Explorer.exe CRASHES INSTANTLY =( [F]

wootwoot · 06-24-2008, 11:45 PM

Whenever I start up my computer now, after logging in (which takes a much longer time than usual), explorer.exe immediately closes itself and I get an error message. Every time I try to start it up again from task manager, it closes itself! Along with the windows explorer error message, I also get one for dwinn.exe and drwpt or something, and they close with explorer.exe. Case in point, no explorer right now >_> BUT I did manage to fix it for a limited time by running "chkdsk" and "sfc /scannow." However, after I turned the computer off, the problem resumed =(. Also, I use avast antivirus.

Hijack log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {04968BBC-F071-4A6E-8858-057B4050DDFC} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A62F7CF-43D8-4204-8DBA-28E43DA5E9D2} - C:\WINDOWS\system32\vtutr.dll (file missing)
O2 - BHO: (no name) - {2BA36A28-D068-4ADE-BB3E-A9716A99F4DE} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3303D2BE-EED8-4200-AE84-F50B70EA947D} - C:\WINDOWS\System32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {393285DF-0E70-48CB-830A-CB034112CFA0} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {453298CB-2F74-0CAD-0612-2C00CCB581C8} - C:\WINDOWS\system32\sbs.dll (file missing)
O2 - BHO: (no name) - {46669FCB-2675-5BFA-0212-2C00CCB4DD99} - C:\WINDOWS\system32\twqyw.dll (file missing)
O2 - BHO: (no name) - {4A61CD95-7475-0DFE-5312-2C00CCB48ACD} - C:\WINDOWS\system32\sxajjlh.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6299F227-38D7-4A29-961B-F45551F324C9} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: {d23fc062-b7f6-ee8b-39d4-cdc4ba4e8f36} - {63f8e4ab-4cdc-4d93-b8ee-6f7b260cf32d} - C:\WINDOWS\system32\jwugkmxs.dll
O2 - BHO: (no name) - {7FEFB16C-0D36-4488-8A9C-0DF01F2DEFE8} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {8991EFB3-9DEC-45AA-9B36-94F2325B8CC0} - C:\WINDOWS\system32\ddcAqPIC.dll
O2 - BHO: (no name) - {8B64B86B-5084-7855-FD3D-0EA2969D4A96} - C:\WINDOWS\system32\khxlvna.dll
O2 - BHO: (no name) - {8BD5DDA3-1D75-425E-9B7C-024052F82B6C} - C:\WINDOWS\system32\cbXPfFYP.dll (file missing)
O2 - BHO: (no name) - {94ADAD10-4489-487A-8F28-4AE679F55C97} - C:\WINDOWS\system32\ccki.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\igtkveww.dll (file missing)
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\System32\ljjhghe.dll (file missing)
O2 - BHO: (no name) - {B5994DF4-3D41-47F4-A2B0-66706AF5FEDD} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: (no name) - {B891CD07-AD2C-42A6-A41E-46B6B9EFD08A} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {B9853681-D064-FDEF-4493-D48F74257A98} - C:\WINDOWS\system32\ham.dll (file missing)
O2 - BHO: (no name) - {C3DF67D6-0B3C-4F5F-A3A8-9BDA9A0E448D} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {C7FEFF43-168F-4B22-8B28-4AE679F25997} - C:\WINDOWS\system32\lqg.dll (file missing)
O2 - BHO: (no name) - {DA36BB3F-07D9-7B5C-AB3D-0EA2969A49C2} - C:\WINDOWS\system32\oelbn.dll (file missing)
O2 - BHO: (no name) - {DB36EC6E-01DE-2A00-FB3D-0EA2969D4896} - C:\WINDOWS\system32\vpyv.dll
O2 - BHO: (no name) - {DC909641-2693-467F-904D-E7B410DAE315} - C:\WINDOWS\system32\opnkiIXP.dll (file missing)
O2 - BHO: (no name) - {E8843681-D035-A6EF-1993-D48F74257FC2} - C:\WINDOWS\system32\njjryf.dll (file missing)
O2 - BHO: (no name) - {E88838D6-D065-A6B7-1393-D48F74257993} - C:\WINDOWS\system32\rbj.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\System32\cbxvtrs.dll (file missing)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\iifgHBSM.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\igtkveww.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E 728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BM575e3e6c] Rundll32.exe "C:\WINDOWS\system32\uhdafkav.dll",s
O4 - HKLM\..\Run: [546d0df0] rundll32.exe "C:\WINDOWS\system32\cumhdovi.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\MYDOCU~1\MBOLS~1\msconfig.e xe" -vt ndrv
O4 - HKCU\..\Run: [Wznjihhn] "C:\Documents and Settings\Owner\Application Data\??sks\m?config.exe"
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA449D0-B0D7-4D7A-AFE7-E2A25C1CB0C2}: NameServer = 209.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dfcotxca.dll jwugkmxs.dll
O20 - Winlogon Notify: cbxvtrs - cbxvtrs.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: igtkveww - igtkveww.dll (file missing)
O20 - Winlogon Notify: iifgHBSM - C:\WINDOWS\SYSTEM32\iifgHBSM.dll
O20 - Winlogon Notify: ljjhghe - ljjhghe.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

techpro5238 · 06-25-2008, 12:00 AM

Hello wootwoot,

Your computer is heavily infected and I am not promising you it will come out alive, but I will assist you as much as I can. Before starting our fixes, we need to make sure we have the Recovery Console installed so please follow this:

(Make note to follow that part about installing the recovery console)

Download ComboFix from Here or Here to your Desktop.
Read first: "How to download and use ComboFix"
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Be sure to re-enable your anti-virus and other security programs, after ComboFix finished.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist. Please read Combofix's Disclaimer

wootwoot · 06-25-2008, 12:24 AM

Lol, I saw the word "heavily" in bold and stopped reading. Would it be better to just reformat my computer? Also, can I just use the Recovery Console on my Windows CD? I've used it before and it works.

techpro5238 · 06-25-2008, 02:41 AM

If you have a Windows CD and can use that then there is no need to install the R Console. Follow the step about downloading ComboFix, but when you have it on your desktop rename it to "Combo-Fix.exe".

Then goto Start => Run and copy/paste the following text in quotes:

"combo-fix.exe /killall"

Please then click OK and it will run ComboFix. Please post back the log it gives to you.

wootwoot · 06-25-2008, 12:33 PM

Ok, so I downloaded ComboFix but after I renamed everything and such, it says that windows cannot find the file specified when I use Run command =(.

techpro5238 · 06-25-2008, 01:30 PM

Try this; sorry, that was my bad for being general with the command.

Copy/paste this text into the Run box and click OK (please note you have to copy/paste the quotations too):

"C:\Documents and Settings\%userprofile%\Desktop\Combo-Fix.exe" /killall

Please then post back the resulting log.

wootwoot · 06-25-2008, 04:52 PM

I got ComboFix running and left it on for it to do its job. It must of deleted at least thousands of files lol. But after about an hour, the thing kinda stopped at a file called rMa01yy or something. I waited for another half hour and it still didn't get past it. After that, I closed it =/.

Here's the hijack log AFTER the semi-complete ComboFix run:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\asdf\My Documents\W?nSxS\w?auclt.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Combo-Fix\pv.cfexe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Advertising Your Business with Yahoo! Search Marketing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Advertising Your Business with Yahoo! Search Marketing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: (no name) - {04968BBC-F071-4A6E-8858-057B4050DDFC} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A62F7CF-43D8-4204-8DBA-28E43DA5E9D2} - C:\WINDOWS\system32\vtutr.dll (file missing)
O2 - BHO: (no name) - {2BA36A28-D068-4ADE-BB3E-A9716A99F4DE} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {3303D2BE-EED8-4200-AE84-F50B70EA947D} - C:\WINDOWS\System32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {393285DF-0E70-48CB-830A-CB034112CFA0} - C:\WINDOWS\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {453298CB-2F74-0CAD-0612-2C00CCB581C8} - C:\WINDOWS\system32\sbs.dll (file missing)
O2 - BHO: (no name) - {46669FCB-2675-5BFA-0212-2C00CCB4DD99} - C:\WINDOWS\system32\twqyw.dll (file missing)
O2 - BHO: (no name) - {4A61CD95-7475-0DFE-5312-2C00CCB48ACD} - C:\WINDOWS\system32\sxajjlh.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6299F227-38D7-4A29-961B-F45551F324C9} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {7FEFB16C-0D36-4488-8A9C-0DF01F2DEFE8} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {8B64B86B-5084-7855-FD3D-0EA2969D4A96} - C:\WINDOWS\system32\khxlvna.dll (file missing)
O2 - BHO: (no name) - {8BD5DDA3-1D75-425E-9B7C-024052F82B6C} - C:\WINDOWS\system32\cbXPfFYP.dll (file missing)
O2 - BHO: (no name) - {94ADAD10-4489-487A-8F28-4AE679F55C97} - C:\WINDOWS\system32\ccki.dll (file missing)
O2 - BHO: {60b50990-77a7-0eab-9c54-5d182f95d05a} - {a50d59f2-81d5-45c9-bae0-7a7709905b06} - C:\WINDOWS\system32\naknxbhk.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\igtkveww.dll (file missing)
O2 - BHO: (no name) - {A99EF844-AA65-46A1-A689-2D88877AD6C5} - C:\WINDOWS\system32\ddcAqPIC.dll (file missing)
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\System32\ljjhghe.dll (file missing)
O2 - BHO: (no name) - {B5994DF4-3D41-47F4-A2B0-66706AF5FEDD} - C:\WINDOWS\system32\gebyx.dll (file missing)
O2 - BHO: (no name) - {B891CD07-AD2C-42A6-A41E-46B6B9EFD08A} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: (no name) - {B9853681-D064-FDEF-4493-D48F74257A98} - C:\WINDOWS\system32\ham.dll (file missing)
O2 - BHO: (no name) - {C3DF67D6-0B3C-4F5F-A3A8-9BDA9A0E448D} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {C7FEFF43-168F-4B22-8B28-4AE679F25997} - C:\WINDOWS\system32\lqg.dll (file missing)
O2 - BHO: (no name) - {DA36BB3F-07D9-7B5C-AB3D-0EA2969A49C2} - C:\WINDOWS\system32\oelbn.dll (file missing)
O2 - BHO: (no name) - {DB36EC6E-01DE-2A00-FB3D-0EA2969D4896} - C:\WINDOWS\system32\vpyv.dll (file missing)
O2 - BHO: (no name) - {DC909641-2693-467F-904D-E7B410DAE315} - C:\WINDOWS\system32\opnkiIXP.dll (file missing)
O2 - BHO: (no name) - {E8843681-D035-A6EF-1993-D48F74257FC2} - C:\WINDOWS\system32\njjryf.dll (file missing)
O2 - BHO: (no name) - {E88838D6-D065-A6B7-1393-D48F74257993} - C:\WINDOWS\system32\rbj.dll (file missing)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\System32\cbxvtrs.dll (file missing)
O2 - BHO: (no name) - {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} - C:\WINDOWS\system32\iifgHBSM.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\igtkveww.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E 728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [546d0df0] rundll32.exe "C:\WINDOWS\system32\gmejhtjt.dll",b
O4 - HKLM\..\Run: [BM575e3e6c] Rundll32.exe "C:\WINDOWS\system32\mouspfjh.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\CURITY~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Kmu] "C:\Documents and Settings\asdf\My Documents\W?nSxS\w?auclt.exe"
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA449D0-B0D7-4D7A-AFE7-E2A25C1CB0C2}: NameServer = 209.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxvtrs - cbxvtrs.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: igtkveww - igtkveww.dll (file missing)
O20 - Winlogon Notify: iifgHBSM - iifgHBSM.dll (file missing)
O20 - Winlogon Notify: ljjhghe - ljjhghe.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe