Hi skoly,
That's quite the collection of 'stuff'
Please Submit File to VirusTotal for analysis.
Click Virus Total Site
Use the "Browse" button and locate the following file on your computer:
C:\WINDOWS\system32\B4AD4EF6ED.sys
Click the "Submit" button.
Please copy and post (reply) with the results
Do the above steps for each file listed
*=========================*
Open Notepad and copy/paste the all text in the quotebox below into it:
File::
C:\DOCUME~1\Dan\APPLIC~1\tmp13E.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp13C.tmp.exe
C:\WINDOWS\yaxvus.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp11D.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp120.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp11E.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp111.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp10E.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpF9.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpF3.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpEC.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpED.tmp.exe
C:\WINDOWS\mlmnmn.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp9F.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp9C.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp9B.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp98.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp87.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp8A.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp88.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp5C.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp59.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp5A.tmp.exe
C:\WINDOWS\pmlkij.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp29.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp2C.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp2A.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp1B.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp1A.tmp.exe
C:\WINDOWS\ljgdef.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp16.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp17.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp15.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp13.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp12.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp45.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp46.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp44.tmp.exe
C:\WINDOWS\hgfddb.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp3C.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpD.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpE.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpF.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmpB.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp70.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp71.tmp.exe
C:\WINDOWS\jkhiih.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp6E.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp890.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp88E.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp883.tmp.exe
C:\WINDOWS\cbxusr.dll
C:\DOCUME~1\Dan\APPLIC~1\tmp881.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp880.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp6E9.tmp.exe
C:\DOCUME~1\Dan\APPLIC~1\tmp6E5.tmp.exe
C:\WINDOWS\system32\geedd.exe
C:\WINDOWS\system32\kbdr32.dll
C:\WINDOWS\system32\vtsqnml.dll
C:\WINDOWS\se_spoof.dll
C:\WINDOWS\system32\kbdr32.dll
Folder::
C:\UWA7P
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F67EEB12-AB09-11DB-A6F1-260856D89593}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbe0d6-19ab-4e99-8a0b-9c148b1d6e31}]
Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
*=========================*
Post the following;
VirusTotal results
Combofix.txt
New hijackthis log
Thanks,
Rogue
Ok, here is:
VirusTotal results
Combofix.txt
New hijackthis log
Skoly
Complete scanning result of "B4AD4EF6ED.SYS", received in VirusTotal at 06.02.2007, 23:39:29 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.5.31.2 06.01.2007 no virus found
AntiVir 7.4.0.29 06.01.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 06.01.2007 no virus found
AVG 7.5.0.467 06.02.2007 no virus found
BitDefender 7.2 06.02.2007 no virus found
CAT-QuickHeal 9.00 06.02.2007 no virus found
ClamAV devel-20070416 06.02.2007 no virus found
DrWeb 4.33 06.02.2007 no virus found
eSafe 7.0.15.0 05.31.2007 no virus found
eTrust-Vet 30.7.3684 06.02.2007 no virus found
Ewido 4.0 06.02.2007 no virus found
FileAdvisor 1 06.02.2007 no virus found
Fortinet 2.85.0.0 06.02.2007 no virus found
F-Prot 4.3.2.48 06.01.2007 no virus found
F-Secure 6.70.13030.0 06.02.2007 no virus found
Ikarus T3.1.1.8 06.02.2007 no virus found
Kaspersky 4.0.2.24 06.02.2007 no virus found
McAfee 5044 06.01.2007 no virus found
Microsoft 1.2503 06.02.2007 no virus found
NOD32v2 2305 06.01.2007 no virus found
Norman 5.80.02 06.01.2007 no virus found
Panda 9.0.0.4 06.02.2007 no virus found
Prevx1 V2 06.02.2007 no virus found
Sophos 4.18.0 06.01.2007 no virus found
Sunbelt 2.2.907.0 05.30.2007 no virus found
Symantec 10 06.02.2007 no virus found
TheHacker 6.1.6.128 05.31.2007 no virus found
VBA32 3.12.0 06.02.2007 no virus found
VirusBuster 4.3.23:9 06.02.2007 no virus found
Webwasher-Gateway 6.0.1 06.02.2007 no virus found
"Dan" - 2007-06-02 18:05:26 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Dan\"
Command switches used :: ""C:\Documents and Settings\Dan\Desktop\ComboFix-Do.txt" "C:\Documents and Settings\Dan\Desktop\Duh.lnk""
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\tmp9.tmp.dll"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode"
"C:\DOCUME~1\Dan\APPLIC~1\tmp13E.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp13C.tmp.exe"
"C:\WINDOWS\yaxvus.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp11D.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp120.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp11E.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp111.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp10E.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpF9.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpF3.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpEC.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpED.tmp.exe"
"C:\WINDOWS\mlmnmn.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp9F.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp9C.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp9B.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp98.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp87.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp8A.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp88.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp5C.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp59.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp5A.tmp.exe"
"C:\WINDOWS\pmlkij.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp29.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp2C.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp2A.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp1B.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp1A.tmp.exe"
"C:\WINDOWS\ljgdef.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp16.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp17.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp15.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp13.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp12.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp10.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp45.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp46.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp44.tmp.exe"
"C:\WINDOWS\hgfddb.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp3C.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpD.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpE.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpF.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmpB.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp70.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp71.tmp.exe"
"C:\WINDOWS\jkhiih.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp6E.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp890.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp88E.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp883.tmp.exe"
"C:\WINDOWS\cbxusr.dll"
"C:\DOCUME~1\Dan\APPLIC~1\tmp881.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp880.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp6E9.tmp.exe"
"C:\DOCUME~1\Dan\APPLIC~1\tmp6E5.tmp.exe"
"C:\WINDOWS\system32\geedd.exe"
"C:\WINDOWS\system32\vtsqnml.dll"
"C:\UWA7P"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007"
"C:\WINDOWS\system32\kbdr32.dll"
((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))
2007-06-02 17:39 50,970 --a------ C:\DOCUME~1\Dan\APPLIC~1\tmp9.tmp.exe
2007-06-02 17:39 2,560 --a------ C:\DOCUME~1\Dan\APPLIC~1\tmpC.tmp.exe
2007-06-02 17:39 17,010 --a------ C:\DOCUME~1\Dan\APPLIC~1\tmpA.tmp.exe
2007-06-02 17:39 106,730 --a------ C:\WINDOWS\fcbaxw.dll
2007-06-02 16:18 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-01 20:30 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-01 20:04 49,664 --a------ C:\Program Files\ATF-Cleaner.exe
2007-06-01 17:27 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-31 23:49 3,098,056 --a------ C:\Program Files\LimeWireWin.exe
2007-05-31 23:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-31 15:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SMSI
2007-05-10 03:33 <DIR> d-------- C:\Program Files\DellSupport
2007-05-06 16:06 <DIR> d-------- C:\Program Files\Smart Projects
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-01 23:51:45 -------- d-----w C:\Program Files\Common Files\Companion Wizard
2007-06-01 21:29:12 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-06-01 19:35:49 -------- d-----w C:\Program Files\Trend Micro
2007-06-01 18:43:44 -------- d-----w C:\Program Files\LimeWire
2007-05-20 15:41:45 56 --sh--r C:\WINDOWS\system32\B4AD4EF6ED.sys
2007-05-20 15:41:45 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-10 07:39:04 -------- d--h--w C:\DOCUME~1\Dan\APPLIC~1\Gtek
2007-04-30 01:25:46 -------- d-----w C:\DOCUME~1\Dan\APPLIC~1\AdobeUM
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-04 15:58:49 -------- d-----w C:\Program Files\GemMaster
2007-04-04 15:58:19 -------- d-----w C:\Program Files\PokerStars
2007-04-04 15:57:59 -------- d-----w C:\Program Files\Project64 1.6
2007-03-29 22:26:07 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=F:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-26 21:20]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdr32]
kbdr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
Contents of the 'Scheduled Tasks' folder
2007-05-09 12:57:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-02 20:17:39 C:\WINDOWS\tasks\MP Scheduled Scan.job
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-02 18:13:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-06-02 18:15:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-02 18:15
C:\ComboFix2.txt ... 2007-06-02 16:18
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 6:20:03 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
https://support.dell...iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplane...C_2.3.3.102.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius....tiveXPlugin.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: kbdr32 - kbdr32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
