Yea, I'm trying to dig myself out now.
Logfile of HijackThis v1.99.1
Scan saved at 15:04: VIRUS ALERT!, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\bgsvcgen.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Apache Software Foundation\Tomcat
5.5\bin\tomcat5.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\Program Files\Wireless-N PCI Adapter\WLService.exe
D:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
D:\WINDOWS\system32\ZuneBusEnum.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\Sys1.exe
C:\Windows\Sys3.exe
C:\Windows\Sys4.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\Program Files\Foxmail\Foxmail.exe
C:\Windows\Sys2.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Lavasoft\Ad-Aware SE
Professional\Ad-Aware.exe
D:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Josh\Desktop\Main\anti
virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page =
http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.167.39.116
www.audio-surf.comO2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program
Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: QXK Olive - {F96A5715-5022-4982-83E4-D051EC7DDC71}
- D:\WINDOWS\kgqfweltafd.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: nqgpedlr -
{B0DBF6AE-D8A1-47E3-9E8A-EE9D41D9BE1C} -
D:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI
Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray]
D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Zune Launcher] "D:\Program
Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus] D:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uTorrent] "D:\Program
Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program
Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Foxmail] "D:\Program
Files\Foxmail\Foxmail.exe" -min
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MultiMon Taskbar.lnk = D:\Program
Files\MMTaskbar\MultiMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions present
O7 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Syst
em, DisableRegedit=1
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program
Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program
files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - D:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{1A9E485C-8DDC-45F5-A877-5
9C9AF094EBE}: NameServer = 172.16.0.254
O17 -
HKLM\System\CCS\Services\Tcpip\..\{5AB3368A-A76D-4B41-8A5D-E
C41018AE640}: NameServer = 192.168.1.101
O20 - Winlogon Notify: igfxcui -
D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: okmdepgb -
{93F0C08A-A4A3-488F-A3D3-DA494FA12782} -
D:\WINDOWS\okmdepgb.dll
O21 - SSODL: axrfgvek -
{7A37D213-C378-41F6-B669-EDE1E01C9C53} -
D:\WINDOWS\axrfgvek.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program
Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -
D:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: B's Recorder GOLD Library General Service
(bgsvcgen) - B.H.A Corporation -
D:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision
Europe Ltd. - D:\Program Files\Common Files\Macrovision
Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - D:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner -
D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -
D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0
(experimental) (rpcapd) - Unknown owner -
%ProgramFiles%\WinPcap\rpcapd.exe" -d -f
"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScsiAccess - Unknown owner - D:\Program
Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner -
D:\Program Files\Apache Software Foundation\Tomcat
5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint
Corporation - D:\Program
Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc)
- Unknown owner - D:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WMP300NSvc - Unknown owner - D:\Program
Files\Wireless-N PCI Adapter\WLService.exe" "WMP300N.exe
(file missing)
-----
yep. good times.
