Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:15:17 PM, on 5/24/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\remo\My Documents\killemall.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O2 - BHO: (no name) - {1581909B-1C30-496A-B4A9-BA792FB51B8A} - C:\WINDOWS\System32\gebcb.dll
O2 - BHO: C:\WINDOWS\System32\gsjeie83df.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\gsjeie83df.dll (file missing)
O2 - BHO: (no name) - {970D022E-A884-4D2A-BB4A-EBC22D2FEBD2} - C:\WINDOWS\system32\hgggedb.dll
O2 - BHO: Hook Class - {DBA0F35F-BCD6-4602-863A-96893E4DE018} - C:\WINDOWS\System32\repl.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\ehmdjvsf.dll",realset
O4 - HKLM\..\Run: [RunOnce2Upd] "C:\WINDOWS\System32\KB_963493.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msrr.exe" /background
O4 - HKCU\..\Run: [Pxwgt] "C:\Program Files\Common Files\?dobe\?ttrib.exe"
O4 - HKCU\..\Run: [A00F5427A5D.exe] C:\DOCUME~1\remo\LOCALS~1\Temp\_A00F5427A5D.exe
O4 - HKCU\..\Run: [A00F5427B18.exe] C:\DOCUME~1\remo\LOCALS~1\Temp\_A00F5427B18.exe
O4 - HKCU\..\Run: [A00F5429C2D.exe] C:\DOCUME~1\remo\LOCALS~1\Temp\_A00F5429C2D.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Policies\Explorer\Run: [{D4B38262-0961-1033-0223-040303230001}] "C:\Program Files\Common Files\{D4B38262-0961-1033-0223-040303230001}\Update.exe" mc-110-12-0000627
O4 - HKCU\..\Policies\Explorer\Run: [{D4B38262-0960-1033-0223-040303230001}] "C:\Program Files\Common Files\{D4B38262-0960-1033-0223-040303230001}\Update.exe" mc-110-12-0000627
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{D4B38262-0960-1033-0223-040303230001}] "C:\Program Files\Common Files\{D4B38262-0960-1033-0223-040303230001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{D4B38262-0961-1033-0223-040303230001}] "C:\Program Files\Common Files\{D4B38262-0961-1033-0223-040303230001}\Update.exe" mc-110-12-0000627 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{D4B38262-0960-1033-0223-040303230001}] "C:\Program Files\Common Files\{D4B38262-0960-1033-0223-040303230001}\Update.exe" mc-110-12-0000627 (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: gebcb - C:\WINDOWS\System32\gebcb.dll
O20 - Winlogon Notify: hgggedb - C:\WINDOWS\SYSTEM32\hgggedb.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\System32\ssqrq.dll (file missing)
O20 - Winlogon Notify: __c0011A64 - C:\WINDOWS\System32\__c0011A64.dat
O20 - Winlogon Notify: __c005E521 - C:\WINDOWS\System32\__c005E521.dat
O20 - Winlogon Notify: __c00C9F90 - C:\WINDOWS\System32\__c00C9F90.dat
O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\zvqhx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Fdjskie8 jf8e - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\gsjeie83df.dll (file missing)
O22 - SharedTaskScheduler: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\zvqhx.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6367 bytes
------
please help, someone?