I have been having problems for about 1 month, I was locked out of system restore, malwarebytes, spybot and others. The computer freezes or just restarts at random. I was lock out of AVG but was able to uninstall it and restall it. The items that have moved to Virus Vault keep coming back. AVG is working for the moment but I am unable to run it or any of the other programs in safe mode.
Here is Avg scan log-
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe (1440)";"Virus identified Win32/Cryptor";""
"C:\Program Files\Internet Explorer\iexplore.exe (2556)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1192)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1260)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (2024)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (708)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (756)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (828)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (864)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (916)";"Virus identified Win32/Cryptor";""
Hijackthis log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:24 PM, on 5/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Shimri Yancey\Desktop\hijackgpthis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buttelife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com;localhost;
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!
user_pref(".aim.im.playall", true);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.screenname", "hunter");
user_pref("browser.download.dir", "C:\\Documents and Settings\\Shimri Yancey\\My Documents\\Zipped Elements\\New Folder");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.history.last_page_visited", "file:///C:/Documents%20and%20Settings/Shimri%20Yancey/My%20Documents/My%20Pictures/DSCF0834.png");
user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src");
user_pref("hunter.aim.im.playall", true);
user_pref("hunter.aim.session.autologin", true);
user_pref("hunter.aim.session.password", "0aHVudGVy");
user_pref("hunter.aim.session.storepassword", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, UTF-8");
user_pref("ldap_2.prefs_migrated", true);
use
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: adssite - {352f1042-c6a9-10ea-c541-1c8c60f3ee9f} - C:\WINDOWS\system32\nsk1EA.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {7ff7} - {53779d6b-f5e8-4f55-98e4-7802d7ec9737} - C:\WINDOWS\system32\yfbimeox.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {497bb4c4-162e-8d59-f084-b1f475c05bf8} - {8fb50c57-4f1b-480f-95d8-e2614c4bb794} - C:\WINDOWS\system32\ucgapv.dll (file missing)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {a5e876a6-7df1-4715-be03-138df71e4872} - C:\WINDOWS\system32\yobijile.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\SHIMRI~1\LOCALS~1\Temp\IE8-WindowsXP-x86-ENU.exe /passive
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [yuzonedija] Rundll32.exe "C:\WINDOWS\system32\lidepomo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yuzonedija] Rundll32.exe "C:\WINDOWS\system32\lidepomo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6AE4CC6E-999C-11D4-A3F0-009027427750} (NSAuto Class) - http://us.i1.yimg.com/us.yimg.com/i/msgr/yauto_remove.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fikeposu.dll numbdh.dll ucgapv.dll c:\windows\system32\liguzeju.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - http://www.hi5.com/friend/displayInviteImage.do?inviteId=7NINQQRINN33141941h0
O24 - Desktop Component 1: (no name) - http://rds.yahoo.com/S=96062883/K=fishing/v=2/SID=w/l=IVS/SIG=14jf42q8t/EXP=1124471229/*-http%3A//www.bay--fishing.com/img_offshore_deepsea_fishing_charters_texas_freeport/offshore_deepsea_fishing_charters_texas_4a.jpg
O24 - Desktop Component 10: (no name) - http://i1.ebayimg.com/01/i/04/ea/67/18_1_b.JPG
O24 - Desktop Component 11: (no name) - http://www.bbtoystore.com/Merchant2/yugioh/YU_SDJ001.jpg
O24 - Desktop Component 12: (no name) - http://i23.ebayimg.com/01/i/04/f2/4f/4c_2.JPG
O24 - Desktop Component 13: (no name) - http://images.auctionhelper.com/images/11890//jgame.jpg
O24 - Desktop Component 14: (no name) - http://i2.ebayimg.com/01/i/03/78/80/90_1_b.JPG
O24 - Desktop Component 15: (no name) - http://home.comcast.net/~danmarkley/aw2k/LotImg4635.jpg
O24 - Desktop Component 16: (no name) - http://i23.ebayimg.com/02/i/04/46/a8/39_1_b.JPG
O24 - Desktop Component 17: (no name) - http://i11.ebayimg.com/03/i/04/f4/20/30_1_b.JPG
O24 - Desktop Component 18: (no name) - http://i7.ebayimg.com/04/i/04/da/2f/d2_1_b.JPG
O24 - Desktop Component 19: (no name) - http://i15.ebayimg.com/01/i/03/81/90/3e_1_b.JPG
O24 - Desktop Component 2: (no name) - http://i14.ebayimg.com/03/i/04/ea/26/79_1_b.JPG
O24 - Desktop Component 3: (no name) - http://i3.ebayimg.com/03/i/04/f0/c7/c1_2.JPG
O24 - Desktop Component 4: (no name) - http://i22.ebayimg.com/04/i/04/f1/58/e9_2.JPG
O24 - Desktop Component 5: (no name) - http://i3.ebayimg.com/01/i/03/5a/ea/f5_1_b.JPG
O24 - Desktop Component 6: (no name) - http://i13.ebayimg.com/04/i/04/85/68/57_1_b.JPG
O24 - Desktop Component 7: (no name) - http://i22.ebayimg.com/02/i/02/81/3d/43_1.JPG
O24 - Desktop Component 8: (no name) - http://i13.ebayimg.com/01/i/02/ad/a8/67_1.JPG
O24 - Desktop Component 9: (no name) - http://i5.ebayimg.com/04/i/04/9a/38/cb_2.JPG
--
End of file - 12270 bytes
Here is Avg scan log-
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACteldkdhv.dll";"Virus identified Win32/Cryptor";"Moved to Virus Vault"
"C:\Program Files\Internet Explorer\iexplore.exe (1440)";"Virus identified Win32/Cryptor";""
"C:\Program Files\Internet Explorer\iexplore.exe (2556)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1192)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (1260)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (2024)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (708)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (756)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (828)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (864)";"Virus identified Win32/Cryptor";""
"C:\WINDOWS\system32\svchost.exe (916)";"Virus identified Win32/Cryptor";""
Hijackthis log-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:24 PM, on 5/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Shimri Yancey\Desktop\hijackgpthis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buttelife.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com;localhost;
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!
user_pref(".aim.im.playall", true);
user_pref("aim.session.finishedwizard", true);
user_pref("aim.session.firsttime", false);
user_pref("aim.session.screenname", "hunter");
user_pref("browser.download.dir", "C:\\Documents and Settings\\Shimri Yancey\\My Documents\\Zipped Elements\\New Folder");
user_pref("browser.download.progressDnldDialog.keepAlive", false);
user_pref("browser.history.last_page_visited", "file:///C:/Documents%20and%20Settings/Shimri%20Yancey/My%20Documents/My%20Pictures/DSCF0834.png");
user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCA%7E1%5Csearchplugins%5CSBWeb_01.src");
user_pref("hunter.aim.im.playall", true);
user_pref("hunter.aim.session.autologin", true);
user_pref("hunter.aim.session.password", "0aHVudGVy");
user_pref("hunter.aim.session.storepassword", true);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, UTF-8");
user_pref("ldap_2.prefs_migrated", true);
use
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: adssite - {352f1042-c6a9-10ea-c541-1c8c60f3ee9f} - C:\WINDOWS\system32\nsk1EA.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {7ff7} - {53779d6b-f5e8-4f55-98e4-7802d7ec9737} - C:\WINDOWS\system32\yfbimeox.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {497bb4c4-162e-8d59-f084-b1f475c05bf8} - {8fb50c57-4f1b-480f-95d8-e2614c4bb794} - C:\WINDOWS\system32\ucgapv.dll (file missing)
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: (no name) - {9C8A568E-4201-478a-8536-526CF371D2E2} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {a5e876a6-7df1-4715-be03-138df71e4872} - C:\WINDOWS\system32\yobijile.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: BHO - {ABD45510-9B22-41cd-9ACD-8182A2DA7C63} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com NetAssistant\NetAssistant.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {1028F737-81E7-452B-A860-E50CAD90A08C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes
O4 - HKLM\..\RunOnce: [Installing-ie8] C:\DOCUME~1\SHIMRI~1\LOCALS~1\Temp\IE8-WindowsXP-x86-ENU.exe /passive
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [yuzonedija] Rundll32.exe "C:\WINDOWS\system32\lidepomo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yuzonedija] Rundll32.exe "C:\WINDOWS\system32\lidepomo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6AE4CC6E-999C-11D4-A3F0-009027427750} (NSAuto Class) - http://us.i1.yimg.com/us.yimg.com/i/msgr/yauto_remove.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fikeposu.dll numbdh.dll ucgapv.dll c:\windows\system32\liguzeju.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - http://www.hi5.com/friend/displayInviteImage.do?inviteId=7NINQQRINN33141941h0
O24 - Desktop Component 1: (no name) - http://rds.yahoo.com/S=96062883/K=fishing/v=2/SID=w/l=IVS/SIG=14jf42q8t/EXP=1124471229/*-http%3A//www.bay--fishing.com/img_offshore_deepsea_fishing_charters_texas_freeport/offshore_deepsea_fishing_charters_texas_4a.jpg
O24 - Desktop Component 10: (no name) - http://i1.ebayimg.com/01/i/04/ea/67/18_1_b.JPG
O24 - Desktop Component 11: (no name) - http://www.bbtoystore.com/Merchant2/yugioh/YU_SDJ001.jpg
O24 - Desktop Component 12: (no name) - http://i23.ebayimg.com/01/i/04/f2/4f/4c_2.JPG
O24 - Desktop Component 13: (no name) - http://images.auctionhelper.com/images/11890//jgame.jpg
O24 - Desktop Component 14: (no name) - http://i2.ebayimg.com/01/i/03/78/80/90_1_b.JPG
O24 - Desktop Component 15: (no name) - http://home.comcast.net/~danmarkley/aw2k/LotImg4635.jpg
O24 - Desktop Component 16: (no name) - http://i23.ebayimg.com/02/i/04/46/a8/39_1_b.JPG
O24 - Desktop Component 17: (no name) - http://i11.ebayimg.com/03/i/04/f4/20/30_1_b.JPG
O24 - Desktop Component 18: (no name) - http://i7.ebayimg.com/04/i/04/da/2f/d2_1_b.JPG
O24 - Desktop Component 19: (no name) - http://i15.ebayimg.com/01/i/03/81/90/3e_1_b.JPG
O24 - Desktop Component 2: (no name) - http://i14.ebayimg.com/03/i/04/ea/26/79_1_b.JPG
O24 - Desktop Component 3: (no name) - http://i3.ebayimg.com/03/i/04/f0/c7/c1_2.JPG
O24 - Desktop Component 4: (no name) - http://i22.ebayimg.com/04/i/04/f1/58/e9_2.JPG
O24 - Desktop Component 5: (no name) - http://i3.ebayimg.com/01/i/03/5a/ea/f5_1_b.JPG
O24 - Desktop Component 6: (no name) - http://i13.ebayimg.com/04/i/04/85/68/57_1_b.JPG
O24 - Desktop Component 7: (no name) - http://i22.ebayimg.com/02/i/02/81/3d/43_1.JPG
O24 - Desktop Component 8: (no name) - http://i13.ebayimg.com/01/i/02/ad/a8/67_1.JPG
O24 - Desktop Component 9: (no name) - http://i5.ebayimg.com/04/i/04/9a/38/cb_2.JPG
--
End of file - 12270 bytes