Mike
Logfile of HijackThis v1.99.1
Scan saved at 4:57:56 PM, on 5/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINDOWS\System32\cufmyo\euuofbm.exe
C:\WINDOWS\System32\xhvvmpv\kkyumfc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\BLEHSIGN\sizespamseek.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\Qexyfkt\Erllkl.exe
C:\WINDOWS\System32\ivpnmz.exe
C:\WINDOWS\System32\scrsvc.exe
C:\WINDOWS\system32\msgm32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\WINDOWS\System32\wknky\ikrph.exe
C:\WINDOWS\System32\jvtclcn\lxskf.exe
C:\WINDOWS\System32\hleokaqi\bphc.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\System32\yiarby\quxi.exe
C:\WINDOWS\System32\ufcqrlx\rrfys.exe
C:\WINDOWS\System32\pddchqk\efsporxu.exe
C:\WINDOWS\System32\mjena\kwrm.exe
C:\WINDOWS\System32\eoipxho\xciqivkg.exe
C:\WINDOWS\System32\omjolexe\ewkqtu.exe
C:\WINDOWS\System32\icjh\hugkddi.exe
C:\WINDOWS\System32\xvmjmogp\hbxghue.exe
C:\WINDOWS\System32\girs\kefvmq.exe
C:\WINDOWS\System32\xykekjhn\clxcfqil.exe
C:\WINDOWS\System32\oxnpa\xhdbx.exe
C:\WINDOWS\System32\hunus\swqo.exe
C:\WINDOWS\System32\ojtmcbrq\vlhr.exe
C:\WINDOWS\System32\ugxxu\abcyksxb.exe
C:\WINDOWS\System32\iwutabvo\ouuuurh.exe
C:\WINDOWS\System32\qxuhl\fhdbxlhu.exe
C:\WINDOWS\System32\hvbm\ygpa.exe
C:\WINDOWS\System32\nkipqae\qklukmgk.exe
C:\WINDOWS\system\krxf.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\System32\gyhxprxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
c:\windows\system32\xhaqhmp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\netun.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gpoav.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Class - {538EEB8F-48F3-4823-CA19-09ED9EFBD83E} - C:\WINDOWS\iebr.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [WinFavorites] c:\program files\winfavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\qiidre.exe
O4 - HKLM\..\Run: [THIS SETTINGS] C:\PROGRA~1\BLEHSIGN\sizespamseek.exe
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKLM\..\Run: [ if (window.onload != SafeOnl] c:\WINDOWS\System32\ if (window.onload != SafeOnload)
O4 - HKLM\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload;
O4 - HKLM\..\Run: [ window.onload ] c:\WINDOWS\System32\ window.onload = f;
O4 - HKLM\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i]();
O4 - HKLM\..\Run: [ var checknum = parseInt(num] c:\WINDOWS\System32\ var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKLM\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [ window.focu] c:\WINDOWS\System32\ window.focus();
O4 - HKLM\..\Run: [ var shouldShow = this.frequency !] c:\WINDOWS\System32\ var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [ end = allCookies.len] c:\WINDOWS\System32\ end = allCookies.length;
O4 - HKLM\..\Run: [ if (isInt(freqS] c:\WINDOWS\System32\ if (isInt(freqStr))
O4 - HKLM\..\Run: [ this.frequenc] c:\WINDOWS\System32\ this.frequency--;
O4 - HKLM\..\Run: [ shouldShow = fa] c:\WINDOWS\System32\ shouldShow = false;
O4 - HKLM\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [ this.height = hei] c:\WINDOWS\System32\ this.height = height;
O4 - HKLM\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [ this.showDelay = 2] c:\WINDOWS\System32\ this.showDelay = 2000;
O4 - HKLM\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\ this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [ this.toolbar= fa] c:\WINDOWS\System32\ this.toolbar= false;
O4 - HKLM\..\Run: [ this.resizable = fa] c:\WINDOWS\System32\ this.resizable = false;
O4 - HKLM\..\Run: [ this.menubar = fa] c:\WINDOWS\System32\ this.menubar = false;
O4 - HKLM\..\Run: [ this.Init = PUW_I] c:\WINDOWS\System32\ this.Init = PUW_Init;
O4 - HKLM\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [ gPopupWindow.Ini] c:\WINDOWS\System32\ gPopupWindow.Init();
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [<h] c:\WINDOWS\System32\<Head>
O4 - HKLM\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKLM\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINDOWS\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKLM\..\Run: [var d=docum] c:\WINDOWS\System32\var d=document;
O4 - HKLM\..\Run: [if(!NN] c:\WINDOWS\System32\if(!NN4) {
O4 - HKLM\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKLM\..\Run: [</scr] c:\WINDOWS\System32\</script>
O4 - HKLM\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKLM\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKLM\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);
O4 - HKLM\..\Run: [var expire = new Dat] c:\WINDOWS\System32\var expire = new Date();
O4 - HKLM\..\Run: [expire.setTime(today.getTime() + 1000 * 60 * 60 * 24 * 3] c:\WINDOWS\System32\expire.setTime(today.getTime() + 1000 * 60 * 60 * 24 * 365);
O4 - HKLM\..\Run: [offset = document.cookie.indexOf(search) ] c:\WINDOWS\System32\offset = document.cookie.indexOf(search)
O4 - HKLM\..\Run: [offset += search.leng] c:\WINDOWS\System32\offset += search.length;
O4 - HKLM\..\Run: [// set index of end of cookie value ] c:\WINDOWS\System32\// set index of end of cookie value
O4 - HKLM\..\Run: [end = document.cookie.length ] c:\WINDOWS\System32\end = document.cookie.length
O4 - HKLM\..\Run: [}] c:\WINDOWS\System32\}
O4 - HKLM\..\Run: [var cookieExist = getCookie(strCookieNa] c:\WINDOWS\System32\var cookieExist = getCookie(strCookieName);
O4 - HKLM\..\Run: [document.frmSearch.KeyWords.focu] c:\WINDOWS\System32\document.frmSearch.KeyWords.focus();
O4 - HKLM\..\Run: [function exittraff] c:\WINDOWS\System32\function exittraffic()
O4 - HKLM\..\Run: [mhppop(); //makeusyourhomepage] c:\WINDOWS\System32\mhppop(); //makeusyourhomepage pop
O4 - HKLM\..\Run: [var pos_top = (screen.height) + 1; // window is 1 pixel below the bottom of sc] c:\WINDOWS\System32\var pos_top = (screen.height) + 1; // window is 1 pixel below the bottom of screen
O4 - HKLM\..\Run: [ Sea] c:\WINDOWS\System32\ Search:
O4 - HKLM\..\Run: [ else {c=screen.pixelDe] c:\WINDOWS\System32\ else {c=screen.pixelDepth}
O4 - HKLM\..\Run: [ NS2] c:\WINDOWS\System32\ NS2Ch=0
O4 - HKLM\..\Run: [s=screen.width;v=navigator.app] c:\WINDOWS\System32\s=screen.width;v=navigator.appName
O4 - HKLM\..\Run: [j=navigator.javaEnabl] c:\WINDOWS\System32\j=navigator.javaEnabled()
O4 - HKLM\..\Run: [if (NS2Ch == ] c:\WINDOWS\System32\if (NS2Ch == 0) {
O4 - HKLM\..\Run: [eA0HXAUx] C:\PROGRA~1\rvrtxr\uxvuwu.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Ytfjgal] C:\Program Files\Qexyfkt\Erllkl.exe
O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\System32\pacis.exe
O4 - HKLM\..\Run: [aiat] C:\WINDOWS\System32\rmjwq\aiat.exe
O4 - HKLM\..\Run: [cgeap] C:\WINDOWS\System32\epfc\cgeap.exe
O4 - HKLM\..\Run: [xglshwp] C:\WINDOWS\System32\egtvms\xglshwp.exe
O4 - HKLM\..\Run: [hshnin] C:\DOCUME~1\Owner\LOCALS~1\Temp\kdfkqs.exe
O4 - HKLM\..\Run: [gnjap] C:\WINDOWS\System32\jnvnbgm\gnjap.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [AutoLoader3FwG1OWgKZaU] "C:\WINDOWS\System32\shlppdll.exe"
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteuzw32.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\ivpnmz.exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [msgm32.exe] C:\WINDOWS\system32\msgm32.exe
O4 - HKLM\..\Run: [basuo] C:\WINDOWS\System32\pmywha\basuo.exe
O4 - HKLM\..\Run: [fockh] C:\WINDOWS\System32\cbmet\fockh.exe
O4 - HKLM\..\Run: [oqvhuc] C:\WINDOWS\System32\oqleuyht\oqvhuc.exe
O4 - HKLM\..\Run: [iwdj] C:\WINDOWS\System32\vsxka\iwdj.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nhyxjaij] C:\WINDOWS\System32\nghxaki\nhyxjaij.exe
O4 - HKLM\..\Run: [mhthgd] C:\WINDOWS\System32\knpp\mhthgd.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [SkyH2] C:\DOCUME~1\Owner\LOCALS~1\Temp\hsjjydx.exe
O4 - HKLM\..\Run: [ikrph] C:\WINDOWS\System32\wknky\ikrph.exe
O4 - HKLM\..\Run: [pupe] C:\WINDOWS\System32\ryiqupvj\pupe.exe
O4 - HKLM\..\Run: [yyaxgmh] C:\WINDOWS\System32\fjje\yyaxgmh.exe
O4 - HKLM\..\Run: [fydee] C:\WINDOWS\System32\mokewqej\fydee.exe
O4 - HKLM\..\Run: [lecbg] C:\WINDOWS\System32\unobi\lecbg.exe
O4 - HKLM\..\Run: [bphc] C:\WINDOWS\System32\hleokaqi\bphc.exe
O4 - HKLM\..\Run: [mihg] C:\WINDOWS\System32\oxvj\mihg.exe
O4 - HKLM\..\Run: [qmaknd] C:\WINDOWS\System32\dlpkf\qmaknd.exe
O4 - HKLM\..\Run: [sjuadsi] C:\WINDOWS\System32\littnik\sjuadsi.exe
O4 - HKLM\..\Run: [ihojjxce] C:\WINDOWS\System32\jlsiq\ihojjxce.exe
O4 - HKLM\..\Run: [qmmcw] C:\WINDOWS\System32\bbsgmgq\qmmcw.exe
O4 - HKLM\..\Run: [vgltjeme] c:\windows\system32\vgltjeme.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [suvoacns] C:\WINDOWS\System32\sftuej\suvoacns.exe
O4 - HKLM\..\Run: [tmsdbf] C:\WINDOWS\System32\ckevux\tmsdbf.exe
O4 - HKLM\..\Run: [updimqc] C:\WINDOWS\System32\ytjggmcp\updimqc.exe
O4 - HKLM\..\Run: [fjbutm] C:\WINDOWS\System32\bajwlanx\fjbutm.exe
O4 - HKLM\..\Run: [scyienvw] C:\WINDOWS\System32\hxvora\scyienvw.exe
O4 - HKLM\..\Run: [rrfys] C:\WINDOWS\System32\ufcqrlx\rrfys.exe
O4 - HKLM\..\Run: [efsporxu] C:\WINDOWS\System32\pddchqk\efsporxu.exe
O4 - HKLM\..\Run: [kwrm] C:\WINDOWS\System32\mjena\kwrm.exe
O4 - HKLM\..\Run: [xciqivkg] C:\WINDOWS\System32\eoipxho\xciqivkg.exe
O4 - HKLM\..\Run: [ycwkbl] C:\WINDOWS\System32\brvpieg\ycwkbl.exe
O4 - HKLM\..\Run: [vburf] C:\WINDOWS\System32\ghttvrl\vburf.exe
O4 - HKLM\..\Run: [qapty] C:\WINDOWS\System32\hiahu\qapty.exe
O4 - HKLM\..\Run: [vdmo] C:\WINDOWS\System32\inbn\vdmo.exe
O4 - HKLM\..\Run: [swmc] C:\WINDOWS\System32\bqtg\swmc.exe
O4 - HKLM\..\Run: [vemhon] C:\WINDOWS\System32\fvwnrh\vemhon.exe
O4 - HKLM\..\Run: [hugkddi] C:\WINDOWS\System32\icjh\hugkddi.exe
O4 - HKLM\..\Run: [hbxghue] C:\WINDOWS\System32\xvmjmogp\hbxghue.exe
O4 - HKLM\..\Run: [kefvmq] C:\WINDOWS\System32\girs\kefvmq.exe
O4 - HKLM\..\Run: [clxcfqil] C:\WINDOWS\System32\xykekjhn\clxcfqil.exe
O4 - HKLM\..\Run: [xhdbx] C:\WINDOWS\System32\oxnpa\xhdbx.exe
O4 - HKLM\..\Run: [swqo] C:\WINDOWS\System32\hunus\swqo.exe
O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKLM\..\Run: [rfacgyn] C:\WINDOWS\System32\dcanmapm\rfacgyn.exe
O4 - HKLM\..\Run: [pisgn] C:\WINDOWS\System32\egrmglfb\pisgn.exe
O4 - HKLM\..\Run: [abcyksxb] C:\WINDOWS\System32\ugxxu\abcyksxb.exe
O4 - HKLM\..\Run: [ouuuurh] C:\WINDOWS\System32\iwutabvo\ouuuurh.exe
O4 - HKLM\..\Run: [fhdbxlhu] C:\WINDOWS\System32\qxuhl\fhdbxlhu.exe
O4 - HKLM\..\Run: [ygpa] C:\WINDOWS\System32\hvbm\ygpa.exe
O4 - HKLM\..\Run: [sxvwkt] C:\WINDOWS\System32\rgcmlusq\sxvwkt.exe
O4 - HKLM\..\Run: [qklukmgk] C:\WINDOWS\System32\nkipqae\qklukmgk.exe
O4 - HKLM\..\Run: [kkyumfc] C:\WINDOWS\System32\xhvvmpv\kkyumfc.exe
O4 - HKLM\..\Run: [euuofbm] C:\WINDOWS\System32\cufmyo\euuofbm.exe
O4 - HKLM\..\Run: [quxi] C:\WINDOWS\System32\yiarby\quxi.exe
O4 - HKLM\..\Run: [lxskf] C:\WINDOWS\System32\jvtclcn\lxskf.exe
O4 - HKLM\..\Run: [vlhr] C:\WINDOWS\System32\ojtmcbrq\vlhr.exe
O4 - HKLM\..\Run: [eyjct] C:\WINDOWS\System32\jqatps\eyjct.exe
O4 - HKLM\..\Run: [ewkqtu] C:\WINDOWS\System32\omjolexe\ewkqtu.exe
O4 - HKLM\..\Run: [oxkfnam] c:\windows\system32\xhaqhmp.exe
O4 - HKLM\..\RunOnce: [winoi.exe] C:\WINDOWS\system32\winoi.exe
O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKCU\..\Run: [ IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\ IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [ if (IEmac && IE4) // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\ if (IEmac && IE4) // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [ gSafeOnload[gSafeOnload.length] ] c:\WINDOWS\System32\ gSafeOnload[gSafeOnload.length] = f;
O4 - HKCU\..\Run: [ if (window.onload != SafeOnl] c:\WINDOWS\System32\ if (window.onload != SafeOnload)
O4 - HKCU\..\Run: [ window.onload = SafeOnl] c:\WINDOWS\System32\ window.onload = SafeOnload;
O4 - HKCU\..\Run: [ window.onload ] c:\WINDOWS\System32\ window.onload = f;
O4 - HKCU\..\Run: [ gSafeOnload[i] c:\WINDOWS\System32\ gSafeOnload[i]();
O4 - HKCU\..\Run: [ var checknum = parseInt(num] c:\WINDOWS\System32\ var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKCU\..\Run: [ var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\ var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [ window.focu] c:\WINDOWS\System32\ window.focus();
O4 - HKCU\..\Run: [ var shouldShow = this.frequency !] c:\WINDOWS\System32\ var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [ end = allCookies.len] c:\WINDOWS\System32\ end = allCookies.length;
O4 - HKCU\..\Run: [ if (isInt(freqS] c:\WINDOWS\System32\ if (isInt(freqStr))
O4 - HKCU\..\Run: [ this.frequenc] c:\WINDOWS\System32\ this.frequency--;
O4 - HKCU\..\Run: [ shouldShow = fa] c:\WINDOWS\System32\ shouldShow = false;
O4 - HKCU\..\Run: [ exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\ exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [ this.height = hei] c:\WINDOWS\System32\ this.height = height;
O4 - HKCU\..\Run: [ this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\ this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [ this.showDelay = 2] c:\WINDOWS\System32\ this.showDelay = 2000;
O4 - HKCU\..\Run: [ this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\ this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [ this.toolbar= fa] c:\WINDOWS\System32\ this.toolbar= false;
O4 - HKCU\..\Run: [ this.resizable = fa] c:\WINDOWS\System32\ this.resizable = false;
O4 - HKCU\..\Run: [ this.menubar = fa] c:\WINDOWS\System32\ this.menubar = false;
O4 - HKCU\..\Run: [ this.Init = PUW_I] c:\WINDOWS\System32\ this.Init = PUW_Init;
O4 - HKCU\..\Run: [ this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\ this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [ gPopupWindow.Ini] c:\WINDOWS\System32\ gPopupWindow.Init();
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [<h] c:\WINDOWS\System32\<Head>
O4 - HKCU\..\Run: [</h] c:\WINDOWS\System32\</html>
O4 - HKCU\..\Run: [<META HTTP-EQUIV="Pragma" CONTENT="no-cac] c:\WINDOWS\System32\<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
O4 - HKCU\..\Run: [var d=docum] c:\WINDOWS\System32\var d=document;
O4 - HKCU\..\Run: [if(!NN] c:\WINDOWS\System32\if(!NN4) {
O4 - HKCU\..\Run: [} el] c:\WINDOWS\System32\} else {
O4 - HKCU\..\Run: [</scr] c:\WINDOWS\System32\</script>
O4 - HKCU\..\Run: [</b] c:\WINDOWS\System32\</body>
O4 - HKCU\..\Run: [var strT] c:\WINDOWS\System32\var strTemp;
O4 - HKCU\..\Run: [ top.location.replace(strTe] c:\WINDOWS\System32\ top.location.replace(strTemp);
O4 - HKCU\..\Run: [var expire = new Dat] c:\WINDOWS\System32\var expire = new Date();
O4 - HKCU\..\Run: [expire.setTime(today.getTime() + 1000 * 60 * 60 * 24 * 3] c:\WINDOWS\System32\expire.setTime(today.getTime() + 1000 * 60 * 60 * 24 * 365);
O4 - HKCU\..\Run: [offset = document.cookie.indexOf(search) ] c:\WINDOWS\System32\offset = document.cookie.indexOf(search)
O4 - HKCU\..\Run: [offset += search.leng] c:\WINDOWS\System32\offset += search.length;
O4 - HKCU\..\Run: [// set index of end of cookie value ] c:\WINDOWS\System32\// set index of end of cookie value
O4 - HKCU\..\Run: [end = document.cookie.length ] c:\WINDOWS\System32\end = document.cookie.length
O4 - HKCU\..\Run: [}] c:\WINDOWS\System32\}
O4 - HKCU\..\Run: [var cookieExist = getCookie(strCookieNa] c:\WINDOWS\System32\var cookieExist = getCookie(strCookieName);
O4 - HKCU\..\Run: [document.frmSearch.KeyWords.focu] c:\WINDOWS\System32\document.frmSearch.KeyWords.focus();
O4 - HKCU\..\Run: [function exittraff] c:\WINDOWS\System32\function exittraffic()
O4 - HKCU\..\Run: [mhppop(); //makeusyourhomepage] c:\WINDOWS\System32\mhppop(); //makeusyourhomepage pop
O4 - HKCU\..\Run: [var pos_top = (screen.height) + 1; // window is 1 pixel below the bottom of sc] c:\WINDOWS\System32\var pos_top = (screen.height) + 1; // window is 1 pixel below the bottom of screen
O4 - HKCU\..\Run: [ Sea] c:\WINDOWS\System32\ Search:
O4 - HKCU\..\Run: [ else {c=screen.pixelDe] c:\WINDOWS\System32\ else {c=screen.pixelDepth}
O4 - HKCU\..\Run: [ NS2] c:\WINDOWS\System32\ NS2Ch=0
O4 - HKCU\..\Run: [s=screen.width;v=navigator.app] c:\WINDOWS\System32\s=screen.width;v=navigator.appName
O4 - HKCU\..\Run: [j=navigator.javaEnabl] c:\WINDOWS\System32\j=navigator.javaEnabled()
O4 - HKCU\..\Run: [if (NS2Ch == ] c:\WINDOWS\System32\if (NS2Ch == 0) {
O4 - HKCU\..\Run: [IBwmRQHqR] gyhxprxy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Adaware Bootup] C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\Ad-aware.exe /Auto /Log "C:\Documents and Settings\Owner\Desktop\Patrick's Utilities\Lavasoft Ad-Aware\"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b28578.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b28578.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0029.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b28578.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28578.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javacb.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: cgeapepfc - Unknown owner - C:\WINDOWS\System32\epfc\cgeap.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: euuofbmcufmyo - Unknown owner - C:\WINDOWS\System32\cufmyo\euuofbm.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: ihojjxcejlsiq - Unknown owner - C:\WINDOWS\System32\jlsiq\ihojjxce.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: kkyumfcxhvvmpv - Unknown owner - C:\WINDOWS\System32\xhvvmpv\kkyumfc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: occxuyoi - Unknown owner - C:\WINDOWS\System32\uyoi\occx.exe (file missing)
O23 - Service: oqvhucoqleuyht - Unknown owner - C:\WINDOWS\System32\oqleuyht\oqvhuc.exe
O23 - Service: ovekyvhxcffaqksm - Unknown owner - C:\WINDOWS\System32\cffaqksm\ovekyvhx.exe (file missing)
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: pisgnegrmglfb - Unknown owner - C:\WINDOWS\System32\egrmglfb\pisgn.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: qaptyhiahu - Unknown owner - C:\WINDOWS\System32\hiahu\qapty.exe
O23 - Service: qmaknddlpkf - Unknown owner - C:\WINDOWS\System32\dlpkf\qmaknd.exe
O23 - Service: rfacgyndcanmapm - Unknown owner - C:\WINDOWS\System32\dcanmapm\rfacgyn.exe
O23 - Service: scyienvwhxvora - Unknown owner - C:\WINDOWS\System32\hxvora\scyienvw.exe
O23 - Service: suvoacnssftuej - Unknown owner - C:\WINDOWS\System32\sftuej\suvoacns.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: tmsdbfckevux - Unknown owner - C:\WINDOWS\System32\ckevux\tmsdbf.exe
O23 - Service: vburfghttvrl - Unknown owner - C:\WINDOWS\System32\ghttvrl\vburf.exe
O23 - Service: vdmoinbn - Unknown owner - C:\WINDOWS\System32\inbn\vdmo.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ycwkblbrvpieg - Unknown owner - C:\WINDOWS\System32\brvpieg\ycwkbl.exe
O23 - Service: yyaxgmhfjje - Unknown owner - C:\WINDOWS\System32\fjje\yyaxgmh.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe