Medichi and Medichi2 [MAJOR PROBLEMS]

Question

First off I would liek to say thank you to anyone who actually helps me out with this. I am really in a tight situation and need all the help I can get. Thanks again! Problems: Computer randomly starts copying files. A window appears at the upper left hand corner and shows the progress bar of files being copied. It happens once every 5 minutes or so. After it completes the copy the window closes and nothing else happens. Randomly, a Windows Security Alert pops up in the middle of the screen and says this exactly 'Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any UNATHORISED [the prompt is misspelled] access to your files! Click here to download Spyware Remover ...' Clicking 'No' simply exits the window, and clicking 'yes' brings you to a page that wont load completely. Randomly, my volume gets muted. Randomly, the computer will load IE and go to the address http://81.13.38.39/alert.htm , of course the site never loads. It simply says 'Canot find server'. Lastly, I am unable to execute the following programs, i double click on them but they do not RUN.. no hourglass appears or anything, it just does nothing. The programs that do not work are SPYWARE DOCTOR, COMBOFIX, SPYBOT: Search and Destroy, and AVG Anti-Spyware. I tried running all these programs in SAFEMODE but they do not execute either way. I have used AVAST! Antivirus, but the program does not find any viruses or spyware or anything. HIJACKTHIS: When I use hijackthis in safemode i always seem to get the same two registry files that I can not get rid of. They are MEDICHI.EXE and MEDICHI2.EXE I think these are the problem but I dont know how to get rid of them or if they really are the problem. Here is my ------------------------------HIJACKTHIS LOG--------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:49 PM, on 12/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Start\Desktop\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [StartCCC] 'C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe' O4 - HKLM\..\Run: [SDTray] 'C:\Program Files\Spyware Doctor\SDTrayApp.exe' O4 - HKLM\..\Run: [PrevxCSI] 'C:\Program Files\PrevxCSI\prevxcsi.exe' -boot O4 - HKLM\..\Run: [!AVG Anti-Spyware] 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe' /minimized O4 - HKLM\..\Run: [Medichi] medichi.exe O4 - HKLM\..\Run: [Medichi2] medichi2.exe O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Etc. Programs\AAAB\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.turbotax.com O20 - AppInit_DLLs: murka.dat O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Start/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 6674 bytes

1972vet · Answer

Message Edited by 1972vet on 02-27-2008 01:13 PM

Clemslabbert · Answer

1972vet ,I have downloaded SDFix and saved it to my laptop, I then double clicked the icon ,I see only the green ligrt flashing on my laptop but do not see a progress roport ,is it now busy working or scanning ?

Clemslabbert · Answer

Yes Yes Yes Yes Yes ---it is fixed !!!!!!!!!! Thank you very very much !!!!!!!!! This is my first day on this forum and it has helped me so much---thank you -thank you!!!! to 1972vet . You are a STAR !!! Have a blessed day and happy Xmas:smileywink:
Kind regards

Clem

Clemslabbert · Answer

W SDFix: Version 1.119 Run by Clem on 2007/12/25 at 06:36 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\Clem\MYDOCU~1\SDFix Safe Mode: Checking Services: Infected beep.sys Found! beep.sys File Locations: 'C:\WINDOWS\system32\dllcache\beep.sys' 37888 2007/12/22 08:58 PM 'C:\WINDOWS\system32\drivers\beep.sys' 37888 2007/12/22 08:58 PM Infected File Listed Below: C:\WINDOWS\system32\dllcache\beep.sys C:\WINDOWS\system32\drivers\beep.sys Trojan File copied to Backups Folder Attempting to replace beep.sys with original version... Original beep.sys Restored   Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found     Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found.   C:\WINDOWS\system32
toskrnl.exe No streams found.                                    Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-25 18:41:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000cbf014782] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000cbf014782] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------   Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe'='C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil' [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\DOCUME~1\Clem\MYDOCU~1\SDFix\backups\backups.zip Files with Hidden Attributes: Sat 22 Dec 2007            88 ..SHR --- 'C:\WINDOWS\system32\C89DAB0380.sys' Sat 22 Dec 2007         3,766 A.SH. --- 'C:\WINDOWS\system32\KGyGaAvL.sys' Finished!   Well ,this is my report. I must now just check if it worked------holding thumbs!!!!

1972vet · Answer

Message Edited by 1972vet on 02-27-2008 01:13 PM

Allanth · Answer

Thanks for the posts, but I tried SDFix the first time around and posted it on bleepingcomputers but nothing worked. I needed the computer to work by Christmas Day cause I bought CRYSIS for my brother as a present. So, i just said screw it and reformatted. Hope this thread helps someone out who had my problem though. Gl.

Clemslabbert · Answer

I suppose an apology want wont help ,but i apologize anyway, Scuse the the ignorance.;-(

dirkie · Answer

Hi,   i'm experiencing almost the same problems. Additional to this, the sound on my computer is put off. the virus scanner i used till a couple of days was AVG free edition. In order to try to solve the problems i'm having, i bought and installed PANDA internet security. Although it indicates several problems, it does not solve them. the folowing viruses or problems are detected: kernelwind32.exe, rootkit
uwar.la, medichi.exe.   I tried also to fix the problem with sdfix, not aware that this is a user-specific solution, and although things got better, it did not solve the problem. I add the report files from sdfix and hijackthis.   Can you help me to solve the problem. Many thanks.  SDFix: Version 1.119 Run by dirk declercq on wo 26-12-2007 at 10:15 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: Driver taskmon.sys Path: \??\C:\WINDOWS\system32\kernelw.sys \??\C:\WINDOWS\system32	askmon.sys Driver - Deleted taskmon.sys - Deleted   Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\DLLGH8~1.EXE - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp	tsetup.tmp.exe - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp\1.dllb - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp\5.dllb - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp\6.dllb - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp\7.dllb - Deleted C:\Documents and Settings\dirk declercq\Local Settings\Temp\ma1x1dd1v.game - Deleted C:\Documents and Settings\dirk declercq\Application Data\Install.dat  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms1.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms2.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms3.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms4.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms5.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms6.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms7.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms8.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qms9.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsA.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsB.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsC.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsD.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsE.tmp  - Deleted C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\qmsF.tmp  - Deleted C:\WINDOWS\PART0100.DAT  - Deleted C:\WINDOWS\system32\kernelwind32.exe  - Deleted C:\WINDOWS\system32\max1d11643v.exe  - Deleted C:\WINDOWS\system32	askmon.sys  - Deleted C:\WINDOWS\system32\vedxg4am1et2.exe  - Deleted   Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found.   Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:13:46, on 26-12-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32
vsvc32.exe C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\WINDOWS\medichi2.exe C:\WINDOWS\medichi.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Panda Security\Panda Internet Security 2008\avciman.exe C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Citrix\ICA Client\pnagent.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe D:\veiligheid computer\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\System32\SearchTool
sdB.dll (file missing) O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-436325722327} - C:\WINDOWS\System32\SmartShopper\SmartShopper0.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Dell AIO Printer A920] 'C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe' O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] 'C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe' O4 - HKLM\..\Run: [Google Desktop Search] 'C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe' /startup O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [Adobe Photo Downloader] 'C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe' O4 - HKLM\..\Run: [LogitechCommunicationsManager] 'C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe' O4 - HKLM\..\Run: [LogitechQuickCamRibbon] 'C:\Program Files\Logitech\QuickCam\Quickcam.exe' /hide O4 - HKLM\..\Run: [Medichi2] medichi2.exe O4 - HKLM\..\Run: [Medichi] medichi.exe O4 - HKLM\..\Run: [APVXDWIN] 'C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE' /s O4 - HKLM\..\Run: [SCANINICIO] 'C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe' O4 - HKLM\..\RunOnce: [BorraP2006tmp] cmd /C RD /s/q 'C:\DOCUME~1\DIRKDE~1\LOCALS~1\Temp\{F929AE28-3E8D-418A-B533-08BFED9492EB}\{EEBA9416-3207-47E0-9022-116440599DBC}\P2006tmp\' O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program Files\MSN Messenger\MsnMsgr.Exe' /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe' -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ce -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ce -f video -m logitech -d 11.1.0.2016 (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: VanBredaOnline Security Applet - https://www.vanbredaonline.be/applets/ema.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164546206733 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O20 - AppInit_DLLs: murka.dat O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe -- End of file - 10879 bytes

1972vet · Answer

Message Edited by 1972vet on 02-27-2008 01:13 PM

Virus & Spyware

Was this post helpful?