Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:11 PM, on 5/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\trlrm\RMHSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\WINDOWS\TEMP\tkclrj0.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe"
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Trlokom IE Toolbar - {C5AF4D9B-0B55-4BAC-9486-218EA2C6BC3E} - C:\Program Files\SpyWall\TrlIETool.dll
O4 - HKLM\..\Run: [dakubudopi] Rundll32.exe "C:\WINDOWS\system32\regizogu.dll",s
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [08254c71] rundll32.exe "C:\WINDOWS\system32\wewidilu.dll",b
O4 - HKLM\..\Run: [CPM0b167fed] Rundll32.exe "c:\windows\system32\zayitala.dll",a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\tkclrj0.exe
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\tkclrj0.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.16\AMVConverter\grab.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O20 - AppInit_DLLs: C:\WINDOWS\system32\sihosido.dll c:\windows\system32\zayitala.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zayitala.dll
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zayitala.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trlokom Central Management Helper 1.4.1 0 (trlokom_rmhsvc) - Trlokom, Inc. - C:\WINDOWS\trlrm\RMHSvc.exe
--
End of file - 5403 bytes