WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] system error

Started by thomass , Jun 12 2008 10:11 PM

This topic is locked

15 replies to this topic

#1 thomass

Authentic Member

Authentic Member
39 posts

Posted 12 June 2008 - 10:11 PM

hii guys...i know this is the best site to solve pc probz...read hre often...now i got probz ma self...i was just doing my project and just like dat...window popped up saying..your system is at risk...everytime i open mozilaa or IE...i get that msg..windows pops up sayin...system error...need to download antispyware..as some files in windows is currepted..cant surf anything on the browser..here is my hijackthis report...let me know...what i can do..PLZZZ...thx

Logfile of HijackThis v1.99.1
Scan saved at 12:05:14 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BM0a3d035a] Rundll32.exe "C:\WINDOWS\system32\qabducke.dll",s
O4 - HKLM\..\Run: [090e30c6] rundll32.exe "C:\WINDOWS\system32\chrlhgdx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Quest Calendar.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe
O4 - Startup: Quest Clock.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopc...oad/SOPCORE.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Advertisements

Register to Remove

#2 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 13 June 2008 - 03:00 AM

Hi

Your HijackThis is an older version. Please remove it and follow these instructions, and the latest version will also be installed.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
For Vista users, right-click DSS and select Run As Administrator
If asked to install HijackThis click on Yes
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply

You too could train to help others- Join the Classroom

#3 thomass

Authentic Member

Authentic Member
39 posts

Posted 13 June 2008 - 08:39 AM

hey....here is i did what you asked me...i am posting both files..it dint ask me 2 install hijack this...kindaa did everything by itself...posting here

Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-13 10:29:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:29:36 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Admin.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {573a5c3e-4daf-af8a-1814-db9721ec7ae1} - {1ea7ce12-79bd-4181-a8fa-fad4e3c5a375} - C:\WINDOWS\system32\dnthwgxi.dll
O2 - BHO: (no name) - {27F769A6-2E9F-4B7A-91C3-BB6A037153DF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\jkkJbxyw.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B426C2BB-D48E-40B4-A54A-F0A4BD55892E} - C:\WINDOWS\system32\xxyaxXOf.dll (file missing)
O2 - BHO: (no name) - {B6E9B4E9-0C15-45ED-AE96-045ACFF41449} - C:\WINDOWS\system32\efcDUliH.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BM0a3d035a] Rundll32.exe "C:\WINDOWS\system32\qabducke.dll",s
O4 - HKLM\..\Run: [090e30c6] rundll32.exe "C:\WINDOWS\system32\chrlhgdx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Quest Calendar.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe
O4 - Startup: Quest Clock.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopc...oad/SOPCORE.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: jkkJbxyw - C:\WINDOWS\SYSTEM32\jkkJbxyw.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\Program Files\Stardock\MyColors\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 00:06:47 98816 --a------ C:\WINDOWS\system32\dnthwgxi.dll
2008-06-13 00:03:33 80896 --a------ C:\WINDOWS\system32\chrlhgdx.dll
2008-06-13 00:01:09 40960 --a------ C:\WINDOWS\system32\esxifsqb.dll
2008-06-13 00:01:01 89600 --a------ C:\WINDOWS\system32\qabducke.dll
2008-06-13 00:00:33 566370 --ahs---- C:\WINDOWS\system32\HilUDcfe.ini2
2008-06-13 00:00:29 322560 --a------ C:\WINDOWS\system32\efcDUliH.dll
2008-06-12 23:13:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 22:46:45 0 d-------- C:\VundoFix Backups
2008-06-12 15:44:13 0 d-------- C:\Program Files\IEAntiVirus
2008-06-12 10:34:20 0 d-------- C:\Program Files\Spyware Doctor
2008-06-12 10:32:28 274432 --a------ C:\WINDOWS\bopost32.dll
2008-06-12 10:32:26 52 --a------ C:\smp.bat
2008-06-12 09:52:50 578632 --ahs---- C:\WINDOWS\system32\fOXxayxx.ini2
2008-06-12 09:41:06 0 d-------- C:\Program Files\AntiSpywareExpert
2008-06-12 06:56:51 40960 --a------ C:\WINDOWS\system32\yeqiiybt.dll
2008-06-12 06:53:51 99328 --a------ C:\WINDOWS\system32\geeaaxbq.dll
2008-06-12 06:50:51 81408 --a------ C:\WINDOWS\system32\ystudmwk.dll
2008-06-12 06:47:51 90624 --a------ C:\WINDOWS\system32\cxwvrvvx.dll
2008-06-11 17:19:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-11 17:19:02 0 d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-06-11 17:09:02 0 d-------- C:\Program Files\Trojan Killer
2008-06-11 16:47:27 57344 --a------ C:\WINDOWS\system32\jkkJbxyw.dll
2008-06-09 11:18:17 0 d-------- C:\Program Files\LimeWire
2008-06-09 01:06:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-09 01:05:50 0 d-------- C:\Program Files\Common Files\iS3
2008-06-09 01:05:49 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-06 10:09:17 0 d-------- C:\Program Files\XP Codec Pack
2008-06-02 19:48:23 0 d-------- C:\Program Files\IndigoWind
2008-06-02 19:47:23 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-02 19:46:46 0 d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-02 19:41:25 0 d-------- C:\Documents and Settings\Admin\Application Data\Portfolio Manager
2008-06-02 19:26:16 0 d-------- C:\Program Files\Free Desktop Tools
2008-05-31 10:56:38 0 d-------- C:\Program Files\Stress Free Trading
2008-05-31 10:49:43 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 10:49:35 0 d-------- C:\Program Files\Reference Assemblies
2008-05-31 10:45:30 0 d-------- C:\Program Files\MSXML 6.0
2008-05-30 00:22:42 0 d-------- C:\Documents and Settings\Admin\Application Data\DTLink Software
2008-05-30 00:22:26 430174 --a------ C:\WINDOWS\sqlite3.dll
2008-05-30 00:22:26 413696 --a------ C:\WINDOWS\QHTM.dll <Not Verified; GipsySoft.com; QHTM>
2008-05-30 00:22:25 0 d-------- C:\Program Files\PSM
2008-05-30 00:12:13 0 d-------- C:\Program Files\Stock Screener Lite
2008-05-29 22:40:18 0 d-------- C:\Program Files\PKR
2008-05-29 22:19:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 22:18:51 0 d-------- C:\Program Files\Windows Live
2008-05-29 22:18:37 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

-- Find3M Report ---------------------------------------------------------------

2008-06-13 00:02:30 0 d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-13 00:02:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 00:02:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-12 23:57:18 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-12 23:27:00 0 d-------- C:\Program Files\Java
2008-06-12 22:54:56 0 d-------- C:\Program Files\PowerISO
2008-06-12 15:56:25 0 d-------- C:\Program Files\Common Files\PC Tools
2008-06-11 17:15:52 0 d-------- C:\Program Files\TechSmith
2008-06-09 16:15:30 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-09 01:05:50 0 d-------- C:\Program Files\Common Files
2008-06-03 02:25:46 0 d-------- C:\Program Files\Winamp
2008-05-31 14:31:19 0 d-------- C:\Program Files\Common Files\Stardock
2008-05-31 10:49:50 0 d-------- C:\Program Files\MSBuild
2008-05-21 23:39:49 0 d-------- C:\Documents and Settings\Admin\Application Data\dvdcss
2008-05-13 06:32:44 0 d-------- C:\Program Files\MatroskaProp
2008-05-12 23:36:47 0 d-------- C:\Program Files\MSN Messenger
2008-05-12 21:20:42 0 d-------- C:\Program Files\AtomixMP3
2008-05-06 14:19:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 17:01:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 23:03:04 0 d-------- C:\Program Files\Netscape
2008-04-30 22:58:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Netscape

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ea7ce12-79bd-4181-a8fa-fad4e3c5a375}]
06/13/2008 12:06 AM 98816 --a------ C:\WINDOWS\system32\dnthwgxi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27F769A6-2E9F-4B7A-91C3-BB6A037153DF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
06/11/2008 04:47 PM 57344 --a------ C:\WINDOWS\system32\jkkJbxyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B426C2BB-D48E-40B4-A54A-F0A4BD55892E}]
C:\WINDOWS\system32\xxyaxXOf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E9B4E9-0C15-45ED-AE96-045ACFF41449}]
06/13/2008 12:00 AM 322560 --a------ C:\WINDOWS\system32\efcDUliH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [03/16/2006 12:00 AM C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 04:52 PM]
"NvMediaCenter"="RUNDLL32.exe" [03/16/2006 12:00 AM C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [03/16/2006 12:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [08/18/2006 04:00 AM C:\WINDOWS\system32\nwiz.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/20/2007 02:59 PM]
"msnsyslog"="C:\WINDOWS\msnlogm.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"BM0a3d035a"="C:\WINDOWS\system32\qabducke.dll" [06/13/2008 12:01 AM]
"090e30c6"="C:\WINDOWS\system32\chrlhgdx.dll" [06/13/2008 12:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/16/2006 12:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 10:49 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [06/05/2008 11:41 PM]

C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Startup\
Quest Calendar.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe [2/7/2008 12:06:35 AM]
Quest Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe [2/7/2008 12:06:35 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\WINDOWS\system32\jkkJbxyw.dll [06/11/2008 04:47 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJbxyw]
jkkJbxyw.dll 06/11/2008 04:47 PM 57344 C:\WINDOWS\system32\jkkJbxyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\MyColors\fastload.dll 08/13/2007 06:11 PM 24576 C:\Program Files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcDUliH

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^palmOne Registration.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
"C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
C:\windows\system32\msnmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PININST]
C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000a-9c5a-11dc-add9-001636a44811}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000c-9c5a-11dc-add9-001636a44811}]
Auto\command- Cn911.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

-- End of Deckard's System Scanner: finished at 2008-06-13 10:29:56 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 958.54 MiB / 376.08 MiB
Pagefile Memory (total/avail): 2361.73 MiB / 1913.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.11 MiB

C: is Fixed (NTFS) - 80.66 GiB total, 56.18 GiB free.
D: is Fixed (FAT32) - 11.46 GiB total, 1.26 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541010G9SA00 - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 80.66 GiB - C:
\PARTITION1 - Unknown - 11.48 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Spyware Doctor with AntiVirus v (PC Tools) Disabled
AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\HP Rhapsody\\rhapsody.exe"="C:\\Program Files\\HP Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Disabled:BlueSoleil"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\pmropn.exe"="C:\\WINDOWS\\system32\\pmropn.exe:*:Enabled:pmropn.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHACHHI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\CHACHHI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
ResetEnv=Y
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=CHACHHI
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Admin (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Codec Pack - All In 1 6.0.2.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DefilerPak 1.19 (Remove Only) --> "C:\Program Files\DefilerPak\UnDefile.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0032 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E276E05A-FFE8-485B-A005-42E76EA72AC4}\Setup.exe" -l0x9 -removeonly
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 2.54 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Phnom Penh Image Scaler --> MsiExec.exe /I{840D5711-538D-4E00-8038-112B8A8FFADC}
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SnagIt 9 --> MsiExec.exe /I{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Stardock MyColors --> "C:\Program Files\Stardock\MyColors\thememgr.exe" /uninstallwise
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vongo --> MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB915381 --> "C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type7664 / Warning
Event Submitted/Written: 06/12/2008 11:52:52 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type7663 / Error
Event Submitted/Written: 06/12/2008 11:38:55 PM
Event ID/Source: 1000 / Windows Live Messenger
Event Description:
msnmsgr.exe8.5.1302.10184717a53bunknown0.0.0.00000000000177f9df

Event Record #/Type7662 / Error
Event Submitted/Written: 06/12/2008 11:38:18 PM
Event ID/Source: 4618 / EventSystem
Event Description:
The COM+ Event System raised an unexpected access violation at address 0x000E06BC, attempting to access address 0xFFFFFFFF. Please contact Microsoft Product Support Services to report this error.
!+0xe06bc
es!DllGetClassObject+0x3b06
msnmsgr!+0xc9cc9
msnmsgr!+0xd0ca3
msnmsgr!+0xd0c7c
msnmsgr!+0xc9a77
MSVCR80!_cexit+0xb
MSVCR80!__p__winver+0x26d
ntdll!LdrShutdownProcess+0x142
kernel32!IsValidLocale+0x8eb
kernel32!ExitProcess+0x14
dfsr!DllUnregisterServer+0x13a98
dfsr!DllUnregisterServer+0x138a0
dfsr!DllUnregisterServer+0xc5ee
dfsr!DllUnregisterServer+0xca4e
dfsr!DllUnregisterServer+0x249cf
dfsr!DllUnregisterServer+0x24d39
dfsr!DllUnregisterServer+0x2529a
dfsr!DllUnregisterServer+0x6978d
dfsr!DllUnregisterServer+0x6add6
dfsr!DllUnregisterServer+0x13082
dfsr!DllUnregisterServer+0x134de
ntdll!RtlUpcaseUnicodeString+0x159
ntdll!RtlUpcaseUnicodeString+0x197
ntdll!RtlUpcaseUnicodeString+0x259
ntdll!RtlUpcaseUnicodeString+0x230
kernel32!GetModuleFileNameA+0x1b4

Event Record #/Type7661 / Error
Event Submitted/Written: 06/12/2008 11:38:18 PM
Event ID/Source: 4617 / EventSystem
Event Description:
The COM+ Event System raised an unexpected exception C000001D at address 0x00720065. Please contact Microsoft Product Support Services to report this error.
msnmsgr!+0x320065
es!DllGetClassObject+0x1881
es!DllGetClassObject+0x3dbf
msnmsgr!+0xc9cbd
msnmsgr!+0xd0ca3
msnmsgr!+0xd0c7c
msnmsgr!+0xc9a77
MSVCR80!_cexit+0xb
MSVCR80!__p__winver+0x26d
ntdll!LdrShutdownProcess+0x142
kernel32!IsValidLocale+0x8eb
kernel32!ExitProcess+0x14
dfsr!DllUnregisterServer+0x13a98
dfsr!DllUnregisterServer+0x138a0
dfsr!DllUnregisterServer+0xc5ee
dfsr!DllUnregisterServer+0xca4e
dfsr!DllUnregisterServer+0x249cf
dfsr!DllUnregisterServer+0x24d39
dfsr!DllUnregisterServer+0x2529a
dfsr!DllUnregisterServer+0x6978d
dfsr!DllUnregisterServer+0x6add6
dfsr!DllUnregisterServer+0x13082
dfsr!DllUnregisterServer+0x134de
ntdll!RtlUpcaseUnicodeString+0x159
ntdll!RtlUpcaseUnicodeString+0x197
ntdll!RtlUpcaseUnicodeString+0x259
ntdll!RtlUpcaseUnicodeString+0x230
kernel32!GetModuleFileNameA+0x1b4

Event Record #/Type7654 / Success
Event Submitted/Written: 06/12/2008 11:04:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type7631 / Error
Event Submitted/Written: 06/13/2008 10:19:16 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.

Event Record #/Type7628 / Warning
Event Submitted/Written: 06/13/2008 10:12:39 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5FE73CF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7623 / Error
Event Submitted/Written: 06/13/2008 07:37:01 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type7622 / Warning
Event Submitted/Written: 06/13/2008 07:37:01 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5FE73CF. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7618 / Warning
Event Submitted/Written: 06/13/2008 06:35:40 AM
Event ID/Source: 1006 / Dhcp
Event Description:
Your computer was unable to automatically configure the IP parameters for
the Network Card with the network address 0014A5FE73CF. The following error occurred
during configuration: %%55.

-- End of Deckard's System Scanner: finished at 2008-06-13 10:19:41 ------------

#4 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 13 June 2008 - 09:16 AM

Hi

It didnt ask you to install HijackThis because the old version is still installed. No matter.

Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

There is a tutorial on the basic use of Combofix here:
http://www.bleepingc...to-use-combofix

Please download Combofix from Bleeping Computer.

If you can't download it from there, please try these 2 alternative sites:

Forospyware
Geeks to Go

Save it to your Desktop.
Disconnect from the Internet.
Click on this LINK to disable Norton/Symantec
Click Start>Run copy/paste or type "%userprofile%\desktop\combofix.exe" /killall into the Run box and click OK.
When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

#5 thomass

Authentic Member

Authentic Member
39 posts

Posted 13 June 2008 - 10:09 AM

hey scotty...here is the combofix repot....b3fore you told me what to do...all of a sudden...all the icons from my quick launch were gone....how come? :-s...would you know...anyways..here is combofix log..

ComboFix 08-06-11.7 - Admin 2008-06-13 11:55:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.616 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\8JK6FD8K\www.broadcaster.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\AntiSpywareExpert
C:\Program Files\IEAntiVirus
C:\Program Files\IEAntiVirus\ieav.db2
C:\Program Files\IEAntiVirus\ieav.db3
C:\Program Files\IEAntiVirus\ieav.db6
C:\Program Files\IEAntiVirus\uninst.exe
C:\smp.bat
C:\WINDOWS\BM0a3d035a.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\chrlhgdx.dll
C:\WINDOWS\system32\cxwvrvvx.dll
C:\WINDOWS\system32\dnthwgxi.dll
C:\WINDOWS\system32\efcDUliH.dll
C:\WINDOWS\system32\fOXxayxx.ini
C:\WINDOWS\system32\fOXxayxx.ini2
C:\WINDOWS\system32\geeaaxbq.dll
C:\WINDOWS\system32\HilUDcfe.ini
C:\WINDOWS\system32\HilUDcfe.ini2
C:\WINDOWS\system32\jkkJbxyw.dll
C:\WINDOWS\system32\kpupwpav.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pshlutdy.ini
C:\WINDOWS\system32\qabducke.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak2
C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\ukjsqupr.ini
C:\WINDOWS\system32\xdghlrhc.ini
C:\WINDOWS\system32\xdghlrhc.ini2
C:\WINDOWS\system32\xdghlrhc.tmp
C:\WINDOWS\system32\ystudmwk.dll
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 10:13 . 2008-06-13 10:13 <DIR> d-------- C:\Deckard
2008-06-13 00:01 . 2008-06-13 00:01 40,960 --a------ C:\WINDOWS\system32\esxifsqb.dll
2008-06-12 23:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 22:46 . 2008-06-12 23:05 <DIR> d-------- C:\VundoFix Backups
2008-06-12 15:56 . 2008-06-12 10:49 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-12 10:34 . 2008-06-12 23:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 10:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 10:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 10:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 10:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-12 10:32 . 2008-06-12 10:32 274,432 --a------ C:\WINDOWS\bopost32.dll
2008-06-12 06:56 . 2008-06-12 06:56 40,960 --a------ C:\WINDOWS\system32\yeqiiybt.dll
2008-06-11 18:44 . 2008-06-11 18:44 321,536 --a------ C:\WINDOWS\system32\xxyaxXOf.dll_old
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-06-11 17:09 . 2008-06-11 17:14 <DIR> d-------- C:\Program Files\Trojan Killer
2008-06-11 16:53 . 2008-06-11 16:54 80,896 --a------ C:\WINDOWS\system32\jensevyr.dll.vir
2008-06-09 11:18 . 2008-06-09 11:18 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 01:06 . 2008-06-09 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-09 01:05 . 2008-06-09 01:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-06-09 01:05 . 2008-06-09 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-06 10:09 . 2008-06-06 10:21 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-06-02 19:48 . 2008-06-02 19:48 <DIR> d-------- C:\Program Files\IndigoWind
2008-06-02 19:48 . 2008-06-02 19:48 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-02 19:47 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-02 19:46 . 2008-06-02 19:46 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-02 19:41 . 2008-06-02 19:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Portfolio Manager
2008-06-02 19:26 . 2008-06-09 11:53 <DIR> d-------- C:\Program Files\Free Desktop Tools
2008-05-31 10:56 . 2008-05-31 10:56 <DIR> d-------- C:\Program Files\Stress Free Trading
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-31 10:49 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-31 10:45 . 2008-05-31 10:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-30 19:52 . 2008-05-30 19:52 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-30 00:22 . 2008-05-30 00:30 <DIR> d-------- C:\Program Files\PSM
2008-05-30 00:22 . 2008-05-30 00:22 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DTLink Software
2008-05-30 00:22 . 2007-12-14 13:41 430,174 --a------ C:\WINDOWS\sqlite3.dll
2008-05-30 00:22 . 2006-04-27 09:21 413,696 --a------ C:\WINDOWS\QHTM.dll
2008-05-30 00:12 . 2008-05-30 00:14 <DIR> d-------- C:\Program Files\Stock Screener Lite
2008-05-29 22:40 . 2008-06-05 13:30 <DIR> d-------- C:\Program Files\PKR
2008-05-29 22:19 . 2008-05-29 22:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 22:18 . 2008-05-29 22:29 <DIR> d-------- C:\Program Files\Windows Live
2008-05-29 22:18 . 2008-05-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 23:55 . 2008-05-16 23:55 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-13 04:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 04:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-13 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 03:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-13 03:27 --------- d-----w C:\Program Files\Java
2008-06-13 02:54 --------- d-----w C:\Program Files\PowerISO
2008-06-12 19:56 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-06-11 21:15 --------- d-----w C:\Program Files\TechSmith
2008-06-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-09 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-03 06:25 --------- d-----w C:\Program Files\Winamp
2008-05-31 18:31 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-31 14:49 --------- d-----w C:\Program Files\MSBuild
2008-05-22 03:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-05-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 10:32 --------- d-----w C:\Program Files\MatroskaProp
2008-05-13 03:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 01:20 --------- d-----w C:\Program Files\AtomixMP3
2008-05-06 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 03:03 --------- d-----w C:\Program Files\Netscape
2008-05-01 02:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\Netscape
2007-06-14 00:04 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B426C2BB-D48E-40B4-A54A-F0A4BD55892E}]
C:\WINDOWS\system32\xxyaxXOf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-05 23:41 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-20 14:59 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 00:00 15360]

C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Startup\
Quest Calendar.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe [2008-02-07 00:06:35 786680]
Quest Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe [2008-02-07 00:06:35 826368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\MyColors\fastload.dll 2007-08-13 18:11 24576 C:\Program Files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^palmOne Registration.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 16:52 48752 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 19:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
C:\windows\system32\msnmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PININST]
--a------ 2006-09-07 14:35 46 C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 12:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 00:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-04-17 13:30 85184 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 10:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-13 20:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000a-9c5a-11dc-add9-001636a44811}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000c-9c5a-11dc-add9-001636a44811}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 01:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 12:02:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-13 12:08:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-13 16:08:43

Pre-Run: 60,204,457,984 bytes free
Post-Run: 60,140,548,096 bytes free

336 --- E O F --- 2008-06-10 14:01:58

#6 thomass

Authentic Member

Authentic Member
39 posts

Posted 13 June 2008 - 10:35 AM

hey....post this console..

ComboFix 08-06-11.7 - Admin 2008-06-13 12:32:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 10:13 . 2008-06-13 10:13 <DIR> d-------- C:\Deckard
2008-06-13 00:01 . 2008-06-13 00:01 40,960 --a------ C:\WINDOWS\system32\esxifsqb.dll
2008-06-12 23:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 22:46 . 2008-06-12 23:05 <DIR> d-------- C:\VundoFix Backups
2008-06-12 15:56 . 2008-06-12 10:49 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-12 10:34 . 2008-06-12 23:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 10:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 10:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 10:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 10:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-12 10:32 . 2008-06-12 10:32 274,432 --a------ C:\WINDOWS\bopost32.dll
2008-06-12 06:56 . 2008-06-12 06:56 40,960 --a------ C:\WINDOWS\system32\yeqiiybt.dll
2008-06-11 18:44 . 2008-06-11 18:44 321,536 --a------ C:\WINDOWS\system32\xxyaxXOf.dll_old
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-06-11 17:09 . 2008-06-11 17:14 <DIR> d-------- C:\Program Files\Trojan Killer
2008-06-11 16:53 . 2008-06-11 16:54 80,896 --a------ C:\WINDOWS\system32\jensevyr.dll.vir
2008-06-09 11:18 . 2008-06-09 11:18 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 01:06 . 2008-06-09 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-09 01:05 . 2008-06-09 01:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-06-09 01:05 . 2008-06-09 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-06 10:09 . 2008-06-06 10:21 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-06-02 19:48 . 2008-06-02 19:48 <DIR> d-------- C:\Program Files\IndigoWind
2008-06-02 19:48 . 2008-06-02 19:48 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-02 19:47 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-02 19:46 . 2008-06-02 19:46 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-02 19:41 . 2008-06-02 19:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Portfolio Manager
2008-06-02 19:26 . 2008-06-09 11:53 <DIR> d-------- C:\Program Files\Free Desktop Tools
2008-05-31 10:56 . 2008-05-31 10:56 <DIR> d-------- C:\Program Files\Stress Free Trading
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-31 10:49 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-31 10:45 . 2008-05-31 10:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-30 19:52 . 2008-05-30 19:52 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-30 00:22 . 2008-05-30 00:30 <DIR> d-------- C:\Program Files\PSM
2008-05-30 00:22 . 2008-05-30 00:22 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DTLink Software
2008-05-30 00:22 . 2007-12-14 13:41 430,174 --a------ C:\WINDOWS\sqlite3.dll
2008-05-30 00:22 . 2006-04-27 09:21 413,696 --a------ C:\WINDOWS\QHTM.dll
2008-05-30 00:12 . 2008-05-30 00:14 <DIR> d-------- C:\Program Files\Stock Screener Lite
2008-05-29 22:40 . 2008-06-05 13:30 <DIR> d-------- C:\Program Files\PKR
2008-05-29 22:19 . 2008-05-29 22:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 22:18 . 2008-05-29 22:29 <DIR> d-------- C:\Program Files\Windows Live
2008-05-29 22:18 . 2008-05-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 23:55 . 2008-05-16 23:55 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-13 04:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 04:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-13 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 03:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-13 03:27 --------- d-----w C:\Program Files\Java
2008-06-13 02:54 --------- d-----w C:\Program Files\PowerISO
2008-06-12 19:56 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-06-11 21:15 --------- d-----w C:\Program Files\TechSmith
2008-06-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-09 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-03 06:25 --------- d-----w C:\Program Files\Winamp
2008-05-31 18:31 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-31 14:49 --------- d-----w C:\Program Files\MSBuild
2008-05-22 03:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-05-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 10:32 --------- d-----w C:\Program Files\MatroskaProp
2008-05-13 03:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 01:20 --------- d-----w C:\Program Files\AtomixMP3
2008-05-06 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 03:03 --------- d-----w C:\Program Files\Netscape
2008-05-01 02:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\Netscape
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-06-14 00:04 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B426C2BB-D48E-40B4-A54A-F0A4BD55892E}]
C:\WINDOWS\system32\xxyaxXOf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-05 23:41 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-20 14:59 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 00:00 15360]

C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Startup\
Quest Calendar.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe [2008-02-07 00:06:35 786680]
Quest Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe [2008-02-07 00:06:35 826368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\MyColors\fastload.dll 2007-08-13 18:11 24576 C:\Program Files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^palmOne Registration.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 16:52 48752 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 19:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
C:\windows\system32\msnmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PININST]
--a------ 2006-09-07 14:35 46 C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 12:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 00:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-04-17 13:30 85184 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 10:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-13 20:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000a-9c5a-11dc-add9-001636a44811}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000c-9c5a-11dc-add9-001636a44811}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 01:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 12:34:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-13 12:35:59
ComboFix-quarantined-files.txt 2008-06-13 16:35:12
ComboFix2.txt 2008-06-13 16:08:48

Pre-Run: 60,118,921,216 bytes free
Post-Run: 60,079,259,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /usepmtimer /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

281 --- E O F --- 2008-06-10 14:01:58

#7 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 13 June 2008 - 01:57 PM

Hi

The icons disappeared before you did anything? Maybe we scared them? :yeah:

Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
C:\WINDOWS\bopost32.dll
Click Submit.
Please post the results of this scan to this thread.

Do the same for these:
C:\WINDOWS\winstart.bat
C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

If Jotti is busy or unavailable, please try
Virustotal

Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.You must
also manually disable your anti-virus and anti-spyware programs. See the link below for instructions on doing this.
http://www.bleepingc...opic114351.html

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

KillAll::
 
File::
C:\WINDOWS\system32\esxifsqb.dll
C:\WINDOWS\system32\yeqiiybt.dll
C:\WINDOWS\system32\xxyaxXOf.dll_old
C:\WINDOWS\system32\jensevyr.dll.vir

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B426C2BB-D48E-40B4-A54A-F0A4BD55892E}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000a-9c5a-11dc-add9-001636a44811}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecd9000c-9c5a-11dc-add9-001636a44811}]

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet and disable your anti-virus, to reduce scanning time. Re-enable the anti-virus before reconnecting to the Internet.
Instructions on disabling a variety of security programs can be found at the link below.
http://www.bleepingc...opic114351.html

In your next reply post:
Jotti results
ComboFix.txt
Kaspersky report
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

#8 thomass

Authentic Member

Authentic Member
39 posts

Posted 13 June 2008 - 07:53 PM

heyy scotty...wow that scan took forever eh...almost 4 hrs...anyways..here are all the files.....

C:\WINDOWS\bopost32.dll << only found trouble in this file...other 2 are clean..so they are in jpg...

www.VirusProtectionSites.info/Scan
Scanner results
Scan taken on 13 Jun 2008 20:31:27 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.FraudLoad.bdj
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Generic7.SRE
BitDefender Found Trojan.Downloader.Delf.OVA
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan:W32/Renos.DA, Trojan-Downloader.Win32.FraudLoad.bdj
Fortinet Found W32/FraudLoad.BDJ!tr.dldr
Ikarus Found Win32.SuspectCrc
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.FraudLoad.bdj
NOD32 Found Win32/Adware.IeDefender.NFD application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

ComboFix 08-06-11.7 - Admin 2008-06-13 16:52:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\esxifsqb.dll
C:\WINDOWS\system32\jensevyr.dll.vir
C:\WINDOWS\system32\xxyaxXOf.dll_old
C:\WINDOWS\system32\yeqiiybt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\esxifsqb.dll
C:\WINDOWS\system32\jensevyr.dll.vir
C:\WINDOWS\system32\xxyaxXOf.dll_old
C:\WINDOWS\system32\yeqiiybt.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-13 13:29 . 2008-06-13 13:31 <DIR> d-------- C:\All the Files
2008-06-13 12:51 . 2008-06-13 12:51 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-06-12 23:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 15:56 . 2008-06-12 10:49 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-12 10:34 . 2008-06-12 23:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 10:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 10:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 10:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 10:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-12 10:32 . 2008-06-12 10:32 274,432 --a------ C:\WINDOWS\bopost32.dll
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-06-11 17:09 . 2008-06-11 17:14 <DIR> d-------- C:\Program Files\Trojan Killer
2008-06-09 11:18 . 2008-06-09 11:18 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 01:06 . 2008-06-09 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-09 01:05 . 2008-06-09 01:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-06-09 01:05 . 2008-06-09 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-06 10:09 . 2008-06-06 10:21 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-06-02 19:48 . 2008-06-02 19:48 <DIR> d-------- C:\Program Files\IndigoWind
2008-06-02 19:48 . 2008-06-02 19:48 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-02 19:47 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-02 19:46 . 2008-06-02 19:46 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-02 19:41 . 2008-06-02 19:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Portfolio Manager
2008-06-02 19:26 . 2008-06-09 11:53 <DIR> d-------- C:\Program Files\Free Desktop Tools
2008-05-31 10:56 . 2008-05-31 10:56 <DIR> d-------- C:\Program Files\Stress Free Trading
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-31 10:49 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-31 10:45 . 2008-05-31 10:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-30 19:52 . 2008-05-30 19:52 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-30 00:22 . 2008-05-30 00:30 <DIR> d-------- C:\Program Files\PSM
2008-05-30 00:22 . 2008-05-30 00:22 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DTLink Software
2008-05-30 00:22 . 2007-12-14 13:41 430,174 --a------ C:\WINDOWS\sqlite3.dll
2008-05-30 00:22 . 2006-04-27 09:21 413,696 --a------ C:\WINDOWS\QHTM.dll
2008-05-30 00:12 . 2008-05-30 00:14 <DIR> d-------- C:\Program Files\Stock Screener Lite
2008-05-29 22:40 . 2008-06-05 13:30 <DIR> d-------- C:\Program Files\PKR
2008-05-29 22:19 . 2008-05-29 22:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 22:18 . 2008-05-29 22:29 <DIR> d-------- C:\Program Files\Windows Live
2008-05-29 22:18 . 2008-05-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 23:55 . 2008-05-16 23:55 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-13 04:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 04:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-13 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 03:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-13 03:27 --------- d-----w C:\Program Files\Java
2008-06-13 02:54 --------- d-----w C:\Program Files\PowerISO
2008-06-12 19:56 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-06-11 21:15 --------- d-----w C:\Program Files\TechSmith
2008-06-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-09 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-03 06:25 --------- d-----w C:\Program Files\Winamp
2008-05-31 14:49 --------- d-----w C:\Program Files\MSBuild
2008-05-22 03:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-05-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 10:32 --------- d-----w C:\Program Files\MatroskaProp
2008-05-13 03:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 01:20 --------- d-----w C:\Program Files\AtomixMP3
2008-05-06 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 03:03 --------- d-----w C:\Program Files\Netscape
2008-05-01 02:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\Netscape
2007-06-14 00:04 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-05 23:41 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-20 14:59 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 00:00 15360]

C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Startup\
Quest Calendar.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe [2008-02-07 00:06:35 786680]
Quest Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe [2008-02-07 00:06:35 826368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^palmOne Registration.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 16:52 48752 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 19:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
C:\windows\system32\msnmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PININST]
--a------ 2006-09-07 14:35 46 C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 12:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 00:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-04-17 13:30 85184 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 10:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-13 20:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 01:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 16:57:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-13 17:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-13 21:05:03

Pre-Run: 60,046,766,080 bytes free
Post-Run: 60,028,452,864 bytes free

289 --- E O F --- 2008-06-10 14:01:58

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 18:36:27
Records in database: 860715
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 111315
Threat name: 26
Infected objects: 52
Suspicious objects: 0
Duration of the scan: 02:05:08

File name / Threat name / Threats count
C:\All the Files\Deckard\System Scanner\20080613102301\backup\DOCUME~1\Admin\LOCALS~1\Temp\A198-tmp.exe Infected: Trojan-Downloader.Win32.Delf.ivf 1
C:\All the Files\Deckard\System Scanner\20080613102301\backup\DOCUME~1\Admin\LOCALS~1\Temp\A198-tmpavideo.exe Infected: Trojan-Downloader.Win32.FraudLoad.bdj 1
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\chrlhgdx.dll.vir Infected: Trojan.Win32.Monder.na 1
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\dnthwgxi.dll.vir Infected: Trojan.Win32.Monder.oa 1
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\jkkJbxyw.dll.vir Infected: Trojan-Downloader.Win32.Agent.quv 1
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\qabducke.dll.vir Infected: Trojan.Win32.Monder.nb 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-4c02bbee Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-26d2726d Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-5ffdd834 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-2ac00660.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-34644458.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-1b39a828.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Admin\My Documents\My Documents\Snagit\TechSmith SnagIt 8.2.3.zip Infected: Trojan.Win32.Midgare.eyz 1
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\sdsetup.exe Infected: Trojan-Downloader.Win32.Delf.ivt 1
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\Spyware.Doctor.v5.5.1.322_patch.exe Infected: Trojan-Downloader.Win32.Delf.ivt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40000\46FE2325.VBN Infected: Trojan-Clicker.Win32.Agent.is 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05280000\4D6CBD7E.VBN Infected: Trojan-Clicker.Win32.Delf.if 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05280000\4D6CBD7E.VBN Infected: Trojan.Win32.Delf.agd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80001\47FF3540.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80002\47FF3547.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80003\47FF3552.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80004\47FF355A.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80005\47FF3564.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80006\47FF356C.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80007\47FF3576.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80008\47FF357E.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F80009\47FF3589.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F8000A\47FF3591.VBN Infected: Trojan.Win32.Agent.bty 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F8000C\47FF3CF7.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09200000\4F2E7D83.VBN Infected: Trojan.Win32.Agent.bnj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D00000.VBN Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D00001.VBN Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A580000\4E7AE165.VBN Infected: Trojan-Clicker.Win32.Agent.is 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B580000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B580001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.iy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C540000\4E776859.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.iu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C540001\4E779952.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.iu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C540002\4E77A0FE.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C540003\4E77AF0E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.iu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000.VBN Infected: Trojan-Downloader.Win32.LoadAdv.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000.VBN Infected: Trojan.Win32.Dialer.qn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300000.VBN Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300001.VBN Infected: Trojan-Downloader.Win32.LoadAdv.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300001.VBN Infected: Trojan.Win32.Dialer.qn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E300001.VBN Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F0C0000\4FBF8C47.VBN Infected: Virus.Win32.Parite.b 1
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe Infected: not-a-virus:AdWare.Win32.Agent.aeh 1
C:\WINDOWS\bopost32.dll Infected: Trojan-Downloader.Win32.FraudLoad.bdj 1
C:\WINDOWS\system32\pmls.dll Infected: not-a-virus:AdWare.Win32.RK.o 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Quest Calendar.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe
O4 - Startup: Quest Clock.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopc...oad/SOPCORE.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9176 bytes

Attached Thumbnails

#9 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 14 June 2008 - 02:10 AM

C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\sdsetup.exe Infected: Trojan-Downloader.Win32.Delf.ivt 1

That is most likely the source of your problem. Ironic or what?

Go HERE to see if you can work out how to empty the Quarantine of Norton.

Remember to disconnect from the Internet before carrying out the next instruction, and to save the following script before you do.You must
also manually disable your anti-virus and anti-spyware programs. See the link below for instructions on doing this.
http://www.bleepingc...opic114351.html

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

KillAll::
 
File::
C:\WINDOWS\bopost32.dll
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
C:\WINDOWS\system32\pmls.dll 

Folder::
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-4c02bbee
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-26d2726d
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-5ffdd834
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-2ac00660.zip
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-34644458.zip
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-1b39a828.zip
C:\Documents and Settings\Admin\My Documents\My Documents\Snagit\TechSmith SnagIt 8.2.3.zip 
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Post that log back here.

In your next reply post:
ComboFix.txt
MBAM log
New HijackThis log taken after the above scan has run

You too could train to help others- Join the Classroom

#10 thomass

Authentic Member

Authentic Member
39 posts

Posted 14 June 2008 - 02:25 PM

hey..here are the blogs...i use symantec...and in dat...doesnt show spyware.exe infection...weird...i added and scanned again...it shows it as clean...so dayam weird...but i deleted everything....here are the blogs...

ComboFix 08-06-12.2 - Admin 2008-06-14 15:26:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.630 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
C:\WINDOWS\bopost32.dll
C:\WINDOWS\system32\pmls.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-4c02bbee\
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\29\775d249d-26d2726d\
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-5ffdd834\
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-2ac00660.zip\
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-34644458.zip\
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-1b39a828.zip\
C:\Documents and Settings\Admin\My Documents\My Documents\Snagit\TechSmith SnagIt 8.2.3.zip\
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\Read Me!.txt
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\serials.txt
C:\Documents and Settings\Admin\My Documents\Spyware Doctor 5.5.1.322 With AntiVirus (PATCH + NEW SERIALS + FULLY UPDATEABLE)\Spyware.Doctor.v5.5.1.322_patch.exe
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
C:\WINDOWS\bopost32.dll
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\pmls.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 15:12 . 2008-06-14 15:12 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-13 21:48 . 2008-06-13 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-13 13:29 . 2008-06-13 13:31 <DIR> d--h----- C:\All the Files
2008-06-13 12:51 . 2008-06-13 12:51 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-06-12 23:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 23:13 . 2008-06-13 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 15:56 . 2008-06-12 10:49 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-12 10:34 . 2008-06-12 23:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-12 10:34 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-12 10:34 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-12 10:34 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-12 10:34 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-11 17:19 . 2008-06-11 17:19 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-06-11 17:09 . 2008-06-11 17:14 <DIR> d-------- C:\Program Files\Trojan Killer
2008-06-09 11:18 . 2008-06-09 11:18 <DIR> d-------- C:\Program Files\LimeWire
2008-06-09 01:06 . 2008-06-09 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-06-09 01:05 . 2008-06-09 01:05 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-06-09 01:05 . 2008-06-09 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-06-06 10:09 . 2008-06-06 10:21 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-06-02 19:48 . 2008-06-02 19:48 <DIR> d-------- C:\Program Files\IndigoWind
2008-06-02 19:48 . 2008-06-02 19:48 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-06-02 19:47 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-06-02 19:46 . 2008-06-02 19:46 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-02 19:41 . 2008-06-02 19:43 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Portfolio Manager
2008-06-02 19:26 . 2008-06-09 11:53 <DIR> d-------- C:\Program Files\Free Desktop Tools
2008-05-31 10:56 . 2008-05-31 10:56 <DIR> d-------- C:\Program Files\Stress Free Trading
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 10:49 . 2008-05-31 10:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-31 10:49 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-05-31 10:45 . 2008-05-31 10:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-30 19:52 . 2008-05-30 19:52 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-05-30 00:22 . 2008-05-30 00:30 <DIR> d-------- C:\Program Files\PSM
2008-05-30 00:22 . 2008-05-30 00:22 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DTLink Software
2008-05-30 00:22 . 2007-12-14 13:41 430,174 --a------ C:\WINDOWS\sqlite3.dll
2008-05-30 00:22 . 2006-04-27 09:21 413,696 --a------ C:\WINDOWS\QHTM.dll
2008-05-30 00:12 . 2008-05-30 00:14 <DIR> d-------- C:\Program Files\Stock Screener Lite
2008-05-29 22:40 . 2008-06-05 13:30 <DIR> d-------- C:\Program Files\PKR
2008-05-29 22:19 . 2008-05-29 22:25 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 22:18 . 2008-05-29 22:29 <DIR> d-------- C:\Program Files\Windows Live
2008-05-29 22:18 . 2008-05-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-16 23:55 . 2008-05-16 23:55 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 04:02 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-13 04:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 04:02 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-06-13 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 03:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-13 03:27 --------- d-----w C:\Program Files\Java
2008-06-13 02:54 --------- d-----w C:\Program Files\PowerISO
2008-06-12 19:56 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-06-11 21:15 --------- d-----w C:\Program Files\TechSmith
2008-06-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-06-09 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-03 06:25 --------- d-----w C:\Program Files\Winamp
2008-05-31 14:49 --------- d-----w C:\Program Files\MSBuild
2008-05-22 03:39 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-05-15 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-13 10:32 --------- d-----w C:\Program Files\MatroskaProp
2008-05-13 03:36 --------- d-----w C:\Program Files\MSN Messenger
2008-05-13 01:20 --------- d-----w C:\Program Files\AtomixMP3
2008-05-06 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-04 21:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-01 03:03 --------- d-----w C:\Program Files\Netscape
2008-05-01 02:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\Netscape
2007-06-14 00:04 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((( snapshot@2008-06-13_17.04.41.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-13 20:56:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 19:31:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 00:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-05 23:41 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvCplDaemon"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-16 00:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49 77824]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-20 14:59 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 00:00 15360]

C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Startup\
Quest Calendar.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe [2008-02-07 00:06:35 786680]
Quest Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe [2008-02-07 00:06:35 826368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Adobe Gamma.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^palmOne Registration.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Registration Ghost Recon Advanced Warfighter.LNK]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Registration Ghost Recon Advanced Warfighter.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Admin\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-08 16:52 48752 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-05-30 19:02 40960 C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-01 20:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 19:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 19:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]
C:\windows\system32\msnmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-18 04:00 7585792 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-18 04:00 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-18 04:00 1617920 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PININST]
--a------ 2006-09-07 14:35 46 C:\SYSTEM.SAV\UTIL\PININST_CHK.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-06-19 14:33 163840 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 13:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--------- 2006-02-09 12:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 00:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-04-01 01:01 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2005-04-17 13:30 85184 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 10:49]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 16:39]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-13 20:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 01:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 15:31:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-14 15:39:46 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-06-14 19:39:37
ComboFix.txt 2008-06-13 21:05:07

Pre-Run: 60,266,389,504 bytes free
Post-Run: 60,280,365,056 bytes free

306 --- E O F --- 2008-06-14 15:10:05

Malwarebytes' Anti-Malware 1.17
Database version: 856

16:24:14 2008-06-14
mbam-log-6-14-2008 (16-24-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 135343
Time elapsed: 39 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{5fd23a1e-7be2-468e-bbfc-a35447122211} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5fd23a1e-7be2-468e-bbfc-a35447122210} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ie.ieplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7dbf8390-552b-4d55-9f62-00d032032691} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.0.328.0 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

Files Infected:
C:\All the Files\Deckard\System Scanner\20080613102301\backup\DOCUME~1\Admin\LOCALS~1\Temp\A198-tmpavideo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\All the Files\Deckard\System Scanner\20080613102301\backup\DOCUME~1\Admin\LOCALS~1\Temp\GLK23.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\All the Files\Deckard\System Scanner\20080613102301\backup\DOCUME~1\Admin\LOCALS~1\Temp\GLK60E.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\chrlhgdx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\efcDUliH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\All the Files\QooBox\Quarantine\C\WINDOWS\system32\jkkJbxyw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jensevyr.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaxXOf.dll_old.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP379\A0089009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP379\A0089011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP379\A0089048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0090164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP384\A0090292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP384\A0090295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP384\A0090297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27, on 2008-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Quest Calendar.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Calendar\Quest Calendar.exe
O4 - Startup: Quest Clock.lnk = C:\Program Files\Stardock\DesktopGadgets\Quest Clock\Quest Clock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopc...oad/SOPCORE.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9210 bytes

Advertisements

Register to Remove

#11 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 15 June 2008 - 03:12 AM

Hi

Congratulations, you appear to be malware free.

Time for some housekeeping

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

You may wish to keep hold of the Kaspersky Online Scan as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another couple of free programs I recommend.

Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool.

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.

Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here is a good Hosts file:

MVPS Hosts File

A tutorial about Hosts File can be found at Malware Removal.

Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malware...wtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

You too could train to help others- Join the Classroom

#12 thomass

Authentic Member

Authentic Member
39 posts

Posted 15 June 2008 - 09:12 AM

hey scotty..thanks you so much mate...you been great help..god bless.....now just few more general questions i wanted to ask you.....when i download any softwears/programs...i often scan it first then download..but i dont know how come symantec dint collect malware in spy doctor exe...do you know any prog that can do better job than that?...next question is...do i have to keep all the log files? or i can delete them? i am attaching this jpg image...you let knw.....you are awesome...great great help....if in need i wanna talk to you about something...how does that work here on this website?...

Attached Thumbnails

#13 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 15 June 2008 - 09:42 AM

Hi Running the Combofix /u instruction above will remove all Combofix, Qoobox dss.exe and Deckards. You may have to delete the Vundofix folder yourself. All those sqmdata files should be removed too. I dont know why they didnt show up in any of the logs. The crack for SpywareDoctor may not have been infected, but Ive found anti-virus's dont usually alert you to malware until it is installed or if you download a zipped file, when you scan that folder.

You too could train to help others- Join the Classroom

#14 thomass

Authentic Member

Authentic Member
39 posts

Posted 15 June 2008 - 10:29 AM

alright scotty..last question and then you can close this thread....der is a folder called MSOcache...what am i suppose to do witht hat? its 900MB....let me know..thanks..

#15 Scotty

Always Happy

Authentic Member
3,634 posts

Posted 15 June 2008 - 10:41 AM

Hi

MSOcache here
http://www.theelderg...ache_folder.htm

I forgot about this, by the way

Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.

Close any programmes you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment (JRE) (5th one down the list), which is JRE6u6, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file.
There is no need to download the Sun Download manager but it is optional.

You too could train to help others- Join the Classroom

Body Background

skin color theme