0

Hello holy gurus of Computer Tech!! this is my 1st post! hopefully someone can me with my problem...
Immediately after windows starts up, i find that there are usually already 2-3 internet explorers opened up in the background (not visible on desktop but visible in task manager) when i try to end process tehy keep respawning repeatedly.


this is really annoying as i know it is eating up my memory and slowing down my computer! i have used ad aware and avast! antivirus to scan but to no avail..

after browsing through the forums i noticed that hijackthis was a tool regularly used and i have thus created a log for u peeps to examine.

Any help would be greatly appreciated!@!

thanx in advance, -Rev.

Logfile of HijackThis v1.98.2
Scan saved at 10:11:15 PM, on 28/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DL Software\D-Color\dcolor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Chapman\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mlmzloghbzmhskwohz.com/PhXcFtONKYbCKLKkzGOE_EPnggEUJSZJ7jBtRxEmIvxsFW9zqYBSbiT45MEkfUg5.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://all-find.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.usyd.edu.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - URLSearchHook: (no name) - {2D49ADC8-E4B8-E927-9BC8-1E19E6C75FB8} - C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {C4614F62-DBC3-70C9-F0AA-5C4C8221A4BC} - C:\DOCUME~1\Chapman\APPLIC~1\IDOLTH~1\datatest.exe
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogonUIBootRandomizer] "D:\Desktop Tweaks\LogonUIBootRandomizer v3.9.1[Chaos]\LogonUIBootRandomizer\RandomScreens.exe" /RandomizeLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKLM\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKLM\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKLM\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKLM\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKLM\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKLM\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKLM\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKLM\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKLM\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKLM\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKLM\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKLM\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKLM\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKLM\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKLM\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKLM\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKLM\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKLM\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKLM\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKLM\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKLM\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKLM\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKLM\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKLM\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKLM\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKLM\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKLM\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKLM\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKLM\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKLM\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKLM\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKLM\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKLM\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKLM\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKLM\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKLM\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKLM\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKLM\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKLM\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKLM\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKLM\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKLM\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKLM\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKLM\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKLM\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKLM\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKLM\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKLM\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKLM\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKLM\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKLM\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKLM\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKLM\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKLM\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKLM\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKLM\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKLM\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKLM\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKLM\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKLM\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKLM\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKLM\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKLM\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKLM\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKLM\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKLM\..\Run: [R8bK] C:\documents and settings\chapman\local settings\temp\R8bK.exe
O4 - HKLM\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKLM\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKLM\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKLM\..\Run: [mxLeB] c:\documents and settings\chapman\local settings\temp\mxLeB.exe
O4 - HKLM\..\Run: [e71d5fee4c3d] C:\WINDOWS\System32\bitsprx3.exe
O4 - HKLM\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKLM\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKLM\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKLM\..\Run: [Pile ping chin pop] C:\Documents and Settings\All Users\Application Data\each build pile ping\acedog.exe
O4 - HKCU\..\Run: [Security Updater] secupd.exe -nos
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [nwcfg] C:\WINDOWS\System32\nwcfg.exe
O4 - HKCU\..\Run: [mstext40] C:\WINDOWS\System32\mstext40.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [64symsms] C:\WINDOWS\64symsms.exe
O4 - HKCU\..\Run: [ntPEnt] C:\WINDOWS\ntPEnt.exe
O4 - HKCU\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKCU\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKCU\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKCU\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKCU\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKCU\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKCU\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKCU\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKCU\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKCU\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKCU\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKCU\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKCU\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKCU\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKCU\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKCU\..\Run: [ThisDeaf] C:\DOCUME~1\Chapman\APPLIC~1\COPYSK~1\mpeg else.exe
O4 - HKCU\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKCU\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKCU\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKCU\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKCU\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKCU\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKCU\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKCU\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKCU\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKCU\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKCU\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKCU\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKCU\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKCU\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKCU\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKCU\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKCU\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKCU\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKCU\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKCU\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKCU\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKCU\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKCU\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKCU\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKCU\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKCU\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKCU\..\Run: [32s-64ntms] C:\WINDOWS\system32\32s-64ntms.exe
O4 - HKCU\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKCU\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKCU\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKCU\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKCU\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKCU\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKCU\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKCU\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKCU\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKCU\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKCU\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKCU\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKCU\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKCU\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKCU\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKCU\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKCU\..\Run: [D-Color] C:\Program Files\DL Software\D-Color\dcolor.exe
O4 - HKCU\..\Run: [ors-32] C:\WINDOWS\ors-32.exe
O4 - HKCU\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKCU\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKCU\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKCU\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKCU\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKCU\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKCU\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKCU\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKCU\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKCU\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKCU\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKCU\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKCU\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKCU\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - Startup: deskview.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O20 - AppInit_DLLs: c:\windows\system32\comodh.dll

2
Contributors
3
Replies
4
Views
13 Years
Discussion Span
Last Post by dlh6213
0

You have a ton of malware lurking in your Temp folder(s), that's probably why they keep "respawning." Follow these instructions to clean it up:

Open Windows Explorer, go to Tools, Folder Options, View, and select "Show hidden files and folders", and uncheck "Hide protected operating system files".

For every user account listed under C:\Documents and Settings, delete the entire contents of these folders:

Local Settings\Temp
Local Settings\Temporary Internet Files\Content.IE5
Cookies
History

Delete the contents of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

Do a search for *.tmp and delete everything found.

Empty your Recycle Bin. All this should be done on a regular basis.

Go to this thread for instructions on fixing your bridge.dll problem:
http://www.daniweb.com/techtalkforums/thread7370.html

Reboot, close all windows, scan with HJT, and post a new log.

0

hey thanx for replying m8.... i've done what you said.. except for some files in C:\WINDOWS\Temp called jetad77.tmp and jetbo54 in which i cannot delete (says files in use) and also a file in local settings/temp called pjepcnpi.exe(same problem) i've noticed that more keep appearing here on start up even though i havent been to anysite online..

i have closed all non-system processes other than explorer/taskmanager and the iexplorers that still keep restarting each time i end them yet they still say that some program is running them. help?

heres my new log:


Logfile of HijackThis v1.98.2
Scan saved at 4:34:09 PM, on 29/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\devldr32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Chapman\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bywymjqazsiqeueeogsbqzyr.biz/PhXcFtONKYbCKLKkzGOE_EPnggEUJSZJ7jBtRxEmIvzvG_ZCNZrx2iT45MEkfUg5.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://all-find.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.usyd.edu.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - URLSearchHook: (no name) - {2D49ADC8-E4B8-E927-9BC8-1E19E6C75FB8} - C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: (no name) - {C4614F62-DBC3-70C9-F0AA-5C4C8221A4BC} - C:\DOCUME~1\Chapman\APPLIC~1\IDOLTH~1\datatest.exe
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg33.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\sxchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogonUIBootRandomizer] "D:\Desktop Tweaks\LogonUIBootRandomizer v3.9.1[Chaos]\LogonUIBootRandomizer\RandomScreens.exe" /RandomizeLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKLM\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKLM\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKLM\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKLM\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKLM\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKLM\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKLM\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKLM\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKLM\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKLM\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKLM\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKLM\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKLM\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKLM\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKLM\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKLM\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKLM\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKLM\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKLM\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKLM\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKLM\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKLM\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKLM\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKLM\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKLM\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKLM\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKLM\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKLM\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKLM\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKLM\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKLM\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKLM\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKLM\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKLM\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKLM\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKLM\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKLM\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKLM\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKLM\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKLM\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKLM\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKLM\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKLM\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKLM\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKLM\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKLM\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKLM\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKLM\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKLM\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKLM\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKLM\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKLM\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKLM\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKLM\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKLM\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKLM\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKLM\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKLM\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKLM\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKLM\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKLM\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKLM\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKLM\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKLM\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKLM\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKLM\..\Run: [R8bK] C:\documents and settings\chapman\local settings\temp\R8bK.exe
O4 - HKLM\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKLM\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKLM\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKLM\..\Run: [mxLeB] c:\documents and settings\chapman\local settings\temp\mxLeB.exe
O4 - HKLM\..\Run: [e71d5fee4c3d] C:\WINDOWS\System32\bitsprx3.exe
O4 - HKLM\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKLM\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKLM\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKLM\..\Run: [Pile ping chin pop] C:\Documents and Settings\All Users\Application Data\each build pile ping\acedog.exe
O4 - HKLM\..\Run: [4AD8CD6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2bhxguft.exe
O4 - HKLM\..\Run: [EBB84866] C:\DOCUME~1\Chapman\LOCALS~1\Temp\i2uuoftgh.exe
O4 - HKLM\..\Run: [8B602363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\klz00rgv.exe
O4 - HKLM\..\Run: [86CF3C53] C:\DOCUME~1\Chapman\LOCALS~1\Temp\47vmqzb16kmt.exe
O4 - HKLM\..\Run: [FAD5275B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\buihpyhp.exe
O4 - HKLM\..\Run: [D6C24576] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yufhf9rqn.exe
O4 - HKLM\..\Run: [D1C399EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ug3dc.exe
O4 - HKLM\..\Run: [E02079EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z6ttifaiw.exe
O4 - HKLM\..\Run: [B4CB9EEB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gyw7rar.exe
O4 - HKLM\..\Run: [A88A54FE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\lhepawb3qr9d.exe
O4 - HKCU\..\Run: [Security Updater] secupd.exe -nos
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [nwcfg] C:\WINDOWS\System32\nwcfg.exe
O4 - HKCU\..\Run: [mstext40] C:\WINDOWS\System32\mstext40.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - HKCU\..\Run: [64symsms] C:\WINDOWS\64symsms.exe
O4 - HKCU\..\Run: [ntPEnt] C:\WINDOWS\ntPEnt.exe
O4 - HKCU\..\Run: [A08C9ACB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\p9cq8qmvl3.exe
O4 - HKCU\..\Run: [DEBEF363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jvumk6t2k.exe
O4 - HKCU\..\Run: [51C0DC76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zh65kv66.exe
O4 - HKCU\..\Run: [8C12BA5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\00zfqql9.exe
O4 - HKCU\..\Run: [B3CC9CDE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tvra2.exe
O4 - HKCU\..\Run: [F0EE79DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yx8s9jihf.exe
O4 - HKCU\..\Run: [867243E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s70gh.exe
O4 - HKCU\..\Run: [9BDBCDC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\6igv7h8lrw.exe
O4 - HKCU\..\Run: [B78D44EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2feas.exe
O4 - HKCU\..\Run: [93F81456] C:\DOCUME~1\Chapman\LOCALS~1\Temp\n0ivmzmmj8n7.exe
O4 - HKCU\..\Run: [B12CC963] C:\DOCUME~1\Chapman\LOCALS~1\Temp\wf3gtt7.exe
O4 - HKCU\..\Run: [83D6EDFE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2djs8t3f0uv.exe
O4 - HKCU\..\Run: [DAA14BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3cs2g5g.exe
O4 - HKCU\..\Run: [EC2C7D8B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\s3vnq6nri8g.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AE374276] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zn7jsr6p96.exe
O4 - HKCU\..\Run: [842193EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3xt02fo.exe
O4 - HKCU\..\Run: [ThisDeaf] C:\DOCUME~1\Chapman\APPLIC~1\COPYSK~1\mpeg else.exe
O4 - HKCU\..\Run: [A67A4FDB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\prpml.exe
O4 - HKCU\..\Run: [C090845E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pt0d0r5qoh.exe
O4 - HKCU\..\Run: [BD6A1766] C:\DOCUME~1\Chapman\LOCALS~1\Temp\t5fb721s21.exe
O4 - HKCU\..\Run: [FB614A7E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jsxf.exe
O4 - HKCU\..\Run: [91C949CB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z3l2nnef61.exe
O4 - HKCU\..\Run: [F128CDEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\v2jaf3dw.exe
O4 - HKCU\..\Run: [FABCF54B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\va654gh4d9g.exe
O4 - HKCU\..\Run: [F3011AEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\f2iolk.exe
O4 - HKCU\..\Run: [BBA73F6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ffw00.exe
O4 - HKCU\..\Run: [D7724F5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\pupox.exe
O4 - HKCU\..\Run: [FB0EE273] C:\DOCUME~1\Chapman\LOCALS~1\Temp\hmylbi28iev.exe
O4 - HKCU\..\Run: [17C4A68E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mlpm5f79y.exe
O4 - HKCU\..\Run: [96178C6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jm0j9xr.exe
O4 - HKCU\..\Run: [824ECA7B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ml9p.exe
O4 - HKCU\..\Run: [F8A14A5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2asn.exe
O4 - HKCU\..\Run: [A3DB8CE3] C:\DOCUME~1\Chapman\LOCALS~1\Temp\trci.exe
O4 - HKCU\..\Run: [B66C0DF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ysq.exe
O4 - HKCU\..\Run: [C16E0476] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mb2r3ae.exe
O4 - HKCU\..\Run: [89A2E263] C:\DOCUME~1\Chapman\LOCALS~1\Temp\q8sgdmjy3xl.exe
O4 - HKCU\..\Run: [BD8ECB5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gtztgr2mf4.exe
O4 - HKCU\..\Run: [BAF54FCE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fy6qq0n5mf.exe
O4 - HKCU\..\Run: [5560006E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\fuk9xrv4xi.exe
O4 - HKCU\..\Run: [C7CC39EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zajhbp.exe
O4 - HKCU\..\Run: [949BCE63] C:\DOCUME~1\Chapman\LOCALS~1\Temp\tj0e5au.exe
O4 - HKCU\..\Run: [CD7B3D5E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\0r0umh8nyjb.exe
O4 - HKCU\..\Run: [8BB00E4E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\1neds8gm9mbo.exe
O4 - HKCU\..\Run: [32s-64ntms] C:\WINDOWS\system32\32s-64ntms.exe
O4 - HKCU\..\Run: [E84E9266] C:\DOCUME~1\Chapman\LOCALS~1\Temp\crj332jcl.exe
O4 - HKCU\..\Run: [0D8F905E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mh35b6f89.exe
O4 - HKCU\..\Run: [DAE02BEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\kwj2lgw.exe
O4 - HKCU\..\Run: [EDA64EF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\9lcwhu.exe
O4 - HKCU\..\Run: [ED8A0CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cvc.exe
O4 - HKCU\..\Run: [A7FB0463] C:\DOCUME~1\Chapman\LOCALS~1\Temp\xh1zxxvf.exe
O4 - HKCU\..\Run: [5F22BCF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2z4rh2kansxm.exe
O4 - HKCU\..\Run: [A56D9DE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\cobphma7md.exe
O4 - HKCU\..\Run: [F0A2B366] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m7qt9rjkz4.exe
O4 - HKCU\..\Run: [AC6D2CE6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\7gh30w50.exe
O4 - HKCU\..\Run: [4E8DF246] C:\DOCUME~1\Chapman\LOCALS~1\Temp\urgibdd33do.exe
O4 - HKCU\..\Run: [E1EB917B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\4d0zify3c0v.exe
O4 - HKCU\..\Run: [5511BC6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zj66xei.exe
O4 - HKCU\..\Run: [AA02BB6B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\bn6jiwa442gi.exe
O4 - HKCU\..\Run: [B1840F76] C:\DOCUME~1\Chapman\LOCALS~1\Temp\mye.exe
O4 - HKCU\..\Run: [CA925873] C:\DOCUME~1\Chapman\LOCALS~1\Temp\isep6t.exe
O4 - HKCU\..\Run: [D-Color] C:\Program Files\DL Software\D-Color\dcolor.exe
O4 - HKCU\..\Run: [ors-32] C:\WINDOWS\ors-32.exe
O4 - HKCU\..\Run: [9E2040EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z0cljr2g8q5.exe
O4 - HKCU\..\Run: [BB37195E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\31w4dwqosa3u.exe
O4 - HKCU\..\Run: [8A3CAEC6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\5sdfbix8i.exe
O4 - HKCU\..\Run: [F30561EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\zyil.exe
O4 - HKCU\..\Run: [DBEAF26E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2672jin.exe
O4 - HKCU\..\Run: [E33DA1DE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\26oj.exe
O4 - HKCU\..\Run: [04CF34E6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ja58wksug7es.exe
O4 - HKCU\..\Run: [A4178883] C:\DOCUME~1\Chapman\LOCALS~1\Temp\jzswu5w55hp2.exe
O4 - HKCU\..\Run: [4ACC4ADE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\70px.exe
O4 - HKCU\..\Run: [8AC1548B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\m136zbezv.exe
O4 - HKCU\..\Run: [8B82FAEE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2k5yln8hp67l.exe
O4 - HKCU\..\Run: [438B627E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\o7ka.exe
O4 - HKCU\..\Run: [01858AF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qighi.exe
O4 - HKCU\..\Run: [B1220CF6] C:\DOCUME~1\Chapman\LOCALS~1\Temp\qwf.exe
O4 - HKCU\..\Run: [D03B026B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\3ql2fx3q.exe
O4 - HKCU\..\Run: [4AD8CD6E] C:\DOCUME~1\Chapman\LOCALS~1\Temp\2bhxguft.exe
O4 - HKCU\..\Run: [EBB84866] C:\DOCUME~1\Chapman\LOCALS~1\Temp\i2uuoftgh.exe
O4 - HKCU\..\Run: [8B602363] C:\DOCUME~1\Chapman\LOCALS~1\Temp\klz00rgv.exe
O4 - HKCU\..\Run: [86CF3C53] C:\DOCUME~1\Chapman\LOCALS~1\Temp\47vmqzb16kmt.exe
O4 - HKCU\..\Run: [FAD5275B] C:\DOCUME~1\Chapman\LOCALS~1\Temp\buihpyhp.exe
O4 - HKCU\..\Run: [D6C24576] C:\DOCUME~1\Chapman\LOCALS~1\Temp\yufhf9rqn.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [D1C399EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\ug3dc.exe
O4 - HKCU\..\Run: [E02079EE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\z6ttifaiw.exe
O4 - HKCU\..\Run: [B4CB9EEB] C:\DOCUME~1\Chapman\LOCALS~1\Temp\gyw7rar.exe
O4 - HKCU\..\Run: [A88A54FE] C:\DOCUME~1\Chapman\LOCALS~1\Temp\lhepawb3qr9d.exe
O4 - Startup: deskview.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {12BC21BA-6709-437A-A96A-63F343C4A0E4} - (no file) (HKCU)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O20 - AppInit_DLLs: c:\windows\system32\comodh.dll


thanx for your time!
-rev.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.