944,087 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > please help!
Ad:
Permalink
Oct 6th, 2006
0

please help!

Expand Post »
A friend gave me an old computer of hers, I am having tons of trouble with it. Please advise! Here is my hijack log.
Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:31:13 PM, on 10/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\cnlhjh\yppoud.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Winkeri.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\stcloader.exe
C:\WINDOWS\System32\winupdtl.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\ieswoa.exe
C:\WINDOWS\System32\pdii\orfrmt.exe
C:\WINDOWS\System32\ycphs\plwsplbo.exe
C:\WINDOWS\System32\hlgec\yirexd.exe
C:\WINDOWS\System32\xhhevxsx\ijxvki.exe
C:\WINDOWS\System32\ukem\lscoxog.exe
C:\WINDOWS\System32\ebcugpf\dxunrqp.exe
C:\WINDOWS\System32\yvpv\hpeqo.exe
C:\WINDOWS\System32\lqycd\lihvvjh.exe
C:\WINDOWS\System32\kjapkir\sgvq.exe
C:\WINDOWS\System32\sjxrv\tlnmhnc.exe
C:\WINDOWS\System32\usptamp\wfxbq.exe
C:\WINDOWS\System32\cxqm\gobpsu.exe
C:\WINDOWS\System32\rteq\jojw.exe
C:\WINDOWS\System32\mkktuum\fbfed.exe
C:\WINDOWS\System32\yygurocr\fktdya.exe
C:\WINDOWS\System32\wsvpsgj\wgsqgh.exe
C:\WINDOWS\System32\bfhlhx\jliawjd.exe
C:\WINDOWS\System32\dbwls\tawcjk.exe
C:\WINDOWS\System32\skuek\lqtucg.exe
C:\WINDOWS\System32\lbuaa\rattllj.exe
C:\WINDOWS\System32\keyjqsfv\auit.exe
C:\WINDOWS\System32\sxuonkxn\cdlbtxdf.exe
C:\WINDOWS\System32\wfuk\ngakdxv.exe
C:\WINDOWS\System32\fjistp\mntfhoj.exe
C:\WINDOWS\System32\lsjfltgk\uoky.exe
C:\WINDOWS\System32\bumeu\ktepq.exe
C:\WINDOWS\System32\xcber\mbok.exe
C:\WINDOWS\System32\bfryo\lfcdr.exe
C:\WINDOWS\System32\bhpdqt\kufeskd.exe
C:\WINDOWS\System32\pecpsa\xpfgi.exe
C:\WINDOWS\System32\ktyrr\wqpuiui.exe
C:\WINDOWS\System32\kilcbdpy\pxso.exe
C:\WINDOWS\System32\nrevv\rfdiymkj.exe
C:\WINDOWS\System32\bdsglann\wufrni.exe
C:\WINDOWS\System32\ijrnreon\jmnbmb.exe
C:\WINDOWS\System32\exttt\xpwcifcp.exe
C:\WINDOWS\System32\tqdjqpqw\klabffy.exe
C:\WINDOWS\System32\uaubcsuf\qkhekn.exe
C:\WINDOWS\System32\tjxlelb\bsdtwuyc.exe
C:\WINDOWS\System32\swibgru\rxdcmw.exe
C:\WINDOWS\System32\iere\qdpcycvb.exe
C:\WINDOWS\System32\uobg\dugo.exe
C:\WINDOWS\System32\rqrctrc\hnuek.exe
C:\WINDOWS\System32\ecan\adajkbw.exe
C:\WINDOWS\System32\bcijsbe\qnlqe.exe
C:\WINDOWS\System32\tfkkhnu\dmkm.exe
C:\WINDOWS\System32\hsibgne\owbkbuuk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\lxubnh\vnpgiw.exe
C:\WINDOWS\System32\vpgy\jsyjgu.exe
C:\WINDOWS\System32\epof\hlge.exe
C:\WINDOWS\System32\yjpim\jteey.exe
C:\WINDOWS\System32\bein\toebkalo.exe
C:\WINDOWS\System32\ytkai\udbu.exe
C:\WINDOWS\System32\almo\ylbj.exe
C:\WINDOWS\System32\ntgfo\jmlriwcv.exe
C:\WINDOWS\System32\ktyty\iaes.exe
C:\WINDOWS\System32\cynkxm\rhbrqbc.exe
C:\WINDOWS\System32\dwnlgold\frytrsyy.exe
C:\WINDOWS\System32\vsydemu\bsvy.exe
C:\WINDOWS\System32\rumgi\vefw.exe
C:\WINDOWS\System32\lpsufgx\xbajkobs.exe
C:\WINDOWS\System32\ykypp\tvkg.exe
C:\WINDOWS\System32\oomjrte\sikuiyb.exe
C:\WINDOWS\System32\bmjk\oluhc.exe
C:\WINDOWS\System32\rtjbrdwb\klesuwt.exe
C:\WINDOWS\System32\fddw\hxfrljvu.exe
C:\WINDOWS\System32\txkumd\eaxvbx.exe
C:\WINDOWS\System32\topteyx\rhoyqgi.exe
C:\WINDOWS\System32\yeiy\yjhg.exe
C:\WINDOWS\System32\rjenws\uyghrac.exe
C:\WINDOWS\System32\bmtbf\xeoc.exe
C:\WINDOWS\System32\bkkbmhqy\grmmbts.exe
C:\WINDOWS\System32\gyhe\erowp.exe
C:\WINDOWS\System32\tfrqxjou\oiqlfjqf.exe
C:\WINDOWS\System32\yasabv\gyjvy.exe
C:\WINDOWS\System32\pmlmjobm\pfre.exe
C:\WINDOWS\System32\pmkdb\cmgyv.exe
C:\WINDOWS\System32\eubrlcjr\drhy.exe
C:\WINDOWS\System32\ctytarr\igtk.exe
C:\WINDOWS\System32\vuqjmgt\evofcqjc.exe
C:\WINDOWS\System32\wxglwmb\rknbxqrf.exe
C:\WINDOWS\System32\jfnonr\cewiw.exe
C:\WINDOWS\System32\tuphw\nsnel.exe
C:\WINDOWS\System32\hfgukg\ebwknq.exe
C:\WINDOWS\System32\jsymflg\lblggy.exe
C:\WINDOWS\System32\qwooeqx\xgqxjayd.exe
C:\WINDOWS\System32\vylg\jwxexbfb.exe
C:\WINDOWS\System32\dteg\hitiponr.exe
C:\WINDOWS\System32\emwbw\onlf.exe
C:\WINDOWS\System32\dnlniej\pjnpqpag.exe
C:\WINDOWS\System32\fgmicmk\oxdl.exe
C:\WINDOWS\System32\dkiq\qxlyip.exe
C:\WINDOWS\System32\aecvxtnj\kfaalr.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\tilu\sarokk.exe
C:\WINDOWS\System32\cryv\jufa.exe
C:\WINDOWS\System32\wyxkboyg\mjrgsjo.exe
C:\WINDOWS\System32\breiclle\kallxig.exe
C:\WINDOWS\System32\olhova\ifilnqdk.exe
C:\WINDOWS\System32\qvlrfu\pdirwge.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\America Online 7.0a\waol.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\MOStat.exe
C:\Documents and Settings\Amanda\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://url.cpvfeed.com/cpv.jsp?p=110...uestId=4a2???? (obfuscated)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Network Essentials - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v16\NE.DLL
O2 - BHO: TChkBHO Class - {2A1FF118-2679-4E66-8768-86F60AD490A2} - C:\WINDOWS\system32\iyxiu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\Qlinks\qlink32.dll
O2 - BHO: (no name) - {8C0ACE31-734A-392C-F30E-9FBD7BB0A5E3} - C:\WINDOWS\System32\pysswhdr\xtdgcuqb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O2 - BHO: IEHlprObj Class - {B78DB909-E6CE-4B4E-A582-C7CBA8D738C8} - C:\WINDOWS\system32\mob030612.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB57.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [VBouncerDL] C:\Program Files\VBouncer\VBouncerInner.exe /S
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [t7rg37V] ieswoa.exe
O4 - HKLM\..\Run: [PMT] C:\Program Files\PMT\personalmoneytree.exe
O4 - HKLM\..\Run: [jelmliv] C:\WINDOWS\System32\ymyj\jelmliv.exe
O4 - HKLM\..\Run: [abfiy] C:\WINDOWS\System32\omwqi\abfiy.exe
O4 - HKLM\..\Run: [iffi] C:\WINDOWS\System32\xytj\iffi.exe
O4 - HKLM\..\Run: [rghhfgub] C:\WINDOWS\System32\nhsx\rghhfgub.exe
O4 - HKLM\..\Run: [ursm] C:\WINDOWS\System32\xhhlvmev\ursm.exe
O4 - HKLM\..\Run: [yirexd] C:\WINDOWS\System32\hlgec\yirexd.exe
O4 - HKLM\..\Run: [rrwndlpg] C:\WINDOWS\System32\miedvl\rrwndlpg.exe
O4 - HKLM\..\Run: [sbrgsv] C:\WINDOWS\System32\esqocfk\sbrgsv.exe
O4 - HKLM\..\Run: [kkgfxx] C:\WINDOWS\System32\egws\kkgfxx.exe
O4 - HKLM\..\Run: [lacjwxg] C:\WINDOWS\System32\xvgtxci\lacjwxg.exe
O4 - HKLM\..\Run: [edecjkoj] C:\WINDOWS\System32\nbuo\edecjkoj.exe
O4 - HKLM\..\Run: [lscoxog] C:\WINDOWS\System32\ukem\lscoxog.exe
O4 - HKLM\..\Run: [dxunrqp] C:\WINDOWS\System32\ebcugpf\dxunrqp.exe
O4 - HKLM\..\Run: [luhvjtg] C:\WINDOWS\System32\qpkeg\luhvjtg.exe
O4 - HKLM\..\Run: [hpeqo] C:\WINDOWS\System32\yvpv\hpeqo.exe
O4 - HKLM\..\Run: [lihvvjh] C:\WINDOWS\System32\lqycd\lihvvjh.exe
O4 - HKLM\..\Run: [sgvq] C:\WINDOWS\System32\kjapkir\sgvq.exe
O4 - HKLM\..\Run: [xfads] C:\WINDOWS\System32\wthvpx\xfads.exe
O4 - HKLM\..\Run: [tlnmhnc] C:\WINDOWS\System32\sjxrv\tlnmhnc.exe
O4 - HKLM\..\Run: [xgjwfmt] C:\WINDOWS\System32\bafjn\xgjwfmt.exe
O4 - HKLM\..\Run: [gobpsu] C:\WINDOWS\System32\cxqm\gobpsu.exe
O4 - HKLM\..\Run: [jojw] C:\WINDOWS\System32\rteq\jojw.exe
O4 - HKLM\..\Run: [fbfed] C:\WINDOWS\System32\mkktuum\fbfed.exe
O4 - HKLM\..\Run: [fktdya] C:\WINDOWS\System32\yygurocr\fktdya.exe
O4 - HKLM\..\Run: [wgsqgh] C:\WINDOWS\System32\wsvpsgj\wgsqgh.exe
O4 - HKLM\..\Run: [jliawjd] C:\WINDOWS\System32\bfhlhx\jliawjd.exe
O4 - HKLM\..\Run: [tawcjk] C:\WINDOWS\System32\dbwls\tawcjk.exe
O4 - HKLM\..\Run: [lqtucg] C:\WINDOWS\System32\skuek\lqtucg.exe
O4 - HKLM\..\Run: [rattllj] C:\WINDOWS\System32\lbuaa\rattllj.exe
O4 - HKLM\..\Run: [auit] C:\WINDOWS\System32\keyjqsfv\auit.exe
O4 - HKLM\..\Run: [cdlbtxdf] C:\WINDOWS\System32\sxuonkxn\cdlbtxdf.exe
O4 - HKLM\..\Run: [ngakdxv] C:\WINDOWS\System32\wfuk\ngakdxv.exe
O4 - HKLM\..\Run: [pfgfsap] C:\WINDOWS\System32\dtcbodm\pfgfsap.exe
O4 - HKLM\..\Run: [pnfgdvy] C:\WINDOWS\System32\bmxwgk\pnfgdvy.exe
O4 - HKLM\..\Run: [mntfhoj] C:\WINDOWS\System32\fjistp\mntfhoj.exe
O4 - HKLM\..\Run: [uoky] C:\WINDOWS\System32\lsjfltgk\uoky.exe
O4 - HKLM\..\Run: [ktepq] C:\WINDOWS\System32\bumeu\ktepq.exe
O4 - HKLM\..\Run: [mbok] C:\WINDOWS\System32\xcber\mbok.exe
O4 - HKLM\..\Run: [lfcdr] C:\WINDOWS\System32\bfryo\lfcdr.exe
O4 - HKLM\..\Run: [kufeskd] C:\WINDOWS\System32\bhpdqt\kufeskd.exe
O4 - HKLM\..\Run: [xpfgi] C:\WINDOWS\System32\pecpsa\xpfgi.exe
O4 - HKLM\..\Run: [wqpuiui] C:\WINDOWS\System32\ktyrr\wqpuiui.exe
O4 - HKLM\..\Run: [pxso] C:\WINDOWS\System32\kilcbdpy\pxso.exe
O4 - HKLM\..\Run: [hkywnop] C:\WINDOWS\System32\gvtd\hkywnop.exe
O4 - HKLM\..\Run: [aenloen] C:\WINDOWS\System32\hfnydlkd\aenloen.exe
O4 - HKLM\..\Run: [rfdiymkj] C:\WINDOWS\System32\nrevv\rfdiymkj.exe
O4 - HKLM\..\Run: [wufrni] C:\WINDOWS\System32\bdsglann\wufrni.exe
O4 - HKLM\..\Run: [jmnbmb] C:\WINDOWS\System32\ijrnreon\jmnbmb.exe
O4 - HKLM\..\Run: [bqvvcc] C:\WINDOWS\System32\rapjn\bqvvcc.exe
O4 - HKLM\..\Run: [krqfmdyq] C:\WINDOWS\System32\rpixe\krqfmdyq.exe
O4 - HKLM\..\Run: [xpwcifcp] C:\WINDOWS\System32\exttt\xpwcifcp.exe
O4 - HKLM\..\Run: [klabffy] C:\WINDOWS\System32\tqdjqpqw\klabffy.exe
O4 - HKLM\..\Run: [qkhekn] C:\WINDOWS\System32\uaubcsuf\qkhekn.exe
O4 - HKLM\..\Run: [bsdtwuyc] C:\WINDOWS\System32\tjxlelb\bsdtwuyc.exe
O4 - HKLM\..\Run: [rxdcmw] C:\WINDOWS\System32\swibgru\rxdcmw.exe
O4 - HKLM\..\Run: [qdpcycvb] C:\WINDOWS\System32\iere\qdpcycvb.exe
O4 - HKLM\..\Run: [dugo] C:\WINDOWS\System32\uobg\dugo.exe
O4 - HKLM\..\Run: [hnuek] C:\WINDOWS\System32\rqrctrc\hnuek.exe
O4 - HKLM\..\Run: [adajkbw] C:\WINDOWS\System32\ecan\adajkbw.exe
O4 - HKLM\..\Run: [fyuefwc] C:\WINDOWS\System32\wknlv\fyuefwc.exe
O4 - HKLM\..\Run: [qnlqe] C:\WINDOWS\System32\bcijsbe\qnlqe.exe
O4 - HKLM\..\Run: [dmkm] C:\WINDOWS\System32\tfkkhnu\dmkm.exe
O4 - HKLM\..\Run: [qukhopd] C:\WINDOWS\System32\jdkefpy\qukhopd.exe
O4 - HKLM\..\Run: [owbkbuuk] C:\WINDOWS\System32\hsibgne\owbkbuuk.exe
O4 - HKLM\..\Run: [fyusp] C:\WINDOWS\System32\axoolby\fyusp.exe
O4 - HKLM\..\Run: [fvaxmh] C:\WINDOWS\System32\ckdeeebs\fvaxmh.exe
O4 - HKLM\..\Run: [NI.UWFX6_0001_N68M2301] "C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe" -nag
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [vnpgiw] C:\WINDOWS\System32\lxubnh\vnpgiw.exe
O4 - HKLM\..\Run: [jsyjgu] C:\WINDOWS\System32\vpgy\jsyjgu.exe
O4 - HKLM\..\Run: [hlge] C:\WINDOWS\System32\epof\hlge.exe
O4 - HKLM\..\Run: [tujlkwg] C:\WINDOWS\System32\jdsmrhu\tujlkwg.exe
O4 - HKLM\..\Run: [aqpb] C:\WINDOWS\System32\sbqrr\aqpb.exe
O4 - HKLM\..\Run: [npqvuf] C:\WINDOWS\System32\kjqix\npqvuf.exe
O4 - HKLM\..\Run: [jteey] C:\WINDOWS\System32\yjpim\jteey.exe
O4 - HKLM\..\Run: [toebkalo] C:\WINDOWS\System32\bein\toebkalo.exe
O4 - HKLM\..\Run: [udbu] C:\WINDOWS\System32\ytkai\udbu.exe
O4 - HKLM\..\Run: [ylbj] C:\WINDOWS\System32\almo\ylbj.exe
O4 - HKLM\..\Run: [iaes] C:\WINDOWS\System32\ktyty\iaes.exe
O4 - HKLM\..\Run: [rhbrqbc] C:\WINDOWS\System32\cynkxm\rhbrqbc.exe
O4 - HKLM\..\Run: [njuhcqy] C:\WINDOWS\System32\wfwqme\njuhcqy.exe
O4 - HKLM\..\Run: [frytrsyy] C:\WINDOWS\System32\dwnlgold\frytrsyy.exe
O4 - HKLM\..\Run: [bsvy] C:\WINDOWS\System32\vsydemu\bsvy.exe
O4 - HKLM\..\Run: [vefw] C:\WINDOWS\System32\rumgi\vefw.exe
O4 - HKLM\..\Run: [uhye] C:\WINDOWS\System32\dcoavh\uhye.exe
O4 - HKLM\..\Run: [hnyeb] C:\WINDOWS\System32\ogef\hnyeb.exe
O4 - HKLM\..\Run: [xbajkobs] C:\WINDOWS\System32\lpsufgx\xbajkobs.exe
O4 - HKLM\..\Run: [tvkg] C:\WINDOWS\System32\ykypp\tvkg.exe
O4 - HKLM\..\Run: [nakf] C:\WINDOWS\System32\naxrjsgk\nakf.exe
O4 - HKLM\..\Run: [hbrqvo] C:\WINDOWS\System32\jrcy\hbrqvo.exe
O4 - HKLM\..\Run: [xojddul] C:\WINDOWS\System32\jgvnsdti\xojddul.exe
O4 - HKLM\..\Run: [sikuiyb] C:\WINDOWS\System32\oomjrte\sikuiyb.exe
O4 - HKLM\..\Run: [oluhc] C:\WINDOWS\System32\bmjk\oluhc.exe
O4 - HKLM\..\Run: [klesuwt] C:\WINDOWS\System32\rtjbrdwb\klesuwt.exe
O4 - HKLM\..\Run: [jyhr] C:\WINDOWS\System32\ssej\jyhr.exe
O4 - HKLM\..\Run: [hxfrljvu] C:\WINDOWS\System32\fddw\hxfrljvu.exe
O4 - HKLM\..\Run: [eaxvbx] C:\WINDOWS\System32\txkumd\eaxvbx.exe
O4 - HKLM\..\Run: [rhoyqgi] C:\WINDOWS\System32\topteyx\rhoyqgi.exe
O4 - HKLM\..\Run: [yjhg] C:\WINDOWS\System32\yeiy\yjhg.exe
O4 - HKLM\..\Run: [uyghrac] C:\WINDOWS\System32\rjenws\uyghrac.exe
O4 - HKLM\..\Run: [xeoc] C:\WINDOWS\System32\bmtbf\xeoc.exe
O4 - HKLM\..\Run: [grmmbts] C:\WINDOWS\System32\bkkbmhqy\grmmbts.exe
O4 - HKLM\..\Run: [erowp] C:\WINDOWS\System32\gyhe\erowp.exe
O4 - HKLM\..\Run: [oiqlfjqf] C:\WINDOWS\System32\tfrqxjou\oiqlfjqf.exe
O4 - HKLM\..\Run: [gyjvy] C:\WINDOWS\System32\yasabv\gyjvy.exe
O4 - HKLM\..\Run: [nkxeg] C:\WINDOWS\System32\yldoxpe\nkxeg.exe
O4 - HKLM\..\Run: [pfre] C:\WINDOWS\System32\pmlmjobm\pfre.exe
O4 - HKLM\..\Run: [chovumj] C:\WINDOWS\System32\sijao\chovumj.exe
O4 - HKLM\..\Run: [cmgyv] C:\WINDOWS\System32\pmkdb\cmgyv.exe
O4 - HKLM\..\Run: [lrvgtso] C:\WINDOWS\System32\gdukikk\lrvgtso.exe
O4 - HKLM\..\Run: [drhy] C:\WINDOWS\System32\eubrlcjr\drhy.exe
O4 - HKLM\..\Run: [igtk] C:\WINDOWS\System32\ctytarr\igtk.exe
O4 - HKLM\..\Run: [evofcqjc] C:\WINDOWS\System32\vuqjmgt\evofcqjc.exe
O4 - HKLM\..\Run: [tqieq] C:\WINDOWS\System32\ehwfntch\tqieq.exe
O4 - HKLM\..\Run: [rknbxqrf] C:\WINDOWS\System32\wxglwmb\rknbxqrf.exe
O4 - HKLM\..\Run: [cewiw] C:\WINDOWS\System32\jfnonr\cewiw.exe
O4 - HKLM\..\Run: [nsnel] C:\WINDOWS\System32\tuphw\nsnel.exe
O4 - HKLM\..\Run: [ebwknq] C:\WINDOWS\System32\hfgukg\ebwknq.exe
O4 - HKLM\..\Run: [lblggy] C:\WINDOWS\System32\jsymflg\lblggy.exe
O4 - HKLM\..\Run: [xgqxjayd] C:\WINDOWS\System32\qwooeqx\xgqxjayd.exe
O4 - HKLM\..\Run: [jwxexbfb] C:\WINDOWS\System32\vylg\jwxexbfb.exe
O4 - HKLM\..\Run: [hrbupnuo] C:\WINDOWS\System32\tfnujd\hrbupnuo.exe
O4 - HKLM\..\Run: [hitiponr] C:\WINDOWS\System32\dteg\hitiponr.exe
O4 - HKLM\..\Run: [wfxbq] C:\WINDOWS\System32\usptamp\wfxbq.exe
O4 - HKLM\..\Run: [onlf] C:\WINDOWS\System32\emwbw\onlf.exe
O4 - HKLM\..\Run: [pjnpqpag] C:\WINDOWS\System32\dnlniej\pjnpqpag.exe
O4 - HKLM\..\Run: [oxdl] C:\WINDOWS\System32\fgmicmk\oxdl.exe
O4 - HKLM\..\Run: [qxlyip] C:\WINDOWS\System32\dkiq\qxlyip.exe
O4 - HKLM\..\Run: [kfaalr] C:\WINDOWS\System32\aecvxtnj\kfaalr.exe
O4 - HKLM\..\Run: [sarokk] C:\WINDOWS\System32\tilu\sarokk.exe
O4 - HKLM\..\Run: [yppoud] C:\WINDOWS\System32\cnlhjh\yppoud.exe
O4 - HKLM\..\Run: [ijxvki] C:\WINDOWS\System32\xhhevxsx\ijxvki.exe
O4 - HKLM\..\Run: [jufa] C:\WINDOWS\System32\cryv\jufa.exe
O4 - HKLM\..\Run: [mjrgsjo] C:\WINDOWS\System32\wyxkboyg\mjrgsjo.exe
O4 - HKLM\..\Run: [kallxig] C:\WINDOWS\System32\breiclle\kallxig.exe
O4 - HKLM\..\Run: [ifilnqdk] C:\WINDOWS\System32\olhova\ifilnqdk.exe
O4 - HKLM\..\Run: [pdirwge] C:\WINDOWS\System32\qvlrfu\pdirwge.exe
O4 - HKLM\..\Run: [orfrmt] C:\WINDOWS\System32\pdii\orfrmt.exe
O4 - HKLM\..\Run: [plwsplbo] C:\WINDOWS\System32\ycphs\plwsplbo.exe
O4 - HKLM\..\Run: [jmlriwcv] C:\WINDOWS\System32\ntgfo\jmlriwcv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0a\aoltray.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O15 - Trusted Zone: *.zangocash.com (HKLM)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.pbcprc.com/CFIDE/classes/CFJava.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nenenc.mht!http://crosskirknet.com/script/cnet.chm::/cnet.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/...er/Install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://lovefreegames.aavalue.com/LFG...FG-toolbar.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nenenm.mht!http://crosskirknet.com/script/mma.chm::/alien.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zang...ridge-c139.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297B} - http://start1.aaa1screensavers.com/10078.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - ms-its:mhtml:file://c:\nenent.mht!http://crosskirknet.com/script/mta.c...sInstaller.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - ms-its:mhtml:file://c:\nenenw.mht!http://crosskirknet.com/script/winfi...reeInstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.31/ttinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/movienetworks.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C7A1227-FF2A-4F4C-9D89-B27BCD830995}: NameServer = 205.188.146.145
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\Program Files\Qlinks\qlink32.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: aqpbsbqrr - Unknown owner - C:\WINDOWS\System32\sbqrr\aqpb.exe
O23 - Service: bqvvccrapjn - Unknown owner - C:\WINDOWS\System32\rapjn\bqvvcc.exe
O23 - Service: DefWatch - Unknown owner - C:\Program Files\NavNT\defwatch.exe (file missing)
O23 - Service: fyuspaxoolby - Unknown owner - C:\WINDOWS\System32\axoolby\fyusp.exe
O23 - Service: hnyebogef - Unknown owner - C:\WINDOWS\System32\ogef\hnyeb.exe
O23 - Service: jyhrssej - Unknown owner - C:\WINDOWS\System32\ssej\jyhr.exe
O23 - Service: krqfmdyqrpixe - Unknown owner - C:\WINDOWS\System32\rpixe\krqfmdyq.exe
O23 - Service: lacjwxgxvgtxci - Unknown owner - C:\WINDOWS\System32\xvgtxci\lacjwxg.exe
O23 - Service: luhvjtgqpkeg - Unknown owner - C:\WINDOWS\System32\qpkeg\luhvjtg.exe
O23 - Service: pnfgdvybmxwgk - Unknown owner - C:\WINDOWS\System32\bmxwgk\pnfgdvy.exe
O23 - Service: qukhopdjdkefpy - Unknown owner - C:\WINDOWS\System32\jdkefpy\qukhopd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ursmxhhlvmev - Unknown owner - C:\WINDOWS\System32\xhhlvmev\ursm.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Winkeri - Unknown owner - C:\WINDOWS\System32\Winkeri.exe
O23 - Service: xgjwfmtbafjn - Unknown owner - C:\WINDOWS\System32\bafjn\xgjwfmt.exe
O23 - Service: yppoudcnlhjh - Unknown owner - C:\WINDOWS\System32\cnlhjh\yppoud.exe
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Amanda is offline Offline
17 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Help..pop up and audio weirdness
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: http:///?%20 in IE Address Bar





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC