Scan saved at 9:52:23 AM, on 3/14/2009
Platform: Unknown Windows (WinNT 6.01.2904)
MSIE: Internet Explorer v8.00 (8.00.7000.0000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Users\Jefferson\Downloads\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com/default.aspx?wa=wsignin1.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager
\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit
9\SnagitBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\Windows\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit
9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe -s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [zqs5sb2ibj8e03lyhlqx4sw1wxgdo5] C:\Users\JEFFER~1\AppData\Local\Temp\qgxqhy8b8i1t.exe
O4 - HKCU\..\Run: [ho7ct795x] C:\Users\JEFFER~1\AppData\Local\Temp\oyuvhvvpzp755.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\Users\Jefferson\AppData\Local\Temp\winlognn.exe
O4 - HKCU\..\Run: [a5jx8vtuei9c2dxy33x49poxui2wbnul40ly] C:\Users\JEFFER~1\AppData\Local\Temp\p655i5wva.exe
O4 - HKCU\..\Run: [vnyqokwwdjb1pmwmub87vko0tvlbutyrprwuv] C:\Users\JEFFER~1\AppData\Local\Temp\r2ktu5gk.exe
O4 - HKCU\..\Run: [l44o588rdxyb] C:\Users\JEFFER~1\AppData\Local\Temp\haika2f.exe
O4 - HKCU\..\Run: [ys68s1w4j1yz23d3i1] C:\Users\JEFFER~1\AppData\Local\Temp\uaqone.exe
O4 - HKCU\..\Run: [s4urojmtgbhuu4] C:\Users\JEFFER~1\AppData\Local\Temp\sbdasnc6pn.exe
O4 - HKCU\..\Run: [ey53n151vvs98geh1lkkclgqsxp4m04cbkn8k] C:\Users\JEFFER~1\AppData\Local\Temp\z9sr64mxt2.exe
O4 - HKCU\..\Run: [rn1zuab2a6zuesma0bminqxbld6ic0] C:\Users\JEFFER~1\AppData\Local\Temp\x7sf4ndv5.exe
O4 - HKCU\..\Run: [cmva6qt4zlj5a6y] C:\Users\JEFFER~1\AppData\Local\Temp\e57fi465s.exe
O4 - HKCU\..\Run: [ibryh4efv4] C:\Users\JEFFER~1\AppData\Local\Temp\lrbfe4tii.exe
O4 - HKCU\..\Run: [rui8kp1atqt6h845] C:\Users\JEFFER~1\AppData\Local\Temp\ijx4p9ly.exe
O4 - HKCU\..\Run: [jkuk10wc55] C:\Users\JEFFER~1\AppData\Local\Temp\tyg6qklw900z.exe
O4 - HKCU\..\Run: [qgcgdlbch5v6ynqt] C:\Users\JEFFER~1\AppData\Local\Temp\c8iaqstmaj.exe
O4 - HKCU\..\Run: [a0tl7p99gs45c3cjuvh4j3skq5zy8lzde32vify8] C:\Users\JEFFER~1\AppData\Local\Temp\ul6b6gkdtd.exe
O4 - HKCU\..\Run: [cqx1vcll0r13igq59d93eoquvqeoxfttr79] C:\Users\JEFFER~1\AppData\Local\Temp\w1du3ba.exe
O4 - HKCU\..\Run: [y8kmyuz9qkjgclze57b7sn002fx05wt618w19vt1g6] C:\Users\JEFFER~1\AppData\Local\Temp\k8wxzj0.exe
O4 - HKCU\..\Run: [sxod2evga3vhkm8pyh9xari1so] C:\Users\JEFFER~1\AppData\Local\Temp\ojai2fia.exe
O4 - HKCU\..\Run: [fios1j0mdzr5xfdr1xtcr3trpsfb2ce4kfnjr] C:\Users\JEFFER~1\AppData\Local\Temp\oyaogga4s.exe
O4 - HKCU\..\Run: [i9d0q6idff4688] C:\Users\JEFFER~1\AppData\Local\Temp\qbty1u.exe
O4 - HKCU\..\Run: [zzmtw078pjyxfaj20yohsfr84elt05an1yprw0im171] C:\Users\JEFFER~1\AppData\Local\Temp\zr8lrrii29.exe
O4 - HKCU\..\Run: [usdrl5ecfginzs3ujlfhawb2nh0m2wt651keyrn9kvdpo] C:\Users\JEFFER~1\AppData\Local\Temp
\fldzsdiskmw8x.exe
O4 - HKCU\..\Run: [dar7k32sklc48pmj09rb7lcmaw1swo78a4o] C:\Users\JEFFER~1\AppData\Local\Temp\gxzphfu0w.exe
O4 - HKCU\..\Run: [zgaw50r1va5poal5pp2xsblkn312bgak2f2hbmgnawp3] C:\Users\JEFFER~1\AppData\Local\Temp
\npr5lw674lbkx.exe
O4 - HKCU\..\Run: [ecbw5ys4t4is6nsa72h3o486lo14mi3twn46l] C:\Users\JEFFER~1\AppData\Local\Temp\xfskq4bc0.exe
O4 - HKCU\..\Run: [vpnb0ey6pdg05jx3ffi6ta24yh98pl025] C:\Users\JEFFER~1\AppData\Local\Temp\pgv875tchotq.exe
O4 - HKCU\..\Run: [fnwfirqv7v8g7ui6xmkg2jac59401imn07vsdqmj28juj1h7ct] C:\Users\JEFFER~1\AppData\Local\Temp
\wnfto2f4b.exe
O4 - HKCU\..\Run: [f8si90v9amxe26] C:\Users\JEFFER~1\AppData\Local\Temp\c08czy55z35.exe
O4 - HKCU\..\Run: [bt1hntwahx4bhck7uouf43xw] C:\Users\JEFFER~1\AppData\Local\Temp\acu2ojh.exe
O4 - HKCU\..\Run: [tickl50kc] C:\Users\JEFFER~1\AppData\Local\Temp\yxod97.exe
O4 - HKCU\..\Run: [pddgydq5to7orrgag027r08sawgjckfc89vvl77rvdo2b8j] C:\Users\JEFFER~1\AppData\Local\Temp
\in8h9433c2z.exe
O4 - HKCU\..\Run: [ywu457ntjaywxm7mcpsgabsi292sujiuix] C:\Users\JEFFER~1\AppData\Local\Temp\r2l1h3l2em6.exe
O4 - HKCU\..\Run: [q5yos6ouf6cjexl4krp8s5fiv] C:\Users\JEFFER~1\AppData\Local\Temp\opbuifj.exe
O4 - HKCU\..\Run: [ib8aamofoayhvw5gb61f33tn3mv] C:\Users\JEFFER~1\AppData\Local\Temp\wo4lfbmc.exe
O4 - HKCU\..\Run: [zqg4p9ewnpvk7713k8ak8mcpghqzcbn9q] C:\Users\JEFFER~1\AppData\Local\Temp\x0qs4wfkg6oa.exe
O4 - HKCU\..\Run: [l8i3u6nviy9nplzgg9a4hd5vd2sczep86mux5pbi7nuk798eu] C:\Users\JEFFER~1\AppData\Local\Temp
\scskhbzr.exe
O4 - HKCU\..\Run: [zcdvpr7ney1kb] C:\Users\JEFFER~1\AppData\Local\Temp\qej7hxui.exe
O4 - HKCU\..\Run: [xma6kuqiaw4f9goa9nv4jlxon0s5dlg5259ykdn0frdqaj] C:\Users\JEFFER~1\AppData\Local\Temp
\bvmtu67eq7div.exe
O4 - HKCU\..\Run: [ruxy74lr1m2y1znskwd3uli54mggjajioipc7a7c9m937k2iwm] C:\Users\JEFFER~1\AppData\Local\Temp
\leuxqihc69hm.exe
O4 - HKCU\..\Run: [jru6nzgzz3jaxw9k1t4kz7x7yarsbyxzqrju1r] C:\Users\JEFFER~1\AppData\Local\Temp\eg6yuk4k.exe
O4 - HKCU\..\Run: [hx16n5c4mh5q3fuw] C:\Users\JEFFER~1\AppData\Local\Temp\i5iz7zhf2q.exe
O4 - HKCU\..\Run: [mvmbt0qbzjc5iaw8esxygms9trlodn63qje8yof5m9] C:\Users\JEFFER~1\AppData\Local\Temp\hvd1gzx41.exe
O4 - HKCU\..\Run: [o0jkbcmmzbagcsoy5mnocgdlx1nowyd9q2d6v4xo] C:\Users\JEFFER~1\AppData\Local\Temp\ttk237omo8.exe
O4 - HKCU\..\Run: [eg2f08op0okhfvj8] C:\Users\JEFFER~1\AppData\Local\Temp\bxd142xv5e.exe
O4 - HKCU\..\Run: [f9l9v2o13jnjr0w61eqoa52q8j] C:\Users\JEFFER~1\AppData\Local\Temp\pgwkaczo8wb.exe
O4 - HKCU\..\Run: [fvbryjt0epcvokc7ulkm6r] C:\Users\JEFFER~1\AppData\Local\Temp\l1f3md3aewdod.exe
O4 - HKCU\..\Run: [vfq88huax1crpj0m3l5enluz964buzafuwyuhkpa] C:\Users\JEFFER~1\AppData\Local\Temp\mbk1ud.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager
\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office
\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer
\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:
\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office
\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files
\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER
\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater
\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
--
End of file - 11434 bytes
this is my HJT log can some one check it for me?
Thanks in advance
Bunkerboy