Jump to content


Photo

Help me with this log


  • Please log in to reply
6 replies to this topic

#1 scheuerman

scheuerman

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 08 July 2004 - 04:28 PM

Logfile of HijackThis v1.97.2
Scan saved at 3:27:17 PM, on 8/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\crvo32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\WINDOWS\sdkoi32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jmrxp.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jmrxp.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jmrxp.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jmrxp.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jmrxp.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jmrxp.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install
O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install
O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install
O4 - HKLM\..\Run: [UCMAGMZO] c:\windows\system32\ucmagmzo.exe /install
O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install
O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install
O4 - HKLM\..\Run: [UCCVZZZK] c:\windows\system32\uccvzzzk.exe /install
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe
O4 - HKLM\..\Run: [sdkoi32.exe] C:\WINDOWS\sdkoi32.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1078692612875
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8049.9088078704
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...371/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab....x/PCAXSetup.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 04:30 PM

Hello please download About:Buster Version 1.25 and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.


Ducky
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 scheuerman

scheuerman

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 11:24 AM

Here is the About Buster Log:

-- Scan 1 --------
About:Buster Version 1.26
Removed! : C:\WINDOWS\aewstb.dat
Removed! : C:\WINDOWS\agxoxj.dat
Removed! : C:\WINDOWS\ajqvup.dat
Removed! : C:\WINDOWS\applf.exe
Removed! : C:\WINDOWS\bbfnsq.dat
Removed! : C:\WINDOWS\cjilsp.dat
Removed! : C:\WINDOWS\cjppeb.dat
Removed! : C:\WINDOWS\d3ff.exe
Removed! : C:\WINDOWS\d3ns.exe
Removed! : C:\WINDOWS\d3qa32.exe
Removed! : C:\WINDOWS\d3uj.exe
Removed! : C:\WINDOWS\d3vq.exe
Removed! : C:\WINDOWS\dmised.dat
Removed! : C:\WINDOWS\docpdy.dat
Removed! : C:\WINDOWS\dsqyds.dat
Removed! : C:\WINDOWS\dzpyks.dat
Removed! : C:\WINDOWS\evauyy.dat
Removed! : C:\WINDOWS\falryt.dat
Removed! : C:\WINDOWS\gdqaao.dat
Removed! : C:\WINDOWS\gdtxyj.dat
Removed! : C:\WINDOWS\hkqdzp.dat
Removed! : C:\WINDOWS\hoksad.dat
Removed! : C:\WINDOWS\hvmweo.dat
Removed! : C:\WINDOWS\ieiq.exe
Removed! : C:\WINDOWS\ieozjv.dat
Removed! : C:\WINDOWS\iets32.exe
Removed! : C:\WINDOWS\ieut.exe
Removed! : C:\WINDOWS\iezi.exe
Removed! : C:\WINDOWS\ikceku.dat
Removed! : C:\WINDOWS\javalq32.exe
Removed! : C:\WINDOWS\javaxa32.exe
Removed! : C:\WINDOWS\jaxymf.dat
Removed! : C:\WINDOWS\jgwtrv.dat
Removed! : C:\WINDOWS\jlmhmf.dat
Removed! : C:\WINDOWS\jmrxp.dat
Removed! : C:\WINDOWS\jmrxp.dll
Removed! : C:\WINDOWS\jvjzmw.dat
Removed! : C:\WINDOWS\jwwbxl.dat
Removed! : C:\WINDOWS\kdmcel.dat
Removed! : C:\WINDOWS\knnjna.dat
Removed! : C:\WINDOWS\ktxrnh.dat
Removed! : C:\WINDOWS\kwzavt.dat
Removed! : C:\WINDOWS\lfafpm.dat
Removed! : C:\WINDOWS\lgxzqs.dat
Removed! : C:\WINDOWS\ljozxr.dat
Removed! : C:\WINDOWS\llmlkc.dat
Removed! : C:\WINDOWS\lndsub.dat
Removed! : C:\WINDOWS\loxdzl.dat
Removed! : C:\WINDOWS\ltxrud.dat
Removed! : C:\WINDOWS\lzkxia.dat
Removed! : C:\WINDOWS\mfcpc32.exe
Removed! : C:\WINDOWS\mmtbdh.dat
Removed! : C:\WINDOWS\mpcxmd.dat
Removed! : C:\WINDOWS\mrprsd.dat
Removed! : C:\WINDOWS\msei32.exe
Removed! : C:\WINDOWS\msfa32.exe
Removed! : C:\WINDOWS\mttfyw.dat
Removed! : C:\WINDOWS\mxlcrx.dat
Removed! : C:\WINDOWS\nawzee.dat
Removed! : C:\WINDOWS\netdq.exe
Removed! : C:\WINDOWS\netrx.exe
Removed! : C:\WINDOWS\nnhwky.dat
Removed! : C:\WINDOWS\nsxeoi.dat
Removed! : C:\WINDOWS\ntuz32.exe
Removed! : C:\WINDOWS\nuinfk.dat
Removed! : C:\WINDOWS\nxfqtq.dat
Removed! : C:\WINDOWS\n_cuxclp.dat
Removed! : C:\WINDOWS\n_dhysti.dat
Removed! : C:\WINDOWS\n_hhdzja.dat
Removed! : C:\WINDOWS\n_jysesq.dat
Removed! : C:\WINDOWS\n_kfwaay.dat
Removed! : C:\WINDOWS\n_krxydt.dat
Removed! : C:\WINDOWS\oapnfx.dat
Removed! : C:\WINDOWS\ooamqi.dat
Removed! : C:\WINDOWS\owdbld.dat
Removed! : C:\WINDOWS\owziov.dat
Removed! : C:\WINDOWS\pdjhhp.dat
Removed! : C:\WINDOWS\phkiyn.dat
Removed! : C:\WINDOWS\ppgwwf.dat
Removed! : C:\WINDOWS\ppnczy.dat
Removed! : C:\WINDOWS\pqhzpr.dat
Removed! : C:\WINDOWS\qdqadu.dat
Removed! : C:\WINDOWS\qehgkg.dat
Removed! : C:\WINDOWS\qhsejc.dat
Removed! : C:\WINDOWS\qombtz.dat
Removed! : C:\WINDOWS\qtavkx.dat
Removed! : C:\WINDOWS\ragrwz.dat
Removed! : C:\WINDOWS\raupxw.dat
Removed! : C:\WINDOWS\rcvnat.dat
Removed! : C:\WINDOWS\retrpm.dat
Removed! : C:\WINDOWS\rgawya.dat
Removed! : C:\WINDOWS\rhacxn.dat
Removed! : C:\WINDOWS\rrfxff.dat
Removed! : C:\WINDOWS\sdkns32.exe
Error Removing! : C:\WINDOWS\sdkoi32.dll
Removed! : C:\WINDOWS\sdkzb.exe
Removed! : C:\WINDOWS\seynqf.dat
Removed! : C:\WINDOWS\sjiogz.dat
Removed! : C:\WINDOWS\sqmuhw.dat
Removed! : C:\WINDOWS\svxeun.dat
Removed! : C:\WINDOWS\sysbx32.exe
Removed! : C:\WINDOWS\sysla32.exe
Removed! : C:\WINDOWS\syswn32.exe
Removed! : C:\WINDOWS\tdiizb.dat
Removed! : C:\WINDOWS\tfgccp.dat
Removed! : C:\WINDOWS\tgibou.dat
Removed! : C:\WINDOWS\tqloct.dat
Removed! : C:\WINDOWS\ttsyzs.dat
Removed! : C:\WINDOWS\whpcol.dat
Removed! : C:\WINDOWS\wmkytc.dat
Removed! : C:\WINDOWS\wysozk.dat
Removed! : C:\WINDOWS\xgzybj.dat
Removed! : C:\WINDOWS\xjzszp.dat
Removed! : C:\WINDOWS\yrsuop.dat
Removed! : C:\WINDOWS\yyxzhj.dat
Removed! : C:\WINDOWS\zodtlp.dat
Removed! : C:\WINDOWS\ztapon.dat
Removed! : C:\WINDOWS\System32\cmqcn.dat
Removed! : C:\WINDOWS\System32\javaii32.exe
Removed! : C:\WINDOWS\System32\netja.exe
Removed! : C:\WINDOWS\System32\zenyd.dat
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed __NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!






And the Hijack This Log:


Logfile of HijackThis v1.97.2
Scan saved at 10:23:18 AM, on 8/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\winpc32.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\winyy.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install
O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install
O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install
O4 - HKLM\..\Run: [UCMAGMZO] c:\windows\system32\ucmagmzo.exe /install
O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install
O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install
O4 - HKLM\..\Run: [UCCVZZZK] c:\windows\system32\uccvzzzk.exe /install
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe
O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKLM\..\RunOnce: [winyy.exe] C:\WINDOWS\winyy.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1078692612875
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8049.9088078704
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...371/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab....x/PCAXSetup.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

#4 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 09 July 2004 - 12:22 PM

Hmm doesnt look good. Reboot into safe mode and try again. Booting into safe mode is easy just tap F8 when the computer is first booting.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#5 scheuerman

scheuerman

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 04:22 PM

About Buster in Safe MOde log:

-- Scan 1 --------
About:Buster Version 1.26
Removed! : C:\WINDOWS\sdkoi32.dll
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!








Hijack This in Safe Mode LOg:

Logfile of HijackThis v1.97.2
Scan saved at 3:21:40 PM, on 8/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install
O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install
O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install
O4 - HKLM\..\Run: [UCMAGMZO] c:\windows\system32\ucmagmzo.exe /install
O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install
O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install
O4 - HKLM\..\Run: [UCCVZZZK] c:\windows\system32\uccvzzzk.exe /install
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe
O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1078692612875
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8049.9088078704
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...371/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab....x/PCAXSetup.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab

thanks for your help

Edited by scheuerman, 09 July 2004 - 04:23 PM.


#6 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 09 July 2004 - 05:10 PM

Hey looks like the main infection is gone. :) Good news !

Ok run Hijack This and tick the boxes next to these items.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {C93674FC-5119-8EBA-A174-F9BA8737F9AD} - C:\WINDOWS\sdkoi32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [FTNHXLEV] c:\windows\system32\ftnhxlev.exe /install
O4 - HKLM\..\Run: [RDQEECJS] c:\windows\system32\rdqeecjs.exe /install
O4 - HKLM\..\Run: [TKNDXCNG] c:\windows\system32\tkndxcng.exe /install
O4 - HKLM\..\Run: [UCMAGMZO] c:\windows\system32\ucmagmzo.exe /install
O4 - HKLM\..\Run: [EQOKGLJX] c:\windows\system32\eqokgljx.exe /install
O4 - HKLM\..\Run: [JWTHAMSJ] c:\windows\system32\jwthamsj.exe /install
O4 - HKLM\..\Run: [UCCVZZZK] c:\windows\system32\uccvzzzk.exe /install
O4 - HKLM\..\Run: [atlun32.exe] C:\WINDOWS\system32\atlun32.exe
O4 - HKLM\..\Run: [apptq32.exe] C:\WINDOWS\system32\apptq32.exe
O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaCA89.exe

Now close all windows and hit fix checked. Restart and delete all these files if present.

C:\WINDOWS\winpc32.exe
C:\WINDOWS\system32\ftnhxlev.exe
C:\WINDOWS\system32\rdqeecjs.exe
C:\WINDOWS\system32\tkndxcng.exe
C:\WINDOWS\system32\ucmagmzo.exe
C:\WINDOWS\system32\eqokgljx.exe
C:\WINDOWS\system32\jwthamsj.exe
C:\WINDOWS\system32\uccvzzzk.exe
C:\WINDOWS\system32\atlun32.exe
C:\WINDOWS\system32\apptq32.exe

Restart once more and post a new Hijack this log.

Edited by RubbeR DuckY, 09 July 2004 - 05:16 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#7 scheuerman

scheuerman

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 09 July 2004 - 09:24 PM

hijack this log


Logfile of HijackThis v1.97.2
Scan saved at 8:23:35 PM, on 8/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\netmh.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\winpc32.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users.WINDOWS\Documents\My Music\McAfee Virus Scan Home Edition 2004 Full Retail\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ptnqz.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ptnqz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ptnqz.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ptnqz.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - C:\WINDOWS\system32\appmq32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKLM\..\RunOnce: [netmh.exe] C:\WINDOWS\netmh.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Blubster Support - file://C:\Program Files\BlubsterSupport\System\Temp\blubstershop_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1078692612875
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europ.../wowbeta/Si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8049.9088078704
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...371/mcfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - http://www.photolab....x/PCAXSetup.cab?
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/bin/msnchat45.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button