWS\SYSTEM32\{236DA184-E308-44BA-85FE-E5EBF09016F4}.exe
C:\WINDOWS\SYSTEM32\{488983F2-FA8A-4A62-9C32-97CF8C95C70F}.exe
C:\WINDOWS\SYSTEM32\{50022817-E455-4732-8FAD-E63F95387DBE}.exe
C:\WINDOWS\SYSTEM32\{BACC1EA1-84CD-4A7D-9279-BA576DBBE9FF}.exe
C:\WINDOWS\SYSTEM32\{0F85DDF5-9701-4CEE-8E56-EF6AF626E08F}.exe
C:\WINDOWS\SYSTEM32\{2A358812-A72C-4FFC-AF5D-536663C83FE1}.exe
C:\WINDOWS\SYSTEM32\{320B6A63-6B3C-4C74-BDDF-CC6922E36A82}.exe
C:\WINDOWS\SYSTEM32\{B4C1C5F1-F8E8-4D11-A1C6-83481EE70572}.exe
C:\WINDOWS\SYSTEM32\{1F2DD5DF-AF00-40E3-B1F0-3839E226E32C}.exe
C:\WINDOWS\SYSTEM32\{874706E1-83C2-43A3-94D8-CDBC2CA9EFBF}.exe
C:\WINDOWS\SYSTEM32\{5F1493E2-5F3A-48B5-A367-85F1F5DA926E}.exe
C:\WINDOWS\SYSTEM32\{2AE0897A-BADD-4E6D-9B63-731128A0D5B6}.exe
C:\WINDOWS\SYSTEM32\{4C8A7CAF-B449-4F1F-BEB5-5B110F410672}.exe
C:\WINDOWS\SYSTEM32\{C3570453-870D-4E16-8F92-FA341F825FDC}.exe
C:\WINDOWS\SYSTEM32\{929C9F31-7E55-4142-8BF9-00419F9AB9F9}.exe
C:\WINDOWS\SYSTEM32\{64176B93-441C-4DA5-90DE-1AB1708156BE}.exe
C:\WINDOWS\SYSTEM32\{B8D441CC-8E1D-4C43-B88D-8730AA3B4885}.exe
C:\WINDOWS\SYSTEM32\{ACD221A4-9E12-4D18-A34E-DD8C7BB2C82E}.exe
C:\WINDOWS\SYSTEM32\{1343CC02-16A5-4609-B5FE-233ED72B52C9}.exe
C:\WINDOWS\SYSTEM32\{6D4A2B97-EEAA-4D8D-8ACE-ED945BDC4CD6}.exe
C:\WINDOWS\SYSTEM32\{9F368FBC-13E4-4DF5-980E-F023DE278463}.exe
C:\WINDOWS\SYSTEM32\{CBA0BB22-68A5-42F4-87B5-9BA69C5BCC45}.exe
C:\WINDOWS\SYSTEM32\{9447A2B6-EE92-49DE-96C8-BA04D667A3F4}.exe
C:\WINDOWS\SYSTEM32\{E4C7DF6F-D1DF-4402-BABD-361D145D8875}.exe
C:\WINDOWS\SYSTEM32\{F254AB96-F97B-4CF2-8870-792F12FF3954}.exe
C:\WINDOWS\SYSTEM32\{A1A5BE2B-CE92-407A-A1A3-C7B8A06C187B}.exe
C:\WINDOWS\SYSTEM32\{66B9AFEF-2D3D-448C-A229-0FF832C5C71D}.exe
C:\WINDOWS\SYSTEM32\{08D26597-1581-4A28-95AC-CC34B5197ABD}.exe
C:\WINDOWS\SYSTEM32\{F0F7FB1F-DC30-4D1D-A44B-C5B9CF4B8A17}.exe
C:\WINDOWS\SYSTEM32\{15F68937-89B9-43A1-ACDE-9E72D94CE067}.exe
C:\WINDOWS\SYSTEM32\{452CD813-CAB3-47F0-A096-9A14745C9F65}.exe
C:\WINDOWS\SYSTEM32\{1702ADDA-79F7-4A27-A5E5-E3C2C4965F8E}.exe
C:\WINDOWS\SYSTEM32\{ABA9F9A1-79A8-4750-BDB6-2BB13D936F00}.exe
C:\WINDOWS\SYSTEM32\{C6A9A34C-C61C-4A0E-90FF-43B103AF891D}.exe
C:\WINDOWS\SYSTEM32\{7C4E88F0-C7A0-4357-A0C4-4E4751FDD2B3}.exe
C:\WINDOWS\SYSTEM32\{044B31B8-FBF6-46B4-AC19-BA8E542F1A08}.exe
C:\WINDOWS\SYSTEM32\{E13FA814-2A40-4CC1-B215-9FEDBE98F787}.exe
C:\WINDOWS\SYSTEM32\{AFFDF45F-7657-4C7C-AD79-C843964C9028}.exe
C:\WINDOWS\SYSTEM32\{4A26E74B-B96F-4831-A1F0-1E3FAEC89CFB}.exe
C:\WINDOWS\SYSTEM32\{39E13466-2FC0-48BA-96BB-27ACA7101243}.exe
C:\WINDOWS\SYSTEM32\{7D9099F0-3D1E-45F6-8093-CB1856065B7B}.exe
C:\WINDOWS\SYSTEM32\{62C35C9A-F0CC-44C6-ADB2-A4127BCDCEF5}.exe
C:\WINDOWS\SYSTEM32\{E1B63546-266A-4788-8E5F-CF4CA9DC4F1B}.exe
C:\WINDOWS\SYSTEM32\{F51EEE19-DC6D-41D3-99EB-67C83E941345}.exe
C:\WINDOWS\SYSTEM32\{82D778BC-7D52-4B34-8AF0-BAE6B9C8B881}.exe
C:\WINDOWS\SYSTEM32\{4E29C674-41B1-4116-8D79-1343D85F34DE}.exe
C:\WINDOWS\SYSTEM32\{F5F11A9E-879B-42CA-ACAF-0F4C7C17435B}.exe
C:\WINDOWS\SYSTEM32\{DFABDB72-A92C-4117-AB42-9F8D3507CD39}.exe
C:\WINDOWS\SYSTEM32\{05AF33F1-A727-4CB8-8922-3D4AE8FBD0A5}.exe
C:\WINDOWS\SYSTEM32\{8AE295B6-5B77-4419-B65A-136878FD24AE}.exe
C:\WINDOWS\SYSTEM32\{565423ED-3F3F-4A7D-B3B5-BFC85D49FB70}.exe
C:\WINDOWS\SYSTEM32\{C533C9A6-231D-48D4-8615-4B3351E3EA3D}.exe
C:\WINDOWS\SYSTEM32\{C695714E-4E6E-4840-A3F6-B1DCF421F127}.exe
C:\WINDOWS\SYSTEM32\{2E7469E6-B4AC-4392-91D9-FF91B4B97DE0}.exe
C:\WINDOWS\SYSTEM32\{855C3DB9-BD45-496A-A332-050F7BB7240F}.exe
C:\WINDOWS\SYSTEM32\{D95C07C7-FF38-4D7F-A29F-1A0B5F3B5228}.exe
C:\WINDOWS\SYSTEM32\{0EB3030A-34B1-4912-A2F0-8661B77697D5}.exe
C:\WINDOWS\SYSTEM32\{B72070A3-6F3B-493A-914A-E1E7DA305D14}.exe
C:\WINDOWS\SYSTEM32\{336FBB17-EC79-48E8-9E38-9361BB8A29C7}.exe
C:\WINDOWS\SYSTEM32\{A6BA4177-1467-413D-932F-60F81BAC1D02}.exe
C:\WINDOWS\SYSTEM32\{2518A71F-E43F-42A2-95FA-F0ED2D9215C4}.exe
C:\WINDOWS\SYSTEM32\{64B40888-ABCB-41CD-A159-7B7211668180}.exe
C:\WINDOWS\SYSTEM32\{CBF5EBD2-73F3-4B6B-AF1B-D204E7C6EFA0}.exe
C:\WINDOWS\SYSTEM32\{4CFEF30C-D110-422C-A6D0-CB94E3BD2F5E}.exe
C:\WINDOWS\SYSTEM32\{2CF70192-6846-41AB-A76D-B28C44B55ACC}.exe
C:\WINDOWS\SYSTEM32\{B9990D1B-9132-4E02-AF88-F96DBC35DA94}.exe
C:\WINDOWS\SYSTEM32\{ECCEA3C0-0D38-46D3-BB3A-12AD9BD22BCD}.exe
C:\WINDOWS\SYSTEM32\{C13C1CE1-C533-4CA1-B52B-B7963FB67069}.exe
C:\WINDOWS\SYSTEM32\{28DB2E74-22C3-418D-97A5-0BA5DB5B8C90}.exe
C:\WINDOWS\SYSTEM32\{DBBC12CD-3C2C-4A86-ACD3-A17E475C6466}.exe
C:\WINDOWS\SYSTEM32\{BA3F17B8-1524-4FFE-908C-3F5D6519B6BB}.exe
C:\WINDOWS\SYSTEM32\{6A67A252-E090-48DF-A866-D56D5AAC45DA}.exe
C:\WINDOWS\SYSTEM32\{53016938-0C9C-4CBB-A011-E28A2ECE93B8}.exe
C:\WINDOWS\SYSTEM32\{CAE279EB-FF44-4336-96AF-B94F273E713B}.exe
C:\WINDOWS\SYSTEM32\{A15D421D-166E-41CE-9E34-B36A9D3EEFD0}.exe
C:\WINDOWS\SYSTEM32\{AB94F3DE-92F2-4DAD-BB38-993B6010F61C}.exe
C:\WINDOWS\SYSTEM32\{2CF4CE8B-4CED-4691-A267-36959550869A}.exe
C:\WINDOWS\SYSTEM32\{31F3C897-0F4E-4F30-84D8-189F748C68F9}.exe
C:\WINDOWS\SYSTEM32\{B1C4888B-ADD9-43F7-BDC7-6159B64A6AF6}.exe
C:\WINDOWS\SYSTEM32\{75BD43E7-8CE1-4015-B3A9-292DA8C40ED2}.exe
C:\WINDOWS\SYSTEM32\{07B1C636-0A9D-4783-99CC-8152D579DDCC}.exe
C:\WINDOWS\SYSTEM32\{E3C49BA0-F125-4CA4-926E-757F252386E7}.exe
C:\WINDOWS\SYSTEM32\{84E2FE2B-8631-4769-909A-550115AC9F38}.exe
C:\WINDOWS\SYSTEM32\{4B9D65D5-586F-4C63-9F00-81B28771CC24}.exe
C:\WINDOWS\SYSTEM32\{9047B82D-A362-494A-BB09-31375699297E}.exe
C:\WINDOWS\SYSTEM32\{33F37F09-2C26-4926-A69C-4E09644FB599}.exe
C:\WINDOWS\SYSTEM32\{E687C883-4BE3-4543-9B66-3ED7EEE4A661}.exe
C:\WINDOWS\SYSTEM32\{B4041713-3F19-479D-A65F-332E18A17C54}.exe
C:\WINDOWS\SYSTEM32\{A0BCD594-9A65-4115-A729-3975C75C9FC9}.exe
C:\WINDOWS\SYSTEM32\{62AC51EC-788A-4D97-8F3B-6842CAED1A52}.exe
C:\WINDOWS\SYSTEM32\{CEAC8D5D-AB6B-4055-8944-9130D5B45996}.exe
C:\WINDOWS\SYSTEM32\{716AD6F2-C00C-43DD-85BD-219906E73F2D}.exe
C:\WINDOWS\SYSTEM32\{CA1F205D-B80F-4A0B-BA65-2664AFB9E6A4}.exe
C:\WINDOWS\SYSTEM32\{0CBC1A4A-A07E-4DD1-B00D-F10C1DE11605}.exe
C:\WINDOWS\SYSTEM32\{E582ED9E-DBCA-428F-8F5A-371F6F7A3D5C}.exe
C:\WINDOWS\SYSTEM32\{DDD5D858-40FB-4CD9-B216-213043749EF9}.exe
C:\WINDOWS\SYSTEM32\{6C0FA57D-B662-4840-BFFC-B703FDC30883}.exe
C:\WINDOWS\SYSTEM32\{0D0642EC-DB62-4F49-BA95-7AD1A38FF9A4}.exe
C:\WINDOWS\SYSTEM32\{2F1E8E87-6D82-4756-8162-910B486CD862}.exe
C:\WINDOWS\SYSTEM32\{A1CBB198-E167-4905-A0AB-7FB37347AF45}.exe
C:\WINDOWS\SYSTEM32\{7E120E6D-78EF-4AE9-8256-6B53D4841534}.exe
C:\WINDOWS\SYSTEM32\{256BA07C-3A46-4D88-BAE2-31CB71B61FD6}.exe
C:\WINDOWS\SYSTEM32\{0CF032B2-B35B-443B-91C8-DA41F9E73982}.exe
C:\WINDOWS\SYSTEM32\{4E785ED6-8F76-4068-A0A0-424A9A20A35A}.exe
C:\WINDOWS\SYSTEM32\{19F0DD6A-B1C6-42B8-9E3F-2646C1374773}.exe
C:\WINDOWS\SYSTEM32\{348EA594-71EA-4C33-89F9-A4213A6C414D}.exe
C:\WINDOWS\SYSTEM32\{498046D6-9976-4E4A-B58B-8D07C6DB9B48}.exe
C:\WINDOWS\SYSTEM32\{F79BE596-BE38-45A3-9C1E-48B8CA840E8A}.exe
C:\WINDOWS\SYSTEM32\{95E19E98-390D-4D19-8AD6-63485DCD6694}.exe
C:\WINDOWS\SYSTEM32\{3AF0CDF9-F8C9-42C8-A9CC-679CEA3FC1AB}.exe
C:\WINDOWS\SYSTEM32\{A108A9B2-E472-4E96-9E69-8996874DDFDF}.exe
C:\WINDOWS\SYSTEM32\{30EC7656-D8AA-4AD9-A979-EF521C929240}.exe
C:\WINDOWS\SYSTEM32\{35AF7E25-0FFA-4AE6-A65D-004526054996}.exe
C:\WINDOWS\SYSTEM32\{74E1E6DB-6307-4BB5-B31D-50CDE04E231B}.exe
C:\WINDOWS\SYSTEM32\{49672D22-4D8C-4AB3-B9CD-ADFC12FEF86D}.exe
C:\WINDOWS\SYSTEM32\{0CDF1C2A-CA2D-456F-815B-F976DFD51BD1}.exe
C:\WINDOWS\SYSTEM32\{9EEBFBD3-9624-4706-94BD-9EEF305147C6}.exe
C:\WINDOWS\SYSTEM32\{65A289EA-6543-4AE8-863E-B0BBEE0F37DA}.exe
C:\WINDOWS\SYSTEM32\{4A545411-5C76-48C0-AE2C-D828A0CE6D9C}.exe
C:\WINDOWS\SYSTEM32\{94FE3A96-86ED-4CFF-9AEF-ABC3E316168A}.exe
C:\WINDOWS\SYSTEM32\{CBB0BA70-F37D-41F1-A74F-25EA04C46AC1}.exe
C:\WINDOWS\SYSTEM32\{CAAFEA8C-D0F0-4E01-9174-60613372AE1F}.exe
C:\WINDOWS\SYSTEM32\{53472971-FCA8-451C-A810-0C0031180B96}.exe
C:\WINDOWS\SYSTEM32\{12B02F93-3F87-418D-9551-D274F1907EEE}.exe
C:\WINDOWS\SYSTEM32\{E19E7557-A1B4-4E78-87E9-9DE21EF605F1}.exe
C:\WINDOWS\SYSTEM32\{B2B71166-B53D-48AA-8CF2-4EA46FEC5DE4}.exe
C:\WINDOWS\SYSTEM32\{7E601680-93BA-4381-89F9-8DC046D8DD56}.exe
C:\WINDOWS\SYSTEM32\{27BA9198-733E-438B-8972-DC15C713F3FB}.exe
C:\WINDOWS\SYSTEM32\{D3762BE6-4965-48F9-9519-C0EE8F8428D0}.exe
C:\WINDOWS\SYSTEM32\{45B6DD4F-5AB1-46BD-9F07-47F685B91187}.exe
C:\WINDOWS\SYSTEM32\{2913B512-005C-46B7-A0E3-C9462ADA6025}.exe
C:\WINDOWS\SYSTEM32\{31818EF7-E04C-4BE7-A8A3-22130B6D95E7}.exe
C:\WINDOWS\SYSTEM32\{0873F0D4-A3EF-424B-AE97-50460A9AD2AB}.exe
C:\WINDOWS\SYSTEM32\{508EE88B-2A10-4F4C-A10F-DAD2BFF2702E}.exe
C:\WINDOWS\SYSTEM32\{EB5C9748-1C8B-4F6E-9E89-2CA38085427E}.exe
C:\WINDOWS\SYSTEM32\{1618B90E-8148-4A99-BC12-0DF5303300CB}.exe
C:\WINDOWS\SYSTEM32\{45B06DB6-D9C3-413D-A35E-E67E4A958674}.exe
C:\WINDOWS\SYSTEM32\{BB2F73CE-5295-415D-82A3-A24932286D8B}.exe
C:\WINDOWS\SYSTEM32\{50ADBDD9-50E2-4D97-B7B7-9C17E959CA12}.exe
C:\WINDOWS\SYSTEM32\{098229E9-B238-4414-AF7D-81312E65FC22}.exe
C:\WINDOWS\system32\czcsi.exe
C:\WINDOWS\system32\jopplerg.exe
C:\WINDOWS\system32\defect08.exe
C:\WINDOWS\system32\ExchangeMaster.exe
C:\WINDOWS\system32\teqq32.exe
C:\WINDOWS\system32\ActionScr.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

when it reboots boot to safe mode &

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


R3 - URLSearchHook: (no name) - {3AC12ED5-2B5D-74DF-8070-0657E964F5CF} - Bogobot.dll (file missing)


O4 - HKLM\..\Run: [Testimonials] jopplerg.exe
O4 - HKLM\..\Run: [Shaitan1678] defect08.exe
O4 - HKLM\..\Run: [czcsi.exe] C:\WINDOWS\system32\czcsi.exe
O4 - HKCU\..\Run: [ssweeper] ExchangeMaster.exe
O4 - HKCU\..\Run: [bingo9] teqq32.exe
O4 - HKCU\..\Run: [TForm1] ActionScr.exe


O17 - HKLM\System\CCS\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6A6C4E-FA4A-4F15-BF84-47C70AE3728C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{6032A1D5-65D0-4C41-98F4-EAB00CC6A3FC}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC6D420C-853D-4FED-8ECB-2A2CCEE4699E}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{B97609D9-F12B-420E-9DB1-075A560C4476}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B5FC003-63CC-4F5F-A246-B80D079E9CD8}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227

Now we need to reset your hijacked DNS settings

To set your DNS, you need to find the Internet Protocol window.

For Users on a Dial-up Connection:
Go to My Computer>Dialup Networking.
Right-click your internet connection and select Properties.
A window will open - click the Server Types tab. Click TCP/IP Settings.

For All Other Users:
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.

You will see a window - this is the Internet Protocol window. Select "Obtain DNS server automatically" and press OK

now go to start/run & type cmd press OK

when the black screen opens type this exactly including all spaces

ipconfig /flushdns and press OK then close that black screen

reboot & post a fresh HJT log please
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
and then

  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click " Configure Scan Options"
  • Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!. It will be too big to post so you will need to attach it to your reply
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aaudambt

*******************

Script file located at: \??\C:\Documents and Settings\mbsrawia.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\DMJRZ.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\DMNOA.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\DMXKW.EXE deleted successfully.
File C:\WINDOWS\SYSTEM32\{68258CE4-1E97-4D41-A87C-662DABB3375F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6574DFC6-EFBB-481A-B182-57FE78F7E1BE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D578753A-4C1C-4F75-B65C-5C763A4ED23E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{F0FBDFCB-738B-471E-9183-BE050E3AAC62}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2DBA3727-B9EF-4CEE-BCB9-31FAB0DA6DCE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{18D9BDBA-C36E-45D1-8E12-0C04D58D46CB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{13CC091F-4505-4FF3-898D-6EC881CA641F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{507B6D70-D256-461C-BB65-0386A87F62DC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{5A740F86-5D84-4F3A-8BC2-C38B9BAE5FA0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{EBA7F3FD-7DBD-497E-B90D-C031150FFF0C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D1DFD43D-651F-4F2A-9A59-6CF8ADB12BBD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{349BEB70-069B-44DA-83A7-D762A6A03C88}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{57C11735-B9DC-4574-9359-CE06C0D6B4E4}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F39559DC-0AB2-4066-B5D1-C63F4A7CE449}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F39559DC-0AB2-4066-B5D1-C63F4A7CE449}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F39559DC-0AB2-4066-B5D1-C63F4A7CE449}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{74BE79F5-D42B-446E-8C8B-737643B847FD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4D76598C-DFBF-45CA-9F9D-9E6410294895}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{025201F1-382F-40C2-BFB4-5E25BCEEF188}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B03EC35E-5BDF-4CE6-96AB-EF77C8245E03}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E6852D0C-2ACA-468E-BF5C-ACE03C9096E2}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BEFA542F-6264-48E4-B280-5A0F0F407C94}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{001AEE3C-A494-4CBC-B143-383D790E247A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0DD49DA1-C926-4DD6-AF11-69705845A801}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{49F456A1-814B-45F9-9570-5B279F31E5D2}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B20A7092-362F-42D3-8941-ECB0B3F220AF}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{3F839337-4593-4F17-ADF7-E45559672105}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E0B735F7-7189-4F4A-BDF0-87565FB50F4A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1F675775-4671-48BF-8440-2518B783D2DA}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{38CB22F0-FB2A-48D2-860F-2AFC22776C44}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0CAB41D8-7347-4A83-A988-E9AEE208C3ED}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{8A751796-15F5-41CB-B7E0-D14AF7BCE4B8}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6AC698FA-4D31-464C-9A9E-F7E75710C2C8}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1F05C59D-72AC-4E5F-B121-0501916DD58F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{451AEC48-8A60-4AF8-BB33-A6CCC27CD01C}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F62C710F-65E9-4FD8-944D-7D972B1F2454}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F62C710F-65E9-4FD8-944D-7D972B1F2454}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F62C710F-65E9-4FD8-944D-7D972B1F2454}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{953F0CDC-4334-482C-8038-683D80328C6A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{147540D2-51B3-42BC-B241-A32547ECF980}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F8D0502D-EE80-4C4C-83ED-00CA6529340E}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F8D0502D-EE80-4C4C-83ED-00CA6529340E}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F8D0502D-EE80-4C4C-83ED-00CA6529340E}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{88CC6DE0-8B1A-4FC1-8C34-7591FD9E486F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9CF56672-75B5-4790-ACD9-C1769D0BC158}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{5B195167-8477-4FE6-B6E3-68E617230399}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1F70AA56-CBF8-4CA1-9275-515059AD87A6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{51127D80-2FC2-4B0D-99F0-631948850584}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{30D4C65B-2EA6-43D0-9257-3E9E01AA40BE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{89EEB314-CACE-4C8E-AED2-E56D3CD240CD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6228B635-CDD2-4C97-9B13-FEF5AFFF30DD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{AC791BCD-2965-4ED6-8DF7-E3440EB6B6BB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B712C9AB-BDA6-49B6-B95D-C19D00AAB493}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D1AEA95D-F0FB-4235-8151-31227E8EFF23}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C489994E-0C7B-4465-95B6-8ED8CB3366AC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{DB2167A0-1D17-43F2-B7DA-AE48ED39431F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2D5D53B2-8C8D-4BBF-BE3B-758AADEB42A3}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{40AB5C8E-2C87-476F-8831-ADE1987DBDC6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{15187213-90B7-4767-85A5-A75970579ED0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{AF5CABDE-44B2-4BE7-BFFA-16492580ECDB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{14F24C21-5797-4C89-B2F4-2E9AC815E2B8}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9852B7A3-2BA7-44BA-BAC8-9F4AA0C11F1E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{196847ED-6A5F-4793-92EA-E63DE3073447}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1DBC6121-85FC-4F42-A1AD-3C080918EE7A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{620BEE1D-ED53-4D0F-8161-297BEEE9F0C0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1484D620-EB9C-46A2-A30E-7A1B97FA87F3}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6916126B-9A6A-424C-99F3-0B18E93A7019}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B33DF9D1-2893-4CFC-9F19-B4E16E29EBF1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{46DDDB20-3063-4572-92F0-98509B84C20B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6FD08543-795D-44A1-8F2C-089901BF8A75}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{92C52942-1F68-45A7-9C45-B7B62B0EFA09}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CC11893E-FBBE-4BEA-86D9-88966A058387}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{90C864DC-DE34-43BA-9100-10BB231706AD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6AE7FEEF-B6EB-4E8D-A61D-975649F0A9C1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{3B374F70-6F9A-47E4-9F22-AF6CE76A46C5}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{7BAAC987-E12A-4B77-BFAB-930CE2645F6A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{90C20F75-04E3-44A7-9867-12CFDD337A8A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{50AB5303-7B78-40BB-ABBD-2D6B2EBB293F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9E974623-AA54-4268-88E3-717CDB0B1828}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{8B312EE6-6654-4734-B2AB-3E4CBD0A8D0E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{3A54EC33-C8C1-447F-A310-B90283681135}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{17E55AFF-E3AD-423F-9B03-8710C8DDDE97}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{36C6E79C-6E3D-460F-9FAB-321F8A15030A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{47BE0FA9-0A6A-4FB6-AB11-BF5FD4FD0D58}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{99E803EC-303F-4504-A59D-24F0D5583A0D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0DA32016-D3CE-4EDC-BEC0-075AA7F7CE80}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{8B5C8951-EE98-4DE2-BD82-A6EAC65CC86C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{343ADD2D-861A-4499-BCB2-A977777230D0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{48D50C64-A6C7-48E5-9411-BB950BED0CA4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BB54C277-7830-48CA-867C-7E66A00C28F6}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F365E93C-00C5-4E24-A517-4E0CF31A8DD0}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F365E93C-00C5-4E24-A517-4E0CF31A8DD0}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F365E93C-00C5-4E24-A517-4E0CF31A8DD0}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{50FECE44-FD31-46E6-AA2B-612A6CB5760A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E67C0257-F001-4A11-ADD8-DC08C9F0C002}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{436C3648-992B-4939-BD1D-5B28A38D42AC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{648E52C1-22F1-4C17-A154-F43D130F5E4B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{ED7BB55A-6882-4972-9009-A050A51C91BA}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D684AF8E-29CB-48C8-97B3-33EDF0C99012}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BCADCD71-2A29-4027-9EAF-A415A6CD7722}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D1BBD95D-F840-4123-963D-A1515422EDB2}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{75062958-73F7-4140-878D-D6A6F5DDECFC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6C180C35-1032-48CB-89F0-1AF02941E1F8}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E040B328-EA56-494C-A1E8-485F48583BE5}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{46AD3D5D-D496-4D6B-AD29-2DA42821DB35}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6497F1D9-18EB-4EA5-9A16-1F48EB68A27E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2502D558-B148-42F6-99D5-0FB945B8DA94}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2088F692-DFE2-4213-9C4A-DCD1F14AE600}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0DC5B136-C675-4C38-AB3A-1770B4D9DCF9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D43B5C53-6603-4751-9EBF-37E01D46AEC6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E29B85AB-C825-4B8D-BF04-4CB9298D762F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4889DC29-A321-46C6-A04B-E83A562BA1C7}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E3CDBCEE-5106-4BFF-9EE7-A6CD883BA409}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9BADC31A-379E-40F5-B2FC-FBDD83DBBFD4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{236DA184-E308-44BA-85FE-E5EBF09016F4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{488983F2-FA8A-4A62-9C32-97CF8C95C70F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{50022817-E455-4732-8FAD-E63F95387DBE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BACC1EA1-84CD-4A7D-9279-BA576DBBE9FF}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0F85DDF5-9701-4CEE-8E56-EF6AF626E08F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2A358812-A72C-4FFC-AF5D-536663C83FE1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{320B6A63-6B3C-4C74-BDDF-CC6922E36A82}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B4C1C5F1-F8E8-4D11-A1C6-83481EE70572}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1F2DD5DF-AF00-40E3-B1F0-3839E226E32C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{874706E1-83C2-43A3-94D8-CDBC2CA9EFBF}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{5F1493E2-5F3A-48B5-A367-85F1F5DA926E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2AE0897A-BADD-4E6D-9B63-731128A0D5B6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4C8A7CAF-B449-4F1F-BEB5-5B110F410672}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C3570453-870D-4E16-8F92-FA341F825FDC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{929C9F31-7E55-4142-8BF9-00419F9AB9F9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{64176B93-441C-4DA5-90DE-1AB1708156BE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B8D441CC-8E1D-4C43-B88D-8730AA3B4885}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{ACD221A4-9E12-4D18-A34E-DD8C7BB2C82E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1343CC02-16A5-4609-B5FE-233ED72B52C9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6D4A2B97-EEAA-4D8D-8ACE-ED945BDC4CD6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9F368FBC-13E4-4DF5-980E-F023DE278463}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CBA0BB22-68A5-42F4-87B5-9BA69C5BCC45}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9447A2B6-EE92-49DE-96C8-BA04D667A3F4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E4C7DF6F-D1DF-4402-BABD-361D145D8875}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F254AB96-F97B-4CF2-8870-792F12FF3954}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F254AB96-F97B-4CF2-8870-792F12FF3954}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F254AB96-F97B-4CF2-8870-792F12FF3954}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{A1A5BE2B-CE92-407A-A1A3-C7B8A06C187B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{66B9AFEF-2D3D-448C-A229-0FF832C5C71D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{08D26597-1581-4A28-95AC-CC34B5197ABD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{F0F7FB1F-DC30-4D1D-A44B-C5B9CF4B8A17}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{15F68937-89B9-43A1-ACDE-9E72D94CE067}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{452CD813-CAB3-47F0-A096-9A14745C9F65}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1702ADDA-79F7-4A27-A5E5-E3C2C4965F8E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{ABA9F9A1-79A8-4750-BDB6-2BB13D936F00}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C6A9A34C-C61C-4A0E-90FF-43B103AF891D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{7C4E88F0-C7A0-4357-A0C4-4E4751FDD2B3}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{044B31B8-FBF6-46B4-AC19-BA8E542F1A08}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E13FA814-2A40-4CC1-B215-9FEDBE98F787}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{AFFDF45F-7657-4C7C-AD79-C843964C9028}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4A26E74B-B96F-4831-A1F0-1E3FAEC89CFB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{39E13466-2FC0-48BA-96BB-27ACA7101243}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{7D9099F0-3D1E-45F6-8093-CB1856065B7B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{62C35C9A-F0CC-44C6-ADB2-A4127BCDCEF5}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E1B63546-266A-4788-8E5F-CF4CA9DC4F1B}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F51EEE19-DC6D-41D3-99EB-67C83E941345}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F51EEE19-DC6D-41D3-99EB-67C83E941345}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F51EEE19-DC6D-41D3-99EB-67C83E941345}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{82D778BC-7D52-4B34-8AF0-BAE6B9C8B881}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4E29C674-41B1-4116-8D79-1343D85F34DE}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F5F11A9E-879B-42CA-ACAF-0F4C7C17435B}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F5F11A9E-879B-42CA-ACAF-0F4C7C17435B}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F5F11A9E-879B-42CA-ACAF-0F4C7C17435B}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{DFABDB72-A92C-4117-AB42-9F8D3507CD39}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{05AF33F1-A727-4CB8-8922-3D4AE8FBD0A5}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{8AE295B6-5B77-4419-B65A-136878FD24AE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{565423ED-3F3F-4A7D-B3B5-BFC85D49FB70}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C533C9A6-231D-48D4-8615-4B3351E3EA3D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C695714E-4E6E-4840-A3F6-B1DCF421F127}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2E7469E6-B4AC-4392-91D9-FF91B4B97DE0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{855C3DB9-BD45-496A-A332-050F7BB7240F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D95C07C7-FF38-4D7F-A29F-1A0B5F3B5228}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0EB3030A-34B1-4912-A2F0-8661B77697D5}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B72070A3-6F3B-493A-914A-E1E7DA305D14}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{336FBB17-EC79-48E8-9E38-9361BB8A29C7}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{A6BA4177-1467-413D-932F-60F81BAC1D02}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2518A71F-E43F-42A2-95FA-F0ED2D9215C4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{64B40888-ABCB-41CD-A159-7B7211668180}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CBF5EBD2-73F3-4B6B-AF1B-D204E7C6EFA0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4CFEF30C-D110-422C-A6D0-CB94E3BD2F5E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2CF70192-6846-41AB-A76D-B28C44B55ACC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B9990D1B-9132-4E02-AF88-F96DBC35DA94}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{ECCEA3C0-0D38-46D3-BB3A-12AD9BD22BCD}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{C13C1CE1-C533-4CA1-B52B-B7963FB67069}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{28DB2E74-22C3-418D-97A5-0BA5DB5B8C90}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{DBBC12CD-3C2C-4A86-ACD3-A17E475C6466}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BA3F17B8-1524-4FFE-908C-3F5D6519B6BB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6A67A252-E090-48DF-A866-D56D5AAC45DA}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{53016938-0C9C-4CBB-A011-E28A2ECE93B8}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CAE279EB-FF44-4336-96AF-B94F273E713B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{A15D421D-166E-41CE-9E34-B36A9D3EEFD0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{AB94F3DE-92F2-4DAD-BB38-993B6010F61C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2CF4CE8B-4CED-4691-A267-36959550869A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{31F3C897-0F4E-4F30-84D8-189F748C68F9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B1C4888B-ADD9-43F7-BDC7-6159B64A6AF6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{75BD43E7-8CE1-4015-B3A9-292DA8C40ED2}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{07B1C636-0A9D-4783-99CC-8152D579DDCC}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E3C49BA0-F125-4CA4-926E-757F252386E7}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{84E2FE2B-8631-4769-909A-550115AC9F38}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4B9D65D5-586F-4C63-9F00-81B28771CC24}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9047B82D-A362-494A-BB09-31375699297E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{33F37F09-2C26-4926-A69C-4E09644FB599}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E687C883-4BE3-4543-9B66-3ED7EEE4A661}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B4041713-3F19-479D-A65F-332E18A17C54}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{A0BCD594-9A65-4115-A729-3975C75C9FC9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{62AC51EC-788A-4D97-8F3B-6842CAED1A52}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CEAC8D5D-AB6B-4055-8944-9130D5B45996}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{716AD6F2-C00C-43DD-85BD-219906E73F2D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CA1F205D-B80F-4A0B-BA65-2664AFB9E6A4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0CBC1A4A-A07E-4DD1-B00D-F10C1DE11605}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E582ED9E-DBCA-428F-8F5A-371F6F7A3D5C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{DDD5D858-40FB-4CD9-B216-213043749EF9}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{6C0FA57D-B662-4840-BFFC-B703FDC30883}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0D0642EC-DB62-4F49-BA95-7AD1A38FF9A4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2F1E8E87-6D82-4756-8162-910B486CD862}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{A1CBB198-E167-4905-A0AB-7FB37347AF45}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{7E120E6D-78EF-4AE9-8256-6B53D4841534}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{256BA07C-3A46-4D88-BAE2-31CB71B61FD6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0CF032B2-B35B-443B-91C8-DA41F9E73982}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4E785ED6-8F76-4068-A0A0-424A9A20A35A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{19F0DD6A-B1C6-42B8-9E3F-2646C1374773}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{348EA594-71EA-4C33-89F9-A4213A6C414D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{498046D6-9976-4E4A-B58B-8D07C6DB9B48}.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\{F79BE596-BE38-45A3-9C1E-48B8CA840E8A}.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\{F79BE596-BE38-45A3-9C1E-48B8CA840E8A}.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\{F79BE596-BE38-45A3-9C1E-48B8CA840E8A}.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\{95E19E98-390D-4D19-8AD6-63485DCD6694}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{3AF0CDF9-F8C9-42C8-A9CC-679CEA3FC1AB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{A108A9B2-E472-4E96-9E69-8996874DDFDF}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{30EC7656-D8AA-4AD9-A979-EF521C929240}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{35AF7E25-0FFA-4AE6-A65D-004526054996}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{74E1E6DB-6307-4BB5-B31D-50CDE04E231B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{49672D22-4D8C-4AB3-B9CD-ADFC12FEF86D}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0CDF1C2A-CA2D-456F-815B-F976DFD51BD1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{9EEBFBD3-9624-4706-94BD-9EEF305147C6}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{65A289EA-6543-4AE8-863E-B0BBEE0F37DA}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{4A545411-5C76-48C0-AE2C-D828A0CE6D9C}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{94FE3A96-86ED-4CFF-9AEF-ABC3E316168A}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CBB0BA70-F37D-41F1-A74F-25EA04C46AC1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{CAAFEA8C-D0F0-4E01-9174-60613372AE1F}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{53472971-FCA8-451C-A810-0C0031180B96}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{12B02F93-3F87-418D-9551-D274F1907EEE}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{E19E7557-A1B4-4E78-87E9-9DE21EF605F1}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{B2B71166-B53D-48AA-8CF2-4EA46FEC5DE4}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{7E601680-93BA-4381-89F9-8DC046D8DD56}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{27BA9198-733E-438B-8972-DC15C713F3FB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{D3762BE6-4965-48F9-9519-C0EE8F8428D0}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{45B6DD4F-5AB1-46BD-9F07-47F685B91187}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{2913B512-005C-46B7-A0E3-C9462ADA6025}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{31818EF7-E04C-4BE7-A8A3-22130B6D95E7}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{0873F0D4-A3EF-424B-AE97-50460A9AD2AB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{508EE88B-2A10-4F4C-A10F-DAD2BFF2702E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{EB5C9748-1C8B-4F6E-9E89-2CA38085427E}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{1618B90E-8148-4A99-BC12-0DF5303300CB}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{45B06DB6-D9C3-413D-A35E-E67E4A958674}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{BB2F73CE-5295-415D-82A3-A24932286D8B}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{50ADBDD9-50E2-4D97-B7B7-9C17E959CA12}.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\{098229E9-B238-4414-AF7D-81312E65FC22}.exe deleted successfully.


File C:\WINDOWS\system32\czcsi.exe not found!
Deletion of file C:\WINDOWS\system32\czcsi.exe failed!

Could not process line:
C:\WINDOWS\system32\czcsi.exe
Status: 0xc0000034



File C:\WINDOWS\system32\jopplerg.exe not found!
Deletion of file C:\WINDOWS\system32\jopplerg.exe failed!

Could not process line:
C:\WINDOWS\system32\jopplerg.exe
Status: 0xc0000034



File C:\WINDOWS\system32\defect08.exe not found!
Deletion of file C:\WINDOWS\system32\defect08.exe failed!

Could not process line:
C:\WINDOWS\system32\defect08.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ExchangeMaster.exe not found!
Deletion of file C:\WINDOWS\system32\ExchangeMaster.exe failed!

Could not process line:
C:\WINDOWS\system32\ExchangeMaster.exe
Status: 0xc0000034



File C:\WINDOWS\system32\teqq32.exe not found!
Deletion of file C:\WINDOWS\system32\teqq32.exe failed!

Could not process line:
C:\WINDOWS\system32\teqq32.exe
Status: 0xc0000034



File C:\WINDOWS\system32\ActionScr.exe not found!
Deletion of file C:\WINDOWS\system32\ActionScr.exe failed!

Could not process line:
C:\WINDOWS\system32\ActionScr.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
 

Yarbles75

Thread Starter
Joined
Jul 13, 2006
Messages
8
Logfile of HijackThis v1.99.1
Scan saved at 1:52:41 AM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\MXOaldr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150006224\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOaldr.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top