0

Logfile of HijackThis v1.97.7
Scan saved at 3:04:26 PM, on 4/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\AMNFYECQ.EXE
C:\WINDOWS\TEMP\UR7V9TGSS.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\1JC6LGBC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {9383581D-6868-4B79-B48E-22858E535273} - C:\WINDOWS\QRSWRZLWF.DLL
O2 - BHO: (no name) - {483D6FB6-2642-41AA-9A27-154FCB08FE53} - C:\WINDOWS\JXOX.DLL
O2 - BHO: (no name) - {B549456D-F5D0-4641-BCED-8648A0C13D83} - C:\WINDOWS\BrowserHelper.dll
O2 - BHO: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PCIMODEM] pcimodem.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\UPTODATE.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load
O4 - HKLM\..\Run: [pbzxafp] C:\WINDOWS\amnfyecq.exe
O4 - HKLM\..\Run: [UR7V9TGSS] C:\WINDOWS\TEMP\UR7V9TGSS.EXE
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [LC32T] C:\WINDOWS\SYSTEM\LC32T.exe
O4 - HKLM\..\Run: [1JC6LGBC.EXE] C:\WINDOWS\1JC6LGBC.EXE /dk
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\SYSTEM\wnsapisu.exe
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\Run: [1JC6LGBC.EXE] C:\WINDOWS\1JC6LGBC.EXE /dk
O4 - Startup: Billminder.lnk = ?
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: DLHelperEXE.exe
O4 - Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Startup: MORZE5.lnk = C:\WINDOWS\morze5.exe
O4 - Startup: EJPAWRBN.lnk = C:\WINDOWS\nlp61x4r.exe
O4 - Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Startup: WTLLA7ZT.lnk = C:\WINDOWS\jkwtulpe.exe
O4 - Startup: J03XCFB5.lnk = C:\WINDOWS\j03xcfb5.exe
O4 - Startup: JKWTULPE.lnk = C:\WINDOWS\jkwtulpe.exe
O4 - Startup: ARJZ411F.lnk = C:\WINDOWS\arjz411f.exe
O4 - Startup: 459DWA0B.lnk = C:\WINDOWS\459dwa0b.exe
O4 - Startup: 4MVNGNAQ.lnk = C:\WINDOWS\4mvngnaq.exe
O4 - Startup: 1CZ4KU0M.lnk = C:\WINDOWS\1cz4ku0m.exe
O4 - Startup: 8VVNLCMY.lnk = C:\WINDOWS\i6ldlzdn.exe
O4 - Startup: I6LDLZDN.lnk = C:\WINDOWS\i6ldlzdn.exe
O4 - Startup: NLP61X4R.lnk = C:\WINDOWS\nlp61x4r.exe
O4 - Startup: HCHBJ5V0.lnk = C:\WINDOWS\hchbj5v0.exe
O4 - Startup: ADZD23QW.lnk = C:\WINDOWS\adzd23qw.exe
O4 - Startup: HYZB4EEC.lnk = C:\WINDOWS\hyzb4eec.exe
O4 - Startup: Q39Y8D8E.lnk = C:\WINDOWS\q39y8d8e.exe
O4 - Startup: 35RQKQCI.lnk = C:\WINDOWS\35rqkqci.exe
O4 - Startup: FW9GTUAD.lnk = C:\WINDOWS\fw9gtuad.exe
O4 - Startup: I7H6URD3.lnk = C:\WINDOWS\i7h6urd3.exe
O4 - Startup: ER30R841.lnk = C:\WINDOWS\er30r841.exe
O4 - Startup: XNR9KXUN.lnk = C:\WINDOWS\xnr9kxun.exe
O4 - Startup: GUYGI508.lnk = C:\WINDOWS\guygi508.exe
O4 - Startup: 3OO32CG6.lnk = C:\WINDOWS\3oo32cg6.exe
O4 - Startup: N4CYHMPT.lnk = C:\WINDOWS\n4cyhmpt.exe
O4 - Startup: EE2KD2FL.lnk = C:\WINDOWS\ee2kd2fl.exe
O4 - Startup: 6PR8GMA7.lnk = C:\WINDOWS\6pr8gma7.exe
O4 - Startup: EY0EZ0H0.lnk = C:\WINDOWS\ey0ez0h0.exe
O4 - Startup: TWB2TF6V.lnk = C:\WINDOWS\twb2tf6v.exe
O4 - Startup: H7RXDXOR.lnk = C:\WINDOWS\h7rxdxor.exe
O4 - Startup: XGW89Q3G.lnk = C:\WINDOWS\xgw89q3g.exe
O4 - Startup: LHTX09KL.lnk = C:\WINDOWS\lhtx09kl.exe
O4 - Startup: DE2KOUW5.lnk = C:\WINDOWS\de2kouw5.exe
O4 - Startup: 5BENVE35.lnk = C:\WINDOWS\5benve35.exe
O4 - Startup: 4EELUX3R.lnk = C:\WINDOWS\4eelux3r.exe
O4 - Startup: 0XV2OF0T.lnk = C:\WINDOWS\0xv2of0t.exe
O4 - Startup: MXMZ6BQW.lnk = C:\WINDOWS\mxmz6bqw.exe
O4 - Startup: O8RW25DP.lnk = C:\WINDOWS\o8rw25dp.exe
O4 - Startup: D801088F.lnk = C:\WINDOWS\d801088f.exe
O4 - Startup: L49TEIV3.lnk = C:\WINDOWS\l49teiv3.exe
O4 - Startup: 4PDNNLO0.lnk = C:\WINDOWS\4pdnnlo0.exe
O4 - Startup: 3J1H5QOC.lnk = C:\WINDOWS\3j1h5qoc.exe
O4 - Startup: LCK1OEZN.lnk = C:\WINDOWS\lck1oezn.exe
O4 - Startup: 9CJ0IRG7.lnk = C:\WINDOWS\9cj0irg7.exe
O4 - Startup: NQZGI74P.lnk = C:\WINDOWS\nqzgi74p.exe
O4 - Startup: IC6NN80T.lnk = C:\WINDOWS\ic6nn80t.exe
O4 - Startup: 91J4XCAO.lnk = C:\WINDOWS\91j4xcao.exe
O4 - Startup: KVRATLRL.lnk = C:\WINDOWS\kvratlrl.exe
O4 - Startup: 5Y7WHBLN.lnk = C:\WINDOWS\5y7whbln.exe
O4 - Startup: 416TWFY1.lnk = C:\WINDOWS\416twfy1.exe
O4 - Startup: V9J490AP.lnk = C:\WINDOWS\v9j490ap.exe
O4 - Startup: PNOY3VKG.lnk = C:\WINDOWS\pnoy3vkg.exe
O4 - Startup: IUMNBK0B.lnk = C:\WINDOWS\iumnbk0b.exe
O4 - Startup: CL2LPUJL.lnk = C:\WINDOWS\cl2lpujl.exe
O4 - Startup: O8DF8B2A.lnk = C:\WINDOWS\o8df8b2a.exe
O4 - Startup: BEMZN45K.lnk = C:\WINDOWS\bemzn45k.exe
O4 - Startup: YT0M0DLP.lnk = C:\WINDOWS\yt0m0dlp.exe
O4 - Startup: 24NDWXTI.lnk = C:\WINDOWS\24ndwxti.exe
O4 - Startup: E89N71AO.lnk = C:\WINDOWS\e89n71ao.exe
O4 - Startup: FZZFMUAJ.lnk = C:\WINDOWS\fzzfmuaj.exe
O4 - Startup: AY83T0RG.lnk = C:\WINDOWS\ay83t0rg.exe
O4 - Startup: I0LAOZ3Z.lnk = C:\WINDOWS\i0laoz3z.exe
O4 - Startup: WOXKZ3JB.lnk = C:\WINDOWS\woxkz3jb.exe
O4 - Startup: 8VDWORGV.lnk = C:\WINDOWS\8vdworgv.exe
O4 - Startup: ADT3A8W8.lnk = C:\WINDOWS\adt3a8w8.exe
O4 - Startup: 890HZ5MP.lnk = C:\WINDOWS\890hz5mp.exe
O4 - Startup: OQHGRHY7.lnk = C:\WINDOWS\oqhgrhy7.exe
O4 - Startup: DCD88JMH.lnk = C:\WINDOWS\dcd88jmh.exe
O4 - Startup: J493PZCM.lnk = C:\WINDOWS\j493pzcm.exe
O4 - Startup: 8EEWOGKN.lnk = C:\WINDOWS\8eewogkn.exe
O4 - Startup: Y8309C4I.lnk = C:\WINDOWS\y8309c4i.exe
O4 - Startup: Z1KXVKWQ.lnk = C:\WINDOWS\z1kxvkwq.exe
O4 - Startup: 1X1V78FL.lnk = C:\WINDOWS\1x1v78fl.exe
O4 - Startup: NMXN09FC.lnk = C:\WINDOWS\nmxn09fc.exe
O4 - Startup: cm7hqun9.lnk = C:\WINDOWS\cm7hqun9.exe
O4 - Startup: 4TAFQVAR.lnk = C:\WINDOWS\4tafqvar.exe
O4 - Startup: 8MYN7PZM.lnk = C:\WINDOWS\8myn7pzm.exe
O4 - Startup: B467HCIB.lnk = C:\WINDOWS\b467hcib.exe
O4 - Startup: P7LRH02H.lnk = C:\WINDOWS\p7lrh02h.exe
O4 - Startup: FFL7G7A4.lnk = C:\WINDOWS\ffl7g7a4.exe
O4 - Startup: OAD6BVY3.lnk = C:\WINDOWS\oad6bvy3.exe
O4 - Startup: 0CUWWY5T.lnk = C:\WINDOWS\0cuwwy5t.exe
O4 - Startup: HKG2T02P.lnk = C:\WINDOWS\hkg2t02p.exe
O4 - Startup: HXM89UQR.lnk = C:\WINDOWS\hxm89uqr.exe
O4 - Startup: FT6K01B6.lnk = C:\WINDOWS\ft6k01b6.exe
O4 - Startup: 4HOEHJ0F.lnk = C:\WINDOWS\4hoehj0f.exe
O4 - Startup: OM7ENQ43.lnk = C:\WINDOWS\om7enq43.exe
O4 - Startup: 0Y48PTCF.lnk = C:\WINDOWS\0y48ptcf.exe
O4 - Startup: F7XXZ02J.lnk = C:\WINDOWS\f7xxz02j.exe
O4 - Startup: 73CY9HME.lnk = C:\WINDOWS\73cy9hme.exe
O4 - Startup: OBZTQN89.lnk = C:\WINDOWS\obztqn89.exe
O4 - Startup: JCOZYUQL.lnk = C:\WINDOWS\jcozyuql.exe
O4 - Startup: J2FBLKZP.lnk = C:\WINDOWS\j2fblkzp.exe
O4 - Startup: 9KTLWFN0.lnk = C:\WINDOWS\9ktlwfn0.exe
O4 - Startup: WD1T9LJ9.lnk = C:\WINDOWS\wd1t9lj9.exe
O4 - Startup: ZG4CJOGO.lnk = C:\WINDOWS\zg4cjogo.exe
O4 - Startup: B96LNRTV.lnk = C:\WINDOWS\b96lnrtv.exe
O4 - Startup: LNZWKODM.lnk = C:\WINDOWS\lnzwkodm.exe
O4 - Startup: DW4FULA0.lnk = C:\WINDOWS\dw4fula0.exe
O4 - Startup: 3IT605PR.lnk = C:\WINDOWS\3it605pr.exe
O4 - Startup: 2NJL083K.lnk = C:\WINDOWS\2njl083k.exe
O4 - Startup: O24DTC8D.lnk = C:\WINDOWS\o24dtc8d.exe
O4 - Startup: G9O043W1.lnk = C:\WINDOWS\g9o043w1.exe
O4 - Startup: 3FQP40V2.lnk = C:\WINDOWS\3fqp40v2.exe
O4 - Startup: KIZ6V80T.lnk = C:\WINDOWS\kiz6v80t.exe
O4 - Startup: 5E8EDUO2.lnk = C:\WINDOWS\5e8eduo2.exe
O4 - Startup: 9h0zcc70.lnk = C:\WINDOWS\9h0zcc70.exe
O4 - Startup: 7O4D6KJC.lnk = C:\WINDOWS\7o4d6kjc.exe
O4 - Startup: 5LY4UHIB.lnk = C:\WINDOWS\5ly4uhib.exe
O4 - Startup: bh217lyh.lnk = C:\WINDOWS\bh217lyh.exe
O4 - Startup: y36x8jru.lnk = C:\WINDOWS\y36x8jru.exe
O4 - Startup: 077WWHBM.lnk = C:\WINDOWS\077wwhbm.exe
O4 - Startup: MBJRAD6J.lnk = C:\WINDOWS\mbjrad6j.exe
O4 - Startup: QK47XNR4.lnk = C:\WINDOWS\qk47xnr4.exe
O4 - Startup: C87IKA3V.lnk = C:\WINDOWS\c87ika3v.exe
O4 - Startup: GX0DTWPQ.lnk = C:\WINDOWS\gx0dtwpq.exe
O4 - Startup: UIFZER48.lnk = C:\WINDOWS\uifzer48.exe
O4 - Startup: PUI99NQT.lnk = C:\WINDOWS\pui99nqt.exe
O4 - Startup: IOJQA8XP.lnk = C:\WINDOWS\iojqa8xp.exe
O4 - Startup: PNQY01C7.lnk = C:\WINDOWS\pnqy01c7.exe
O4 - Startup: QQBYB77R.lnk = C:\WINDOWS\qqbyb77r.exe
O4 - Startup: 4N3YZBMM.lnk = C:\WINDOWS\4n3yzbmm.exe
O4 - Startup: K2UJPV0K.lnk = C:\WINDOWS\k2ujpv0k.exe
O4 - Startup: L7B3J39U.lnk = C:\WINDOWS\l7b3j39u.exe
O4 - Startup: BABIYGJ2.lnk = C:\WINDOWS\babiygj2.exe
O4 - Startup: E1KD73ZU.lnk = C:\WINDOWS\e1kd73zu.exe
O4 - Startup: LUZMF850.lnk = C:\WINDOWS\luzmf850.exe
O4 - Startup: 1JC6LGBC.lnk = C:\WINDOWS\1jc6lgbc.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: MORZE5.lnk = C:\WINDOWS\HWINFO.EXE
O4 - Global Startup: EJPAWRBN.lnk = C:\WINDOWS\nlp61x4r.exe
O4 - Global Startup: MORZE1.lnk = C:\WINDOWS\morze1.exe
O4 - Global Startup: WTLLA7ZT.lnk = C:\WINDOWS\jkwtulpe.exe
O4 - Global Startup: J03XCFB5.lnk = C:\WINDOWS\j03xcfb5.exe
O4 - Global Startup: JKWTULPE.lnk = C:\WINDOWS\jkwtulpe.exe
O4 - Global Startup: ARJZ411F.lnk = C:\WINDOWS\arjz411f.exe
O4 - Global Startup: 459DWA0B.lnk = C:\WINDOWS\459dwa0b.exe
O4 - Global Startup: 4MVNGNAQ.lnk = C:\WINDOWS\4mvngnaq.exe
O4 - Global Startup: 1CZ4KU0M.lnk = C:\WINDOWS\1cz4ku0m.exe
O4 - Global Startup: 8VVNLCMY.lnk = C:\WINDOWS\i6ldlzdn.exe
O4 - Global Startup: I6LDLZDN.lnk = C:\WINDOWS\i6ldlzdn.exe
O4 - Global Startup: NLP61X4R.lnk = C:\WINDOWS\nlp61x4r.exe
O4 - Global Startup: HCHBJ5V0.lnk = C:\WINDOWS\hchbj5v0.exe
O4 - Global Startup: ADZD23QW.lnk = C:\WINDOWS\adzd23qw.exe
O4 - Global Startup: HYZB4EEC.lnk = C:\WINDOWS\hyzb4eec.exe
O4 - Global Startup: Q39Y8D8E.lnk = C:\WINDOWS\q39y8d8e.exe
O4 - Global Startup: 35RQKQCI.lnk = C:\WINDOWS\35rqkqci.exe
O4 - Global Startup: FW9GTUAD.lnk = C:\WINDOWS\guygi508.exe
O4 - Global Startup: I7H6URD3.lnk = C:\WINDOWS\guygi508.exe
O4 - Global Startup: ER30R841.lnk = C:\WINDOWS\3oo32cg6.exe
O4 - Global Startup: XNR9KXUN.lnk = C:\WINDOWS\guygi508.exe
O4 - Global Startup: GUYGI508.lnk = C:\WINDOWS\guygi508.exe
O4 - Global Startup: 3OO32CG6.lnk = C:\WINDOWS\3oo32cg6.exe
O4 - Global Startup: N4CYHMPT.lnk = C:\WINDOWS\n4cyhmpt.exe
O4 - Global Startup: EE2KD2FL.lnk = C:\WINDOWS\ee2kd2fl.exe
O4 - Global Startup: 6PR8GMA7.lnk = C:\WINDOWS\6pr8gma7.exe
O4 - Global Startup: EY0EZ0H0.lnk = C:\WINDOWS\ey0ez0h0.exe
O4 - Global Startup: TWB2TF6V.lnk = C:\WINDOWS\twb2tf6v.exe
O4 - Global Startup: H7RXDXOR.lnk = C:\WINDOWS\h7rxdxor.exe
O4 - Global Startup: XGW89Q3G.lnk = C:\WINDOWS\xgw89q3g.exe
O4 - Global Startup: LHTX09KL.lnk = C:\WINDOWS\nlp61x4r.exe
O4 - Global Startup: DE2KOUW5.lnk = C:\WINDOWS\de2kouw5.exe
O4 - Global Startup: 5BENVE35.lnk = C:\WINDOWS\5benve35.exe
O4 - Global Startup: 4EELUX3R.lnk = C:\WINDOWS\4eelux3r.exe
O4 - Global Startup: 0XV2OF0T.lnk = C:\WINDOWS\0xv2of0t.exe
O4 - Global Startup: MXMZ6BQW.lnk = C:\WINDOWS\mxmz6bqw.exe
O4 - Global Startup: O8RW25DP.lnk = C:\WINDOWS\o8rw25dp.exe
O4 - Global Startup: D801088F.lnk = C:\WINDOWS\d801088f.exe
O4 - Global Startup: L49TEIV3.lnk = C:\WINDOWS\l49teiv3.exe
O4 - Global Startup: 4PDNNLO0.lnk = C:\WINDOWS\4pdnnlo0.exe
O4 - Global Startup: 3J1H5QOC.lnk = C:\WINDOWS\3j1h5qoc.exe
O4 - Global Startup: LCK1OEZN.lnk = C:\WINDOWS\lck1oezn.exe
O4 - Global Startup: 9CJ0IRG7.lnk = C:\WINDOWS\9cj0irg7.exe
O4 - Global Startup: NQZGI74P.lnk = C:\WINDOWS\nqzgi74p.exe
O4 - Global Startup: IC6NN80T.lnk = C:\WINDOWS\ic6nn80t.exe
O4 - Global Startup: 91J4XCAO.lnk = C:\WINDOWS\91j4xcao.exe
O4 - Global Startup: KVRATLRL.lnk = C:\WINDOWS\kvratlrl.exe
O4 - Global Startup: 5Y7WHBLN.lnk = C:\WINDOWS\5y7whbln.exe
O4 - Global Startup: V9J490AP.lnk = C:\WINDOWS\v9j490ap.exe
O4 - Global Startup: 416TWFY1.lnk = C:\WINDOWS\416twfy1.exe
O4 - Global Startup: PNOY3VKG.lnk = C:\WINDOWS\pnoy3vkg.exe
O4 - Global Startup: IUMNBK0B.lnk = C:\WINDOWS\iumnbk0b.exe
O4 - Global Startup: CL2LPUJL.lnk = C:\WINDOWS\cl2lpujl.exe
O4 - Global Startup: O8DF8B2A.lnk = C:\WINDOWS\o8df8b2a.exe
O4 - Global Startup: BEMZN45K.lnk = C:\WINDOWS\bemzn45k.exe
O4 - Global Startup: YT0M0DLP.lnk = C:\WINDOWS\yt0m0dlp.exe
O4 - Global Startup: 24NDWXTI.lnk = C:\WINDOWS\24ndwxti.exe
O4 - Global Startup: E89N71AO.lnk = C:\WINDOWS\e89n71ao.exe
O4 - Global Startup: FZZFMUAJ.lnk = C:\WINDOWS\fzzfmuaj.exe
O4 - Global Startup: AY83T0RG.lnk = C:\WINDOWS\ay83t0rg.exe
O4 - Global Startup: I0LAOZ3Z.lnk = C:\WINDOWS\i0laoz3z.exe
O4 - Global Startup: WOXKZ3JB.lnk = C:\WINDOWS\woxkz3jb.exe
O4 - Global Startup: 8VDWORGV.lnk = C:\WINDOWS\8vdworgv.exe
O4 - Global Startup: ADT3A8W8.lnk = C:\WINDOWS\adt3a8w8.exe
O4 - Global Startup: 890HZ5MP.lnk = C:\WINDOWS\890hz5mp.exe
O4 - Global Startup: OQHGRHY7.lnk = C:\WINDOWS\oqhgrhy7.exe
O4 - Global Startup: DCD88JMH.lnk = C:\WINDOWS\dcd88jmh.exe
O4 - Global Startup: J493PZCM.lnk = C:\WINDOWS\j493pzcm.exe
O4 - Global Startup: 8EEWOGKN.lnk = C:\WINDOWS\8eewogkn.exe
O4 - Global Startup: Y8309C4I.lnk = C:\WINDOWS\y8309c4i.exe
O4 - Global Startup: Z1KXVKWQ.lnk = C:\WINDOWS\z1kxvkwq.exe
O4 - Global Startup: 1X1V78FL.lnk = C:\WINDOWS\1x1v78fl.exe
O4 - Global Startup: NMXN09FC.lnk = C:\WINDOWS\nmxn09fc.exe
O4 - Global Startup: CM7HQUN9.lnk = C:\WINDOWS\cm7hqun9.exe
O4 - Global Startup: 4TAFQVAR.lnk = C:\WINDOWS\4tafqvar.exe
O4 - Global Startup: 8MYN7PZM.lnk = C:\WINDOWS\8myn7pzm.exe
O4 - Global Startup: B467HCIB.lnk = C:\WINDOWS\b467hcib.exe
O4 - Global Startup: P7LRH02H.lnk = C:\WINDOWS\p7lrh02h.exe
O4 - Global Startup: FFL7G7A4.lnk = C:\WINDOWS\ffl7g7a4.exe
O4 - Global Startup: OAD6BVY3.lnk = C:\WINDOWS\oad6bvy3.exe
O4 - Global Startup: HKG2T02P.lnk = C:\WINDOWS\hkg2t02p.exe
O4 - Global Startup: 0CUWWY5T.lnk = C:\WINDOWS\0cuwwy5t.exe
O4 - Global Startup: HXM89UQR.lnk = C:\WINDOWS\hxm89uqr.exe
O4 - Global Startup: 4HOEHJ0F.lnk = C:\WINDOWS\4hoehj0f.exe
O4 - Global Startup: FT6K01B6.lnk = C:\WINDOWS\ft6k01b6.exe
O4 - Global Startup: OM7ENQ43.lnk = C:\WINDOWS\om7enq43.exe
O4 - Global Startup: 0Y48PTCF.lnk = C:\WINDOWS\0y48ptcf.exe
O4 - Global Startup: F7XXZ02J.lnk = C:\WINDOWS\f7xxz02j.exe
O4 - Global Startup: 73CY9HME.lnk = C:\WINDOWS\73cy9hme.exe
O4 - Global Startup: OBZTQN89.lnk = C:\WINDOWS\obztqn89.exe
O4 - Global Startup: JCOZYUQL.lnk = C:\WINDOWS\jcozyuql.exe
O4 - Global Startup: J2FBLKZP.lnk = C:\WINDOWS\j2fblkzp.exe
O4 - Global Startup: 9KTLWFN0.lnk = C:\WINDOWS\9ktlwfn0.exe
O4 - Global Startup: WD1T9LJ9.lnk = C:\WINDOWS\wd1t9lj9.exe
O4 - Global Startup: ZG4CJOGO.lnk = C:\WINDOWS\zg4cjogo.exe
O4 - Global Startup: B96LNRTV.lnk = C:\WINDOWS\b96lnrtv.exe
O4 - Global Startup: LNZWKODM.lnk = C:\WINDOWS\lnzwkodm.exe
O4 - Global Startup: DW4FULA0.lnk = C:\WINDOWS\dw4fula0.exe
O4 - Global Startup: 3IT605PR.lnk = C:\WINDOWS\3it605pr.exe
O4 - Global Startup: 2NJL083K.lnk = C:\WINDOWS\2njl083k.exe
O4 - Global Startup: O24DTC8D.lnk = C:\WINDOWS\o24dtc8d.exe
O4 - Global Startup: G9O043W1.lnk = C:\WINDOWS\g9o043w1.exe
O4 - Global Startup: 3FQP40V2.lnk = C:\WINDOWS\3fqp40v2.exe
O4 - Global Startup: 5E8EDUO2.lnk = C:\WINDOWS\5e8eduo2.exe
O4 - Global Startup: kiz6v80t.lnk = C:\WINDOWS\kiz6v80t.exe
O4 - Global Startup: 9H0ZCC70.lnk = C:\WINDOWS\9h0zcc70.exe
O4 - Global Startup: 7O4D6KJC.lnk = C:\WINDOWS\7o4d6kjc.exe
O4 - Global Startup: 5LY4UHIB.lnk = C:\WINDOWS\5ly4uhib.exe
O4 - Global Startup: BH217LYH.lnk = C:\WINDOWS\bh217lyh.exe
O4 - Global Startup: Y36X8JRU.lnk = C:\WINDOWS\y36x8jru.exe
O4 - Global Startup: 077WWHBM.lnk = C:\WINDOWS\077wwhbm.exe
O4 - Global Startup: MBJRAD6J.lnk = C:\WINDOWS\mbjrad6j.exe
O4 - Global Startup: QK47XNR4.lnk = C:\WINDOWS\qk47xnr4.exe
O4 - Global Startup: C87IKA3V.lnk = C:\WINDOWS\c87ika3v.exe
O4 - Global Startup: GX0DTWPQ.lnk = C:\WINDOWS\gx0dtwpq.exe
O4 - Global Startup: UIFZER48.lnk = C:\WINDOWS\uifzer48.exe
O4 - Global Startup: PUI99NQT.lnk = C:\WINDOWS\pui99nqt.exe
O4 - Global Startup: IOJQA8XP.lnk = C:\WINDOWS\iojqa8xp.exe
O4 - Global Startup: PNQY01C7.lnk = C:\WINDOWS\pnqy01c7.exe
O4 - Global Startup: QQBYB77R.lnk = C:\WINDOWS\qqbyb77r.exe
O4 - Global Startup: 4N3YZBMM.lnk = C:\WINDOWS\4n3yzbmm.exe
O4 - Global Startup: K2UJPV0K.lnk = C:\WINDOWS\k2ujpv0k.exe
O4 - Global Startup: L7B3J39U.lnk = C:\WINDOWS\l7b3j39u.exe
O4 - Global Startup: BABIYGJ2.lnk = C:\WINDOWS\babiygj2.exe
O4 - Global Startup: E1KD73ZU.lnk = C:\WINDOWS\e1kd73zu.exe
O4 - Global Startup: LUZMF850.lnk = C:\WINDOWS\luzmf850.exe
O4 - Global Startup: 1JC6LGBC.lnk = C:\WINDOWS\1jc6lgbc.exe
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37880.7097685185
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) - http://216.132.173.29/CabFiles/dwInfo.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.clerk.org/activex/smsx.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB

Having problems with missing shortcuts at start up. Have run Adaware and Hijack this. I have included log.

2
Contributors
1
Reply
2
Views
13 Years
Discussion Span
Last Post by caperjack
0

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.