can someone help.....please

can someone take a look at this highjack log and tell me if they see anything out of the ordinary....thank you


Logfile of HijackThis v1.99.1
Scan saved at 10:46:42 PM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ipnm.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\WINDOWS\system32\appao32.exe
C:\Documents and Settings\gal003\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fpteo.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13DC88ED-207B-7151-EF18-F6E2E391BABB} - C:\WINDOWS\ntbx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [cmhtghko] C:\WINDOWS\System32\qjrqkqoh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mfcpn32.exe] C:\WINDOWS\system32\mfcpn32.exe
O4 - HKLM\..\Run: [addbj.exe] C:\WINDOWS\system32\addbj.exe
O4 - HKLM\..\Run: [atlmm.exe] C:\WINDOWS\atlmm.exe
O4 - HKLM\..\Run: [appzg32.exe] C:\WINDOWS\appzg32.exe
O4 - HKLM\..\Run: [atlwy.exe] C:\WINDOWS\atlwy.exe
O4 - HKLM\..\Run: [appfz.exe] C:\WINDOWS\system32\appfz.exe
O4 - HKLM\..\Run: [netlm32.exe] C:\WINDOWS\system32\netlm32.exe
O4 - HKLM\..\Run: [apinb.exe] C:\WINDOWS\system32\apinb.exe
O4 - HKLM\..\Run: [apiot32.exe] C:\WINDOWS\apiot32.exe
O4 - HKLM\..\Run: [javaid32.exe] C:\WINDOWS\javaid32.exe
O4 - HKLM\..\Run: [apiaw32.exe] C:\WINDOWS\apiaw32.exe
O4 - HKLM\..\Run: [apiee.exe] C:\WINDOWS\apiee.exe
O4 - HKLM\..\Run: [apibz32.exe] C:\WINDOWS\system32\apibz32.exe
O4 - HKLM\..\Run: [netbp32.exe] C:\WINDOWS\system32\netbp32.exe
O4 - HKLM\..\Run: [mfcuf.exe] C:\WINDOWS\system32\mfcuf.exe
O4 - HKLM\..\Run: [netbk32.exe] C:\WINDOWS\system32\netbk32.exe
O4 - HKLM\..\Run: [ipkh.exe] C:\WINDOWS\system32\ipkh.exe
O4 - HKLM\..\Run: [nthm32.exe] C:\WINDOWS\nthm32.exe
O4 - HKLM\..\Run: [appnq.exe] C:\WINDOWS\appnq.exe
O4 - HKLM\..\Run: [appol.exe] C:\WINDOWS\system32\appol.exe
O4 - HKLM\..\Run: [iphs32.exe] C:\WINDOWS\iphs32.exe
O4 - HKLM\..\Run: [iewz.exe] C:\WINDOWS\iewz.exe
O4 - HKLM\..\Run: [ipnm.exe] C:\WINDOWS\system32\ipnm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spamblockerutility.com/installs/spamblockerutility/programs/spamblockerutility.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = atlascold.com
O17 - HKLM\Software\..\Telephony: DomainName = atlascold.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DE2827-0130-4AA7-B34B-D7BBE8125EFA}: NameServer = 10.190.1.15,10.190.19.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = atlascold.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSSQL$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\WINVNC\winvnc.exe

 

You have a few trojans downloaders embedded in your PC --

Namely --> appao32.exe
--> appol.exe
--> ipnm.exe

etc..etc.... too many to list !

The protocol needed to restore your PC to a clean state is quite involved !

There are two (2) websites where you should go to to get help by specialist. (Free of charge)

http://castlecops.com/t131351-Possibly_the_dirtiest_HJTLog_youll_ever_see.html

http://www.spywareinfo.com/

Read the Greeting info you get on either website and follow the necessary steps BEFORE you post a log for help !¸

One of the 1st Responder or Security Expert , will analyse and give you the procedure to give you back a clean PC.


Be patient as W/we are all volunteers at those websites -- :- Smiles.

 

thanks for your reply and redirection to help...i will go to the sites you recommended and i will be patient....thank you