Endless Paradigm

Endless Paradigm > Computers & Tech > Crazy Computer > HELP! My computer [b]was[/b] being attacked!
Full Version: HELP! My computer [b]was[/b] being attacked!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

MoseZ

16/04/2008, 03:39 PM
I was bumrushed with an spyware/adware attack about 15 mins ago. I ran my AVG as soon as possible, and quaritined most of it, then restarted my cpu, and repeated AVG. It has locked me out of my task manager, and it's just generally fucking up everything. Can y'all please help me fix this? I'm doing everything that I know of right now. . . .

Here is my HijackThis Logfile: And my Analyzed Logfile http://hijackthis.de/#anl
Spoiler for Before Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:25 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\gvebkdur.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scm.exe
C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {7c109800-a5d5-438f-9640-18d17e168b88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: DVA Storm - {b2c9246a-b8e3-4e21-b777-600e9be4f23e} - C:\WINDOWS\lgmxvpatwfq.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O3 - Toolbar: qtvglped - {0A1A0015-CF20-4AA1-B7BB-A33B81F8E478} - C:\WINDOWS\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Rapget] C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKLM\..\Policies\Explorer\Run: [s2gwouJd1m] C:\WINDOWS\gvebkdur.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [0eajmuJd1m] C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {9034a523-d068-4be8-a284-9df278be776e} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034a523-d068-4be8-a284-9df278be776e} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol....0.84.2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5935A18D-315F-4ADD-A342-D853855DA379}: NameServer = 85.255.116.158,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{6545F437-1944-4664-8810-DA842AFFF743}: NameServer = 85.255.116.158,85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B2D90D-73A1-4659-AB82-98EE6BE705DF}: NameServer = 85.255.116.158,85.255.112.109
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: opnlihGy - opnlihGy.dll (file missing)
O21 - SSODL: KernelRunOnce - {11d2a3d6-00a3-4fea-a82a-93317119b5b1} - C:\WINDOWS\Resources\KernelRunOnce.dll
O21 - SSODL: zip - {9b7ba008-8ebd-4b45-a773-c39f38c846d3} - C:\WINDOWS\Installer\{9b7ba008-8ebd-4b45-a773-c39f38c846d3}\zip.dll
O21 - SSODL: omlbpkaw - {7993BB15-48F2-41BE-9D7A-F3CEE6170CDF} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {583A3666-BD95-4263-9F5F-B740E58EAE93} - C:\WINDOWS\pmsoarbf.dll (file missing)
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)

--
End of file - 13159 bytes
My HijackThis Report After I ran Spybot S&D and my link http://www.hijackthis.de/#anl
Spoiler for After Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:46 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\gvebkdur.exe
C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
O3 - Toolbar: qtvglped - {0A1A0015-CF20-4AA1-B7BB-A33B81F8E478} - C:\WINDOWS\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Rapget] C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [s2gwouJd1m] C:\WINDOWS\gvebkdur.exe
O4 - HKLM\..\Policies\Explorer\Run: [0eajmuJd1m] C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol....0.84.2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5935A18D-315F-4ADD-A342-D853855DA379}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6545F437-1944-4664-8810-DA842AFFF743}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B2D90D-73A1-4659-AB82-98EE6BE705DF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: opnlihGy - opnlihGy.dll (file missing)
O21 - SSODL: KernelRunOnce - {11d2a3d6-00a3-4fea-a82a-93317119b5b1} - C:\WINDOWS\Resources\KernelRunOnce.dll (file missing)
O21 - SSODL: zip - {9b7ba008-8ebd-4b45-a773-c39f38c846d3} - C:\WINDOWS\Installer\{9b7ba008-8ebd-4b45-a773-c39f38c846d3}\zip.dll (file missing)
O21 - SSODL: omlbpkaw - {7993BB15-48F2-41BE-9D7A-F3CEE6170CDF} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {583A3666-BD95-4263-9F5F-B740E58EAE93} - C:\WINDOWS\pmsoarbf.dll (file missing)
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)

--
End of file - 12736 bytes
Link Here -» http://hijackthis.de/#anl
Spoiler for Third & Last:
  
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:58 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\gvebkdur.exe
C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: qtvglped - {0A1A0015-CF20-4AA1-B7BB-A33B81F8E478} - C:\WINDOWS\qtvglped.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Rapget] C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [s2gwouJd1m] C:\WINDOWS\gvebkdur.exe
O4 - HKLM\..\Policies\Explorer\Run: [0eajmuJd1m] C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll (file missing)
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol....0.84.2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5935A18D-315F-4ADD-A342-D853855DA379}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6545F437-1944-4664-8810-DA842AFFF743}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B2D90D-73A1-4659-AB82-98EE6BE705DF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: opnlihGy - opnlihGy.dll (file missing)
O21 - SSODL: KernelRunOnce - {11d2a3d6-00a3-4fea-a82a-93317119b5b1} - C:\WINDOWS\Resources\KernelRunOnce.dll (file missing)
O21 - SSODL: zip - {9b7ba008-8ebd-4b45-a773-c39f38c846d3} - C:\WINDOWS\Installer\{9b7ba008-8ebd-4b45-a773-c39f38c846d3}\zip.dll (file missing)
O21 - SSODL: omlbpkaw - {7993BB15-48F2-41BE-9D7A-F3CEE6170CDF} - C:\WINDOWS\omlbpkaw.dll (file missing)
O21 - SSODL: pmsoarbf - {583A3666-BD95-4263-9F5F-B740E58EAE93} - C:\WINDOWS\pmsoarbf.dll (file missing)
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12888 bytes
So I finally got everything. Now all I got to do is tinker with it for perfection, but the real Threat is over. Thanks Hibby, NiGathan, Roberth, and anyone else if I forgot sorry. Now FINALLY. . . . .off to bed :)

NIGathan

16/04/2008, 03:44 PM
oooo task manager locks are a pain in tha donkey. I have no idea how to get rid of it except reinstalling Windows... sorry, maybe someone else knows more than me... I've never been one to get viruses.

Chroma

16/04/2008, 03:45 PM
1. Try booting into safe mode, then running the cleanup

2. Bumrushed? What do you mean?

3. Moving this to Computer Confab, as this has nothing to do with EP

hibbyware

16/04/2008, 03:45 PM
What OS are you using?

Do you get an error message when trying to access task manager?

[Image: taskmgrdis.jpg]

roberth

16/04/2008, 03:46 PM
moved it already..well, someone did, it was me or you

Also, i would like to know what you mean by bumrushed, its hard to help unless wee knoew a few more details than that

MoseZ

16/04/2008, 03:47 PM
Bumrushed, it all happened very quickly, one right after the other. like one installed a virus that intstalled another that installed another, and so on and so forth.

MoseZ

16/04/2008, 03:47 PM
cna wee shout box this to make it a bit easier?

roberth

16/04/2008, 03:49 PM
well, what triggered the initial attack?

roberth

16/04/2008, 04:29 PM
Spoiler:

The following analyses has been stored temporarily
Logfile of Trend...[Remove Logfile]
17.04.2008, 01:15:02

Show the visitors ratings
  

Help us to keep this free service online! Please give us a small donation via PayPal.
Wee didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
Wee recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
Actions

Entry

Kind

Visitor's assessment

Information
Analyzerdetails
Logfile of Trend Micro HijackThis v2.0.2

Kind
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)

Kind

Analyzerdetails
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Kind
This should be the newest version.
Visitor's assessment Analyzerdetails
Boot mode: Normal

Kind

Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\System32\smss.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\winlogon.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\services.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\lsass.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\Ati2evxx.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\svchost.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\System32\svchost.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\Ati2evxx.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\brsvc01a.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\brss01a.exe

Kind

Very safe
Very safe

Brother Druckertreiber
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\spoolsv.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

Kind

Very safe
Very safe

Apple Mobile Device Support
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\Brmfrmps.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Iomega\System32\AppServices.exe

Kind

Safe
Safe

Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\svchost.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\WINDOWS\Explorer.EXE

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Unknown
C:\WINDOWS\gvebkdur.exe

Kind
This is a unknown process.
Visitor's assessment Analyzerdetails
C:\Program Files\NetProject\scit.exe

Kind

Nasty
Nasty
This is a unknown process.
This entry was classified from our visitors as bad.
Visitor's assessment Analyzerdetails
C:\Program Files\NetProject\sbmntr.exe

Kind

Nasty
Nasty
Fuzzy Algorithmcheck (1.78 / 5.00), Nasty
Visitor's assessment Analyzerdetails
C:\Program Files\NetProject\scm.exe

Kind

Nasty
Nasty

Possibly nasty! According to our database this process runs normally in c:\programme\netgear\sc101 manager utility\client\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as bad.
Visitor's assessment Analyzerdetails Unknown
C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe

Kind
Fuzzy Algorithmcheck (3.12 / 5.00), Neutral
Visitor's assessment Analyzerdetails
C:\Program Files\NetProject\sbsm.exe

Kind

Nasty
Nasty
Fuzzy Algorithmcheck (1.81 / 5.00), Nasty
Visitor's assessment Analyzerdetails
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

Kind

Intel PRO Ethernet card manager
Visitor's assessment Analyzerdetails
C:\WINDOWS\SOUNDMAN.EXE

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

Kind

Very safe
Very safe

Scansoft related
Visitor's assessment Analyzerdetails
C:\Program Files\Brother\ControlCenter2\brctrcen.exe

Kind

Safe
Safe

Brother Control Center
Visitor's assessment Analyzerdetails
C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe

Kind
Fuzzy Algorithmcheck (4.09 / 5.00), Safe
Visitor's assessment Analyzerdetails
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe

Kind
Fuzzy Algorithmcheck (3.67 / 5.00), Safe
Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

Kind

Roxio WinOnCD 8 AutoUpdate
Visitor's assessment Analyzerdetails
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Program Files\iTunes\iTunesHelper.exe

Kind

Safe
Safe
Not dangerous, but unnecessary.
Apple iTunes
Visitor's assessment Analyzerdetails
C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe

Kind

Neutral
Neutral

Java Runtime
Visitor's assessment Analyzerdetails
C:\WINDOWS\mrofinu1535.exe

Kind
Fuzzy Algorithmcheck (1.61 / 5.00), Nasty
Visitor's assessment Analyzerdetails
C:\WINDOWS\system32\ctfmon.exe

Kind

Very safe
Very safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

Kind

Safe
Safe

Part of Roxio Burning Utility
Visitor's assessment Analyzerdetails
C:\Program Files\Microsoft ActiveSync\wcescomm.exe

Kind

Very safe
Very safe

Microsoft Active Sync
Visitor's assessment Analyzerdetails
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Kind

Safe
Safe

Associated with GoogleToolbarNotifier from Google Inc.
Visitor's assessment Analyzerdetails
C:\PROGRA~1\MICROS~1\rapimgr.exe

Kind

Very safe
Very safe

Microsoft ActiveSync
Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

Kind

Safe
Safe

Nero Burning Monitor
Visitor's assessment Analyzerdetails
C:\Program Files\Messenger\msmsgs.exe

Kind

Neutral
Neutral

MSN Messenger
Visitor's assessment Analyzerdetails
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe

Kind

Safe
Safe

Belkin Wireless Utility
Visitor's assessment Analyzerdetails
C:\Program Files\iPod\bin\iPodService.exe

Kind

Very safe
Very safe

Visitor's assessment Analyzerdetails
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

Kind

Very safe
Very safe
Fuzzy Algorithmcheck (4.14 / 5.00), Safe
Visitor's assessment Analyzerdetails
C:\Program Files\Common Files\Sonic Shared\CineTray.exe

Kind

Neutral
Neutral

Sonic cineplayer
Visitor's assessment Analyzerdetails
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

Kind

Very safe
Very safe

Brother related software
Visitor's assessment Analyzerdetails
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

Kind

Very safe
Very safe

Brother Printer related
Visitor's assessment Analyzerdetails
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat

Kind

Very safe
Very safe

Part of AVG Anti-Virus
Visitor's assessment Analyzerdetails
C:\Program Files\Internet Explorer\iexplore.exe

Kind

Safe
Safe

This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Kind

Very safe
Very safe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Visitor's assessment Analyzerdetails
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Very safe
Very safe
This page has been identified as safe.
Visitor's assessment Analyzerdetails
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Kind

Very safe
Very safe
This page has been identified as safe.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Safe
Safe
This page has been identified as safe.
Visitor's assessment Analyzerdetails
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

Kind

Safe
Safe
This page has been identified as safe.
Visitor's assessment Analyzerdetails
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

Kind

Safe
Safe
This page has been identified as safe.
Visitor's assessment Analyzerdetails
O2 - BHO: (no name) - {7c109800-a5d5-438f-9640-18d17e168b88} - C:\Program Files\NetProject\sbmdl.dll

Kind
Fuzzy Algorithmcheck (1.74 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O2 - BHO: DVA Storm - {b2c9246a-b8e3-4e21-b777-600e9be4f23e} - C:\WINDOWS\lgmxvpatwfq.dll (file missing)

Kind
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)

Kind
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll

Kind
Fuzzy Algorithmcheck (1.81 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O3 - Toolbar: qtvglped - {0A1A0015-CF20-4AA1-B7BB-A33B81F8E478} - C:\WINDOWS\qtvglped.dll (file missing)

Kind
Unknown application.
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

Kind

Safe
Safe
Not dangerous, but unnecessary. System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

Kind

Safe
Safe
Not dangerous, but unnecessary. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

Kind

Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Kind

Very safe
Very safe
Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

Kind

Safe
Safe

Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

Kind
Not dangerous, but unnecessary. "PaperPort" software associated with scanners
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

Kind
Not dangerous, but unnecessary. Associated with PaperPort scanner software from ScanSoft
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

Kind
Brother Printer Related
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

Kind
Not dangerous, but unnecessary. Brother scanner 'Control Center' application; can be started manually
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Rapget] C:\download\RapGet.v1.36-SSL.Libraries\RapGet.v1.36-SSL.Libraries\rapget.exe

Kind
Fuzzy Algorithmcheck (4.09 / 5.00), Safe
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe

Kind

Safe
Safe
Vista Drive - Shows the drivespace in XP like in Vista.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"

Kind

Neutral
Neutral
Not dangerous, but unnecessary. Iomega HotBurn - CD-RW burning software
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

Kind

Neutral
Neutral
Roxio easy media creator software
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime

Kind
Not dangerous, but unnecessary. QuickTime
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

Kind

Safe
Safe
Not dangerous, but unnecessary.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_10\bin\jusched.exe

Kind
Java von Sun
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257

Kind
Fuzzy Algorithmcheck (1.79 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

Kind


Very safe
Very safe
Active sync for use with Windows CE based palm PC
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Kind

Very safe
Very safe
Associated with GoogleToolbarNotifier from Google Inc.
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe

Kind

Extremely nasty
Extremely nasty
Unknown application. This entry was classified from our visitors as bad.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Policies\Explorer\Run: [s2gwouJd1m] C:\WINDOWS\gvebkdur.exe

Kind
Fuzzy Algorithmcheck (2.06 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

Kind

Nasty
Nasty
Fuzzy Algorithmcheck (2.59 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

Kind

Extremely nasty
Extremely nasty
Fuzzy Algorithmcheck (1.74 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Policies\Explorer\Run: [0eajmuJd1m] C:\Documents and Settings\All Users\Application Data\yjipwfkh\wlitylkh.exe

Kind
Fuzzy Algorithmcheck (2.35 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')

Kind
Desktop Sidebar
Visitor's assessment Analyzerdetails
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

Kind

Very safe
Very safe
Part of AVG Anti-Virus 7.0
Visitor's assessment Analyzerdetails
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

Kind
Fuzzy Algorithmcheck (2.86 / 5.00), Nasty
Visitor's assessment Analyzerdetails
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?

Kind

The entry is unnecessary and can be fixed. D-Link Wireless Network Card
Visitor's assessment Analyzerdetails
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe

Kind

Safe
Safe
Wireless Router
Visitor's assessment Analyzerdetails
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe

Kind

Safe
Safe
Sonic CinePlayer
Visitor's assessment Analyzerdetails
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

Kind

Very safe
Very safe
Not dangerous, but unnecessary. Brother scanner status monitor - can be started manually
Visitor's assessment Analyzerdetails
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Kind

Neutral
Neutral
To be fixed immediately! Such entries should be fixed as a general rule.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll

Kind

Nasty
Nasty
The entry has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_10\bin\npjpi142_10.dll

Kind

Nasty
Nasty
The entry Sun Java Console has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

Kind
The entry Subscribe in Desktop Sidebar has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

Kind
The entry Subscribe in Desktop Sidebar has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll

Kind
The entry Create Mobile Favorite has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll

Kind
The entry has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll

Kind
The entry Create Mobile Favorite... has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {9034a523-d068-4be8-a284-9df278be776e} - http://www.gateietool.com/redirect.php (file missing)

Kind
To be fixed if the entry '' is unknown.
Unnecessary (deactivated) entry that can be fixed. Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034a523-d068-4be8-a284-9df278be776e} - http://www.gateietool.com/redirect.php (file missing)

Kind
To be fixed if the entry 'IE Anti' is unknown.
Unnecessary (deactivated) entry that can be fixed. Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Kind

Safe
Safe
The entry has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Kind

Very safe
Very safe
The entry @xpsp3res.dll, has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Kind

Very safe
Very safe
The entry Messenger has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Kind

Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol....0.84.2.cab

Kind
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CCS\Services\Tcpip\..\{5935A18D-315F-4ADD-A342-D853855DA379}: NameServer = 85.255.116.158,85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158,85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CCS\Services\Tcpip\..\{6545F437-1944-4664-8810-DA842AFFF743}: NameServer = 85.255.116.158,85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158,85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B2D90D-73A1-4659-AB82-98EE6BE705DF}: NameServer = 85.255.116.158,85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158,85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158 85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158 85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.158 85.255.112.109

Kind
Do you know the IP or Domain '85.255.116.158 85.255.112.109'? If not, fix this entry.
Visitor's assessment Analyzerdetails Unknown
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll

Kind

Extremely nasty
Extremely nasty

Visitor's assessment Analyzerdetails
O20 - Winlogon Notify: opnlihGy - opnlihGy.dll (file missing)

Kind
Unnecessary (deactivated) entry that can be fixed.
Visitor's assessment Analyzerdetails
O21 - SSODL: KernelRunOnce - {11d2a3d6-00a3-4fea-a82a-93317119b5b1} - C:\WINDOWS\Resources\KernelRunOnce.dll

Kind
Fuzzy Algorithmcheck (3.58 / 5.00), Safe
Visitor's assessment Analyzerdetails Unknown
O21 - SSODL: zip - {9b7ba008-8ebd-4b45-a773-c39f38c846d3} - C:\WINDOWS\Installer\{9b7ba008-8ebd-4b45-a773-c39f38c846d3}\zip.dll

Kind
Fuzzy Algorithmcheck (3.24 / 5.00), Neutral
Visitor's assessment Analyzerdetails Unknown
O21 - SSODL: omlbpkaw - {7993BB15-48F2-41BE-9D7A-F3CEE6170CDF} - C:\WINDOWS\omlbpkaw.dll (file missing)

Kind

Visitor's assessment Analyzerdetails Unknown
O21 - SSODL: pmsoarbf - {583A3666-BD95-4263-9F5F-B740E58EAE93} - C:\WINDOWS\pmsoarbf.dll (file missing)

Kind

Visitor's assessment Analyzerdetails Unknown
O22 - SharedTaskScheduler: exegeses - {db763ed8-100a-481b-8913-50a2f41dcdc3} - C:\WINDOWS\system32\bubbj.dll

Kind

Visitor's assessment Analyzerdetails Unknown
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)

Kind

Visitor's assessment Analyzerdetails
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

Kind

Safe
Safe
This service (AppleMobileDeviceService.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

Kind

Safe
Safe
This service (Ati2evxx.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

Kind

Very safe
Very safe
This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

Kind

Very safe
Very safe
This service (avgupsvc.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Kind

Very safe
Very safe
This service (avgemc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

Kind
This service (Brmfrmps.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

Kind

Very safe
Very safe
This service (brsvc01a.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Kind

Safe
Safe
This service (GoogleUpdaterService.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

Kind

Safe
Safe
This service (IDriverT.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

Kind

Safe
Safe
This service (AppServices.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

Kind

Very safe
Very safe
This service (iPodService.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Kind

Safe
Safe
This service (LSSrvc.exe) was identified as a good one. This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

Kind
This service (NetSvc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

Kind

Neutral
Neutral
Fuzzy Algorithmcheck (4.13 / 5.00), Safe
Visitor's assessment Analyzerdetails
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

Kind

Neutral
Neutral
This service (RoxMediaDB.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

Kind

Neutral
Neutral
Fuzzy Algorithmcheck (4.07 / 5.00), Safe
Visitor's assessment Analyzerdetails
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Digital Home 8\RoxUpnpServer.exe

Kind
This service (RoxUpnpServer.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

Kind

Neutral
Neutral
This service (RoxWatch.exe) was identified as a good one.
Visitor's assessment Analyzerdetails Unknown
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)

Kind
Unknown service. (spools.exe)

u_c_taker

17/04/2008, 04:11 AM
hmm u could create another profile my friends pc got a similar attack i created a new account in which task manager wasn't blocked but  i couldnt completely remove the virus so i reinstalled his os
Pages: 1 2
Endless Paradigm > Computers & Tech > Crazy Computer > HELP! My computer [b]was[/b] being attacked!
Reference URL's