COMBOFIX LOG
ComboFix 08-07-31.06 - Sharon Nauss 2008-08-01 12:52:36.1 - NTFSx86 NETWORK
Running from: C:\Documents and Settings\Sharon Nauss\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Sharon Nauss\Application Data\macromedia\Flash Player\#SharedObjects\JMFHFEPA\interclick.com
C:\Documents and Settings\Sharon Nauss\Application Data\macromedia\Flash Player\#SharedObjects\JMFHFEPA\interclick.com\ud.sol
C:\Documents and Settings\Sharon Nauss\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sharon Nauss\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMbba4752a.txt
C:\WINDOWS\BMbba4752a.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\eeqxfhft.ini
C:\WINDOWS\system32\geBroNhg.dll
C:\WINDOWS\system32\ghboqcns.ini
C:\WINDOWS\system32\jkkKefGy.dll
C:\WINDOWS\system32\ljJYSige.dll
C:\WINDOWS\SYSTEM32\lyptxmtc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pWaadfii.ini
C:\WINDOWS\SYSTEM32\pWaadfii.ini2
C:\WINDOWS\system32\tuvSifDT.dll
C:\WINDOWS\system32\vtUlMgHY.dll
C:\WINDOWS\system32\wvUkLBuU.dll
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.
2008-08-01 13:02 . 2008-08-01 13:04 294 ---hs---- C:\WINDOWS\SYSTEM32\lyptxmtc.ini
2008-08-01 13:01 . 2008-08-01 13:03 111,577 --a------ C:\WINDOWS\BMbba4752a.xml
2008-08-01 13:01 . 2008-08-01 13:01 22 --a------ C:\WINDOWS\pskt.ini
2008-08-01 10:44 . 2008-08-01 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-01 10:44 . 2008-08-01 10:44 83,456 --a------ C:\WINDOWS\SYSTEM32\ctmxtpyl.dll
2008-08-01 10:42 . 2008-08-01 10:42 114,176 --a------ C:\WINDOWS\SYSTEM32\owiyik.dll
2008-08-01 10:42 . 2008-08-01 10:42 114,176 --a------ C:\WINDOWS\SYSTEM32\jucnjoxc.dll
2008-08-01 10:42 . 2008-08-01 10:42 91,648 --a------ C:\WINDOWS\SYSTEM32\gpyjdegb.dll
2008-07-30 13:10 . 2008-07-30 13:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-30 10:52 . 2008-07-30 10:52 10,240 --a------ C:\WINDOWS\quit.exe
2008-07-29 21:05 . 2008-07-29 21:05 83,456 --a------ C:\WINDOWS\SYSTEM32\sncqobhg.dll
2008-07-29 21:02 . 2008-07-29 21:02 105,472 --a------ C:\WINDOWS\SYSTEM32\ybmilo.dll
2008-07-29 21:02 . 2008-07-29 21:02 105,472 --a------ C:\WINDOWS\SYSTEM32\lmvuvxuk.dll
2008-07-29 21:02 . 2008-07-29 21:02 91,648 --a------ C:\WINDOWS\SYSTEM32\knxhjcxy.dll
2008-07-29 16:42 . 2008-07-29 16:42 105,472 --a------ C:\WINDOWS\SYSTEM32\fzplev.dll
2008-07-29 16:42 . 2008-07-29 16:42 105,472 --a------ C:\WINDOWS\SYSTEM32\dqvvdagr.dll
2008-07-29 16:41 . 2008-07-29 16:41 314,880 --a------ C:\WINDOWS\SYSTEM32\iifdaaWp.dll
2008-07-29 16:36 . 2008-07-29 17:13 <DIR> d--hs---- C:\WINDOWS\U2hhcm9uIE5hdXNz
2008-07-29 16:36 . 2008-07-29 19:44 <DIR> d-------- C:\WINDOWS\SYSTEM32\ppt2
2008-07-29 16:36 . 2008-07-29 16:36 <DIR> d-------- C:\WINDOWS\SYSTEM32\heg2
2008-07-29 16:35 . 2008-07-29 16:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\kBin19
2008-07-29 16:35 . 2008-07-29 16:36 <DIR> d-------- C:\Temp\epr1
2008-07-29 16:35 . 2008-08-01 12:53 <DIR> d-------- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 20:18 --------- d--h--w C:\Program Files\InstallJammer Registry
2008-06-11 22:51 63,888 ----a-w C:\Documents and Settings\Sharon Nauss\Application Data\GDIPFONTCACHEV1.DAT
2008-06-10 00:24 --------- d-----w C:\Program Files\Java
2008-06-07 22:56 --------- d-----w C:\Documents and Settings\Sharon Nauss\Application Data\Share-to-Web Upload Folder
2005-07-29 19:24 472 --sha-r C:\WINDOWS\U2hhcm9uIE5hdXNz\oZ11wA6RKHc1xrhW.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46F89BE3-80DC-481B-B35C-80DA2E3BFB73}]
2008-07-29 16:41 314880 --a------ C:\WINDOWS\System32\iifdaaWp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a895529d-ac11-4543-8826-bb2012150aa0}]
2008-08-01 10:42 114176 --a------ C:\WINDOWS\System32\owiyik.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 20:18 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 19:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 19:15 610304]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 14:30 335872]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2002-11-01 18:47 208560]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2003-06-20 16:18 368640]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 12:18 28672]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-02-27 15:17 90112]
"MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2002-09-06 20:15 192512]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2002-09-04 12:28 151552]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 14:28 684032]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 17:09 139264]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 20:26 217088]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 03:00 99840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-09-09 00:01 26112]
"b89746b6"="C:\WINDOWS\System32\ctmxtpyl.dll" [2008-08-01 10:44 83456]
"BMbba4752a"="C:\WINDOWS\System32\gpyjdegb.dll" [2008-08-01 10:42 91648]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 19:17 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 18:18 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe [2003-10-06 20:32:01 1269836]
D-Link AirPlus G Wireless Utility.lnk - C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe [2006-07-19 15:40:12 782412]
D-Link REG Utility.lnk - C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\Reg.exe [2006-07-19 15:40:11 24576]
M-Audio Ozone Control Panel Launcher.lnk - C:\Program Files\M-Audio Ozone\OZTask.exe [2003-01-31 14:34:50 98304]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=owiyik.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= usbnz1x1.dll
"midi3"= usbnz1x1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-09-09 00:01 26112 C:\Program Files\Real\RealPlayer\realplay.exe
R0 BTMgr;Bluelet Device Manager Service;C:\WINDOWS\System32\Drivers\BTMgr.sys [2002-06-12 13:43]
R2 CVPNDRV;Cisco Systems IPsec Driver;C:\WINDOWS\System32\Drivers\CVPNDRV.sys [2002-08-07 13:23]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\System32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S3 Btusb;Bluetooth USB;C:\WINDOWS\System32\Drivers\Btusb.sys [2001-12-10 14:16]
S3 ccBirdPacket;Birdman's Packet Filter, 2001/02/18;C:\WINDOWS\System32\drivers\BgWinNT.sys [2002-02-22 12:34]
S3 EWAVE;EWAVE;C:\WINDOWS\System32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\WINDOWS\System32\drivers\FILESPY.sys []
S3 GBGSIF;FX-MAX virtual GSIF driver;C:\WINDOWS\System32\Drivers\GBGSIF.sys [2005-03-06 23:21]
S3 ma763008;M-Audio Ozone;C:\WINDOWS\System32\drivers\MA763008.sys [2007-10-01 12:43]
S3 MADFU008;MADFU008;C:\WINDOWS\System32\DRIVERS\MADFU008.sys [2007-10-01 12:43]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;C:\Program Files\MAGIX\Samplitude_SE_No9\mxasio.sys [2002-04-16 12:10]
S3 NSTATION;NSTATION;C:\WINDOWS\System32\drivers\nstation.sys []
S3 SynasUSB;SynasUSB;C:\WINDOWS\System32\drivers\SynasUSB.sys [2002-11-25 03:46]
S3 USBNZ1X1;M-Audio Ozone Midi;C:\WINDOWS\System32\drivers\usbnz1x1.sys [2007-10-01 12:43]
.
Contents of the 'Scheduled Tasks' folder
2008-08-01 C:\WINDOWS\Tasks\McAfee.com Update Check (D9PHFG31-Owner).job
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 12:28]
2008-08-01 C:\WINDOWS\Tasks\McAfee.com Update Check (D9PHFG31-Owner).job
- C:\PROGRA~1\McAfee.com\Agent [2008-03-08 23:24]
2008-08-01 C:\WINDOWS\Tasks\McAfee.com Update Check (SHARON-Sharon Nauss).job
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe [2002-09-04 12:28]
2008-08-01 C:\WINDOWS\Tasks\McAfee.com Update Check (SHARON-Sharon Nauss).job
- C:\PROGRA~1\McAfee.com\Agent [2008-03-08 23:24]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.google.ca/R0 -: HKCU-Main,Search Page =
hxxp://www.google.comR0 -: HKCU-Main,Search Bar =
hxxp://www.google.com/ieR0 -: HKLM-Main,Default_Search_URL =
hxxp://www.google.com/ieR0 -: HKLM-Main,Start Page =
hxxp://www.dellnet.comR1 -: HKCU-Internet Connection Wizard,ShellNext =
hxxp://www.dellnet.com/R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R0 -: HKCU-Search,SearchAssistant =
hxxp://www.google.com/ieR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant =
hxxp://www.google.com/ieO8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O18 -: Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O16 -: DirectAnimation Java Classes -
file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java -
file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} -
hxxp://prod1.centra.com/SiteRoots/main/ ... loader.cabC:\WINDOWS\Downloaded Program Files\CentraDownloader.inf
C:\WINDOWS\Downloaded Program Files\CentraDownloader.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-01 13:01:23
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\pskt.ini 22 bytes
C:\WINDOWS\system32\lyptxmtc.ini 1487794 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\System32\ctmxtpyl.dll
-> C:\WINDOWS\System32\gpyjdegb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsrte.exe
C:\Program Files\M-Audio Ozone\Install\ozinst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-08-01 13:18:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 16:17:14
Pre-Run: 19,232,747,520 bytes free
Post-Run: 19,071,164,416 bytes free
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:28 PM, on 01/08/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\snauss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dellnet.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10C0A1A1-32AB-45E4-9DFF-A8615C6ADFED} - C:\WINDOWS\System32\iifdaaWp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {0c6e04ed-6f24-6b6a-4fd4-d664b87d87be} - {eb78d78b-466d-4df4-a6b6-42f6de40e6c0} - C:\WINDOWS\System32\eohvao.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [b89746b6] rundll32.exe "C:\WINDOWS\System32\ctmxtpyl.dll",b
O4 - HKLM\..\Run: [BMbba4752a] Rundll32.exe "C:\WINDOWS\System32\nlyipnry.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4241563335O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.ofoto.com/downloads/BUM/BUM_ ... ofupld.cabO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) -
http://prod1.centra.com/SiteRoots/main/ ... loader.cabO16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://walmart.pnimedia.com/upload/acti ... 0.0.10.cab?
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: owiyik.dll eohvao.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 10007 bytes
215
HIJACKTHIS LOG