Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Extremely slow computer... Fear Malware


  • Please log in to reply

#1
unidentified

unidentified

    Member

  • Member
  • PipPip
  • 18 posts
My computer is running extremely slow and I would really appreciate some help in fixing it. Attached is a combofix log, a hijack this log and a hijack this uninstalllist.txt

Here is the combofix log

ComboFix 07-08-17.2 - "Rochelle" 2007-08-23 23:04:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Rochelle\APPLIC~1\install.dat
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\bot.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\WINDOWS\deskcfg.dat
C:\WINDOWS\system32\3.exe


((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


2007-08-23 23:03 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 22:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-22 00:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-22 00:05 <DIR> d-------- C:\DOCUME~1\Rochelle\APPLIC~1\Comodo
2007-08-22 00:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-08-22 00:01 <DIR> d-------- C:\Program Files\Comodo
2007-08-21 10:13 <DIR> d-------- C:\DOCUME~1\Rochelle\APPLIC~1\iMBCFiles
2007-08-21 01:01 <DIR> d-------- C:\Program Files\mFile
2007-08-21 00:17 249,344 --a------ C:\WINDOWS\system32\CPRemover.exe
2007-08-21 00:16 247,296 --a------ C:\WINDOWS\system32\CCRemover.exe
2007-08-21 00:16 <DIR> d-------- C:\Program Files\directkey
2007-08-21 00:15 <DIR> d-------- C:\Program Files\ADS
2007-08-20 23:56 <DIR> d-------- C:\iMBCFiles
2007-08-20 23:41 46,864 --a------ C:\WINDOWS\MBCUnin.exe
2007-08-20 23:41 45,056 --a------ C:\WINDOWS\mxdel.exe
2007-08-07 09:18 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-08-07 09:18 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-08-07 09:18 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-08-03 09:05 192,582 --a------ C:\WINDOWS\system32\interup.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 00:40 --------- d-------- C:\Program Files\Windows Defender
2007-08-23 00:35 --------- d-------- C:\Program Files\QuickTime
2007-08-23 00:32 --------- d-------- C:\Program Files\MSN Messenger
2007-08-23 00:23 --------- d-------- C:\Program Files\iTunes
2007-08-23 00:14 --------- d-------- C:\Program Files\Apoint
2007-08-21 20:30 --------- d-------- C:\DOCUME~1\Rochelle\APPLIC~1\U3
2007-08-19 17:10 --------- d-------- C:\Program Files\SPSS
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-09 18:56 --------- d-------- C:\Program Files\Occupational Therapy Prep
2007-07-08 17:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-08 17:02 --------- d-------- C:\Program Files\Olympus
2007-06-26 20:24 --------- d-------- C:\DOCUME~1\Rochelle\APPLIC~1\EndNote
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-16 04:01 172146 --a------ C:\WINDOWS\system32\dkeyup.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-09-11 21:56 1531784 --a--c--- C:\Program Files\googletalk-setup.exe
2006-07-02 00:36 16125224 --a--c--- C:\Program Files\Install_Messenger.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CC6BFF-5A5C-4A76-8FC8-DB0787DF1597}]
c:\program files\mbctoolbar\ots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADF24884-C375-ADBC-3548-34DAABCBDEF1}]
2007-06-15 01:00 90112 --a------ C:\PROGRA~1\DIRECT~1\DIRECT~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-26 13:01]
"nwiz"="nwiz.exe" [2004-10-26 13:01 C:\WINDOWS\system32\nwiz.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 12:33]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" []
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 23:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 23:47]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-02 23:35]
"acsk"="C:\WINDOWS\System32\acsk.exe" []
"mcwiz"="C:\WINDOWS\System32\mcwiz.exe" []
"dp32"="C:\WINDOWS\System32\dp32.exe" []
"ksmx"="C:\WINDOWS\System32\ksmx.exe" []
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 12:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-05 19:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 01:48]
"hnapi"="C:\WINDOWS\System32\hnapi.exe" []
"mcut"="C:\WINDOWS\System32\mcut.exe" []
"icman"="C:\WINDOWS\system32\icman.exe" []
"sc32"="C:\WINDOWS\system32\sc32.exe" []
"mc32"="C:\WINDOWS\system32\mc32.exe" []
"hnmsg"="C:\WINDOWS\system32\hnmsg.exe" []
"ntmsg"="C:\WINDOWS\system32\ntmsg.exe" []
"dpset"="C:\WINDOWS\system32\dpset.exe" []
"ntfo"="C:\WINDOWS\system32\ntfo.exe" []
"ksapi"="C:\WINDOWS\system32\ksapi.exe" []
"mcup"="C:\WINDOWS\system32\mcup.exe" []
"scmon"="C:\WINDOWS\system32\scmon.exe" []
"hnmgr"="C:\WINDOWS\system32\hnmgr.exe" []
"wiset"="C:\WINDOWS\system32\wiset.exe" []
"acwiz"="C:\WINDOWS\system32\acwiz.exe" []
"mpset"="C:\WINDOWS\system32\mpset.exe" []
"inup"="C:\WINDOWS\system32\inup.exe" []
"inmx"="C:\WINDOWS\system32\inmx.exe" []
"wmset"="C:\WINDOWS\system32\wmset.exe" []
"ac32"="C:\WINDOWS\system32\ac32.exe" []
"wmut"="C:\WINDOWS\system32\wmut.exe" []
"dpwiz"="C:\WINDOWS\system32\dpwiz.exe" []
"wi32"="C:\WINDOWS\system32\wi32.exe" []
"mpwiz"="C:\WINDOWS\system32\mpwiz.exe" []
"msut"="C:\WINDOWS\system32\msut.exe" []
"icmon"="C:\WINDOWS\system32\icmon.exe" []
"msfo"="C:\WINDOWS\system32\msfo.exe" []
"icut"="C:\WINDOWS\system32\icut.exe" []
"msmgr"="C:\WINDOWS\system32\msmgr.exe" []
"scdes"="C:\WINDOWS\system32\scdes.exe" []
"ntup"="C:\WINDOWS\system32\ntup.exe" []
"ksman"="C:\WINDOWS\system32\ksman.exe" []
"kssk"="C:\WINDOWS\system32\kssk.exe" []
"scwiz"="C:\WINDOWS\system32\scwiz.exe" []
"info"="C:\WINDOWS\system32\info.exe" []
"indes"="C:\WINDOWS\system32\indes.exe" []
"dsset"="C:\WINDOWS\system32\dsset.exe" []
"mpmon"="C:\WINDOWS\system32\mpmon.exe" []
"ksdes"="C:\WINDOWS\system32\ksdes.exe" []
"wmfo"="C:\WINDOWS\system32\wmfo.exe" []
"acmsg"="C:\WINDOWS\system32\acmsg.exe" []
"mcid"="C:\WINDOWS\system32\mcid.exe" []
"mput"="C:\WINDOWS\system32\mput.exe" []
"ntset"="C:\WINDOWS\system32\ntset.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"acmx"="C:\WINDOWS\system32\acmx.exe" []
"mssk"="C:\WINDOWS\system32\mssk.exe" []
"mpman"="C:\WINDOWS\system32\mpman.exe" []
"dssk"="C:\WINDOWS\system32\dssk.exe" []
"wiid"="C:\WINDOWS\system32\wiid.exe" []
"ksmsg"="C:\WINDOWS\system32\ksmsg.exe" []
"wihlp"="C:\WINDOWS\system32\wihlp.exe" []
"hnhlp"="C:\WINDOWS\system32\hnhlp.exe" []
"wmup"="C:\WINDOWS\system32\wmup.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"ic32"="C:\WINDOWS\system32\ic32.exe" []
"wmmon"="C:\WINDOWS\system32\wmmon.exe" []
"msman"="C:\WINDOWS\system32\msman.exe" []
"inset"="C:\WINDOWS\system32\inset.exe" []
"inid"="C:\WINDOWS\system32\inid.exe" []
"nthlp"="C:\WINDOWS\system32\nthlp.exe" []
"icmgr"="C:\WINDOWS\system32\icmgr.exe" []
"ntdes"="C:\WINDOWS\system32\ntdes.exe" []
"ntapi"="C:\WINDOWS\system32\ntapi.exe" []
"dpup"="C:\WINDOWS\system32\dpup.exe" []
"scmgr"="C:\WINDOWS\system32\scmgr.exe" []
"mmtask"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:03]
"dsman"="C:\WINDOWS\system32\dsman.exe" []
"wimon"="C:\WINDOWS\system32\wimon.exe" []
"mcapi"="C:\WINDOWS\system32\mcapi.exe" []
"acapi"="C:\WINDOWS\system32\acapi.exe" []
"wmman"="C:\WINDOWS\system32\wmman.exe" []
"dpfo"="C:\WINDOWS\system32\dpfo.exe" []
"schlp"="C:\WINDOWS\system32\schlp.exe" []
"dsmx"="C:\WINDOWS\system32\dsmx.exe" []
"dpsk"="C:\WINDOWS\system32\dpsk.exe" []
"acup"="C:\WINDOWS\system32\acup.exe" []
"wimgr"="C:\WINDOWS\system32\wimgr.exe" []
"hn32"="C:\WINDOWS\system32\hn32.exe" []
"msmx"="C:\WINDOWS\system32\msmx.exe" []
"mpid"="C:\WINDOWS\system32\mpid.exe" []
"hnmon"="C:\WINDOWS\system32\hnmon.exe" []
"dsmsg"="C:\WINDOWS\system32\dsmsg.exe" []
"dpdes"="C:\WINDOWS\system32\dpdes.exe" []
"sc0"="C:\WINDOWS\system32\sc0.exe" []
"in0"="C:\WINDOWS\system32\in0.exe" []
"wmdes"="C:\WINDOWS\system32\wmdes.exe" []
"nt0"="C:\WINDOWS\system32\nt0.exe" []
"mp0"="C:\WINDOWS\system32\mp0.exe" []
"wifo"="C:\WINDOWS\system32\wifo.exe" []
"ds0"="C:\WINDOWS\system32\ds0.exe" []
"ic0"="C:\WINDOWS\system32\ic0.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"hndes"="C:\WINDOWS\system32\hndes.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"acman"="C:\WINDOWS\system32\acman.exe" []
"ds1"="C:\WINDOWS\system32\ds1.exe" []
"ms0"="C:\WINDOWS\system32\ms0.exe" []
"mpapi"="C:\WINDOWS\system32\mpapi.exe" []
"hnman"="C:\WINDOWS\system32\hnman.exe" []
"ks0"="C:\WINDOWS\system32\ks0.exe" []
"dsmon"="C:\WINDOWS\system32\dsmon.exe" []
"dsut"="C:\WINDOWS\system32\dsut.exe" []
"dp0"="C:\WINDOWS\system32\dp0.exe" []
"wimx"="C:\WINDOWS\system32\wimx.exe" []
"hnset"="C:\WINDOWS\system32\hnset.exe" []
"nt32"="C:\WINDOWS\system32\nt32.exe" []
"wmmgr"="C:\WINDOWS\system32\wmmgr.exe" []
"ac0"="C:\WINDOWS\system32\ac0.exe" []
"dsid"="C:\WINDOWS\system32\dsid.exe" []
"kswiz"="C:\WINDOWS\system32\kswiz.exe" []
"nt1"="C:\WINDOWS\system32\nt1.exe" []
"ks1"="C:\WINDOWS\system32\ks1.exe" []
"dpapi"="C:\WINDOWS\system32\dpapi.exe" []
"mp1"="C:\WINDOWS\system32\mp1.exe" []
"mcmsg"="C:\WINDOWS\system32\mcmsg.exe" []
"ks2"="C:\WINDOWS\system32\ks2.exe" []
"kshlp"="C:\WINDOWS\system32\kshlp.exe" []
"hnid"="C:\WINDOWS\system32\hnid.exe" []
"sc1"="C:\WINDOWS\system32\sc1.exe" []
"hn0"="C:\WINDOWS\system32\hn0.exe" []
"icfo"="C:\WINDOWS\system32\icfo.exe" []
"ntut"="C:\WINDOWS\system32\ntut.exe" []
"wi0"="C:\WINDOWS\system32\wi0.exe" []
"ds2"="C:\WINDOWS\system32\ds2.exe" []
"ichlp"="C:\WINDOWS\system32\ichlp.exe" []
"mcset"="C:\WINDOWS\system32\mcset.exe" []
"mpup"="C:\WINDOWS\system32\mpup.exe" []
"icmsg"="C:\WINDOWS\system32\icmsg.exe" []
"icset"="C:\WINDOWS\system32\icset.exe" []
"ADSweeper"="C:\Program Files\ADS\ADS.exe" []
"interup"="C:\WINDOWS\system32\interup.exe" [2007-08-03 09:05]
"directkey"="C:\WINDOWS\system32\dkeyup.exe" [2007-06-16 04:01]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-22 00:01]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:34]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-19 18:11]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 17:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2006reg]
C:\Documents and Settings\All Users\Documents\Settings\2006.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\20242402reg]
C:\Documents and Settings\All Users\Documents\Settings\20242402.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hndes]
C:\WINDOWS\System32\hndes.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-22 23:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= wmsd4453AF84.dll dnsr4453AF84.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Soft Stop]
C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
S3 DCamUSB20;Hi-Speed USB DVD Creator;C:\WINDOWS\system32\Drivers\CsMini20.sys
S3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
S3 Usb20Scan;BELKIN Still Image;C:\WINDOWS\system32\Drivers\cresscan.sys
S4 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86a4d830-92bd-11db-8eec-000e359501b9}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b827eba0-439d-11db-8e44-000e359501b9}]
AutoRun\command- D:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{734de6b1-c4fe-4afa-ba9f-8b7ba4f32be0}]
C:\WINDOWS\system32\dpfo.exe

Contents of the 'Scheduled Tasks' folder
2007-05-07 12:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-24 04:15:01 C:\WINDOWS\Tasks\McAfee.com Update Check (UWM-T9CRNBO08R3-Rochelle).job - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
2007-08-24 04:15:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 23:12:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-23 23:19:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 23:19

--- E O F ---


Here is the hijackthis uninstall list


Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
AIM 6.0
ALPS Touch Pad Driver
Apple Software Update
AVG Anti-Spyware 7.5
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
COMODO Firewall Pro
Conexant D480 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
DivX Media Codec 4.2.1
EndNote X.0.2
Google Earth
Google Talk (remove only)
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Intel® PROSet/Wireless Software
InterActual Player
ISI ResearchSoft - Export Helper
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Java™ SE Runtime Environment 6 Update 1
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser and SDK
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.3)
Mozilla Firefox (2.0.0.4)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
Nero - Burning Rom
NVIDIA Drivers
Occupational Therapy Prep
OCR Software by I.R.I.S 7.0
OLYMPUS DSS Player-Lite
Panda ActiveScan
PowerDVD
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sentinel System Driver 5.41.1 (32-bit)
Skype 2.0
SPSS 12.0 for Windows
SPSS License Manager
Spybot - Search & Destroy 1.4
Ulead VideoStudio 6 SE DVD
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB 2.0 Image
Viewpoint Media Player
Windows Defender
Windows Defender Signatures
Windows Directkey Object
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! extras
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Toolbar


Here is the new hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 11:37:27 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\spss_lmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: OTSI Class - {85CC6BFF-5A5C-4A76-8FC8-DB0787DF1597} - c:\program files\mbctoolbar\ots.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: directkey - {ADF24884-C375-ADBC-3548-34DAABCBDEF1} - C:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {E74BC74F-F470-4AD7-9FB4-1A4170A06082} - (no file)
O3 - Toolbar: directkey - {ADF24884-C375-ADBC-3548-34DAABCBDEF1} - C:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [acsk] C:\WINDOWS\System32\acsk.exe
O4 - HKLM\..\Run: [mcwiz] C:\WINDOWS\System32\mcwiz.exe
O4 - HKLM\..\Run: [dp32] C:\WINDOWS\System32\dp32.exe
O4 - HKLM\..\Run: [ksmx] C:\WINDOWS\System32\ksmx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [hnapi] C:\WINDOWS\System32\hnapi.exe
O4 - HKLM\..\Run: [mcut] C:\WINDOWS\System32\mcut.exe
O4 - HKLM\..\Run: [icman] C:\WINDOWS\system32\icman.exe
O4 - HKLM\..\Run: [sc32] C:\WINDOWS\system32\sc32.exe
O4 - HKLM\..\Run: [mc32] C:\WINDOWS\system32\mc32.exe
O4 - HKLM\..\Run: [hnmsg] C:\WINDOWS\system32\hnmsg.exe
O4 - HKLM\..\Run: [ntmsg] C:\WINDOWS\system32\ntmsg.exe
O4 - HKLM\..\Run: [dpset] C:\WINDOWS\system32\dpset.exe
O4 - HKLM\..\Run: [ntfo] C:\WINDOWS\system32\ntfo.exe
O4 - HKLM\..\Run: [ksapi] C:\WINDOWS\system32\ksapi.exe
O4 - HKLM\..\Run: [mcup] C:\WINDOWS\system32\mcup.exe
O4 - HKLM\..\Run: [scmon] C:\WINDOWS\system32\scmon.exe
O4 - HKLM\..\Run: [hnmgr] C:\WINDOWS\system32\hnmgr.exe
O4 - HKLM\..\Run: [wiset] C:\WINDOWS\system32\wiset.exe
O4 - HKLM\..\Run: [acwiz] C:\WINDOWS\system32\acwiz.exe
O4 - HKLM\..\Run: [mpset] C:\WINDOWS\system32\mpset.exe
O4 - HKLM\..\Run: [inup] C:\WINDOWS\system32\inup.exe
O4 - HKLM\..\Run: [inmx] C:\WINDOWS\system32\inmx.exe
O4 - HKLM\..\Run: [wmset] C:\WINDOWS\system32\wmset.exe
O4 - HKLM\..\Run: [ac32] C:\WINDOWS\system32\ac32.exe
O4 - HKLM\..\Run: [wmut] C:\WINDOWS\system32\wmut.exe
O4 - HKLM\..\Run: [dpwiz] C:\WINDOWS\system32\dpwiz.exe
O4 - HKLM\..\Run: [wi32] C:\WINDOWS\system32\wi32.exe
O4 - HKLM\..\Run: [mpwiz] C:\WINDOWS\system32\mpwiz.exe
O4 - HKLM\..\Run: [msut] C:\WINDOWS\system32\msut.exe
O4 - HKLM\..\Run: [icmon] C:\WINDOWS\system32\icmon.exe
O4 - HKLM\..\Run: [msfo] C:\WINDOWS\system32\msfo.exe
O4 - HKLM\..\Run: [icut] C:\WINDOWS\system32\icut.exe
O4 - HKLM\..\Run: [msmgr] C:\WINDOWS\system32\msmgr.exe
O4 - HKLM\..\Run: [scdes] C:\WINDOWS\system32\scdes.exe
O4 - HKLM\..\Run: [ntup] C:\WINDOWS\system32\ntup.exe
O4 - HKLM\..\Run: [ksman] C:\WINDOWS\system32\ksman.exe
O4 - HKLM\..\Run: [kssk] C:\WINDOWS\system32\kssk.exe
O4 - HKLM\..\Run: [scwiz] C:\WINDOWS\system32\scwiz.exe
O4 - HKLM\..\Run: [info] C:\WINDOWS\system32\info.exe
O4 - HKLM\..\Run: [indes] C:\WINDOWS\system32\indes.exe
O4 - HKLM\..\Run: [dsset] C:\WINDOWS\system32\dsset.exe
O4 - HKLM\..\Run: [mpmon] C:\WINDOWS\system32\mpmon.exe
O4 - HKLM\..\Run: [ksdes] C:\WINDOWS\system32\ksdes.exe
O4 - HKLM\..\Run: [wmfo] C:\WINDOWS\system32\wmfo.exe
O4 - HKLM\..\Run: [acmsg] C:\WINDOWS\system32\acmsg.exe
O4 - HKLM\..\Run: [mcid] C:\WINDOWS\system32\mcid.exe
O4 - HKLM\..\Run: [mput] C:\WINDOWS\system32\mput.exe
O4 - HKLM\..\Run: [ntset] C:\WINDOWS\system32\ntset.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [acmx] C:\WINDOWS\system32\acmx.exe
O4 - HKLM\..\Run: [mssk] C:\WINDOWS\system32\mssk.exe
O4 - HKLM\..\Run: [mpman] C:\WINDOWS\system32\mpman.exe
O4 - HKLM\..\Run: [dssk] C:\WINDOWS\system32\dssk.exe
O4 - HKLM\..\Run: [wiid] C:\WINDOWS\system32\wiid.exe
O4 - HKLM\..\Run: [ksmsg] C:\WINDOWS\system32\ksmsg.exe
O4 - HKLM\..\Run: [wihlp] C:\WINDOWS\system32\wihlp.exe
O4 - HKLM\..\Run: [hnhlp] C:\WINDOWS\system32\hnhlp.exe
O4 - HKLM\..\Run: [wmup] C:\WINDOWS\system32\wmup.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ic32] C:\WINDOWS\system32\ic32.exe
O4 - HKLM\..\Run: [wmmon] C:\WINDOWS\system32\wmmon.exe
O4 - HKLM\..\Run: [msman] C:\WINDOWS\system32\msman.exe
O4 - HKLM\..\Run: [inset] C:\WINDOWS\system32\inset.exe
O4 - HKLM\..\Run: [inid] C:\WINDOWS\system32\inid.exe
O4 - HKLM\..\Run: [nthlp] C:\WINDOWS\system32\nthlp.exe
O4 - HKLM\..\Run: [icmgr] C:\WINDOWS\system32\icmgr.exe
O4 - HKLM\..\Run: [ntdes] C:\WINDOWS\system32\ntdes.exe
O4 - HKLM\..\Run: [ntapi] C:\WINDOWS\system32\ntapi.exe
O4 - HKLM\..\Run: [dpup] C:\WINDOWS\system32\dpup.exe
O4 - HKLM\..\Run: [scmgr] C:\WINDOWS\system32\scmgr.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dsman] C:\WINDOWS\system32\dsman.exe
O4 - HKLM\..\Run: [wimon] C:\WINDOWS\system32\wimon.exe
O4 - HKLM\..\Run: [mcapi] C:\WINDOWS\system32\mcapi.exe
O4 - HKLM\..\Run: [acapi] C:\WINDOWS\system32\acapi.exe
O4 - HKLM\..\Run: [wmman] C:\WINDOWS\system32\wmman.exe
O4 - HKLM\..\Run: [dpfo] C:\WINDOWS\system32\dpfo.exe
O4 - HKLM\..\Run: [schlp] C:\WINDOWS\system32\schlp.exe
O4 - HKLM\..\Run: [dsmx] C:\WINDOWS\system32\dsmx.exe
O4 - HKLM\..\Run: [dpsk] C:\WINDOWS\system32\dpsk.exe
O4 - HKLM\..\Run: [acup] C:\WINDOWS\system32\acup.exe
O4 - HKLM\..\Run: [wimgr] C:\WINDOWS\system32\wimgr.exe
O4 - HKLM\..\Run: [hn32] C:\WINDOWS\system32\hn32.exe
O4 - HKLM\..\Run: [msmx] C:\WINDOWS\system32\msmx.exe
O4 - HKLM\..\Run: [mpid] C:\WINDOWS\system32\mpid.exe
O4 - HKLM\..\Run: [hnmon] C:\WINDOWS\system32\hnmon.exe
O4 - HKLM\..\Run: [dsmsg] C:\WINDOWS\system32\dsmsg.exe
O4 - HKLM\..\Run: [dpdes] C:\WINDOWS\system32\dpdes.exe
O4 - HKLM\..\Run: [sc0] C:\WINDOWS\system32\sc0.exe
O4 - HKLM\..\Run: [in0] C:\WINDOWS\system32\in0.exe
O4 - HKLM\..\Run: [wmdes] C:\WINDOWS\system32\wmdes.exe
O4 - HKLM\..\Run: [nt0] C:\WINDOWS\system32\nt0.exe
O4 - HKLM\..\Run: [mp0] C:\WINDOWS\system32\mp0.exe
O4 - HKLM\..\Run: [wifo] C:\WINDOWS\system32\wifo.exe
O4 - HKLM\..\Run: [ds0] C:\WINDOWS\system32\ds0.exe
O4 - HKLM\..\Run: [ic0] C:\WINDOWS\system32\ic0.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hndes] C:\WINDOWS\system32\hndes.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acman] C:\WINDOWS\system32\acman.exe
O4 - HKLM\..\Run: [ds1] C:\WINDOWS\system32\ds1.exe
O4 - HKLM\..\Run: [ms0] C:\WINDOWS\system32\ms0.exe
O4 - HKLM\..\Run: [mpapi] C:\WINDOWS\system32\mpapi.exe
O4 - HKLM\..\Run: [hnman] C:\WINDOWS\system32\hnman.exe
O4 - HKLM\..\Run: [ks0] C:\WINDOWS\system32\ks0.exe
O4 - HKLM\..\Run: [dsmon] C:\WINDOWS\system32\dsmon.exe
O4 - HKLM\..\Run: [dsut] C:\WINDOWS\system32\dsut.exe
O4 - HKLM\..\Run: [dp0] C:\WINDOWS\system32\dp0.exe
O4 - HKLM\..\Run: [wimx] C:\WINDOWS\system32\wimx.exe
O4 - HKLM\..\Run: [hnset] C:\WINDOWS\system32\hnset.exe
O4 - HKLM\..\Run: [nt32] C:\WINDOWS\system32\nt32.exe
O4 - HKLM\..\Run: [wmmgr] C:\WINDOWS\system32\wmmgr.exe
O4 - HKLM\..\Run: [ac0] C:\WINDOWS\system32\ac0.exe
O4 - HKLM\..\Run: [dsid] C:\WINDOWS\system32\dsid.exe
O4 - HKLM\..\Run: [kswiz] C:\WINDOWS\system32\kswiz.exe
O4 - HKLM\..\Run: [nt1] C:\WINDOWS\system32\nt1.exe
O4 - HKLM\..\Run: [ks1] C:\WINDOWS\system32\ks1.exe
O4 - HKLM\..\Run: [dpapi] C:\WINDOWS\system32\dpapi.exe
O4 - HKLM\..\Run: [mp1] C:\WINDOWS\system32\mp1.exe
O4 - HKLM\..\Run: [mcmsg] C:\WINDOWS\system32\mcmsg.exe
O4 - HKLM\..\Run: [ks2] C:\WINDOWS\system32\ks2.exe
O4 - HKLM\..\Run: [kshlp] C:\WINDOWS\system32\kshlp.exe
O4 - HKLM\..\Run: [hnid] C:\WINDOWS\system32\hnid.exe
O4 - HKLM\..\Run: [sc1] C:\WINDOWS\system32\sc1.exe
O4 - HKLM\..\Run: [hn0] C:\WINDOWS\system32\hn0.exe
O4 - HKLM\..\Run: [icfo] C:\WINDOWS\system32\icfo.exe
O4 - HKLM\..\Run: [ntut] C:\WINDOWS\system32\ntut.exe
O4 - HKLM\..\Run: [wi0] C:\WINDOWS\system32\wi0.exe
O4 - HKLM\..\Run: [ds2] C:\WINDOWS\system32\ds2.exe
O4 - HKLM\..\Run: [ichlp] C:\WINDOWS\system32\ichlp.exe
O4 - HKLM\..\Run: [mcset] C:\WINDOWS\system32\mcset.exe
O4 - HKLM\..\Run: [mpup] C:\WINDOWS\system32\mpup.exe
O4 - HKLM\..\Run: [icmsg] C:\WINDOWS\system32\icmsg.exe
O4 - HKLM\..\Run: [icset] C:\WINDOWS\system32\icset.exe
O4 - HKLM\..\Run: [ADSweeper] C:\Program Files\ADS\ADS.exe Icon
O4 - HKLM\..\Run: [interup] C:\WINDOWS\system32\interup.exe
O4 - HKLM\..\Run: [directkey] C:\WINDOWS\system32\dkeyup.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - C:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra 'Tools' menuitem: directkey - {3548DCFA-FE35-435D-34DA-B175FAEF1685} - C:\PROGRA~1\DIRECT~1\DIRECT~1.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A467323-350A-4D6B-B196-AEC59FB36845} (ADSweeperX Control) - http://program1.ad-s...m/adsweeper.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} (IMBCControl Control) - http://touch.imbc.co...lineService.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151728442362
O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc..../MBCToolBar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} (IMBCDownload Control) - http://touch.imbc.co...MBCDownload.ocx
O16 - DPF: {E7D2B321-435E-4037-BCCB-6694459B1DBE} (Mfile File Share Control7) - http://www.mfile.co....WebControl2.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...682/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wmsd4453AF84.dll dnsr4453AF84.dll
O20 - Winlogon Notify: 2006reg - C:\Documents and Settings\All Users\Documents\Settings\2006.dll (file missing)
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All Users\Documents\Settings\20242402.dll (file missing)
O20 - Winlogon Notify: hndes - C:\WINDOWS\System32\hndes.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spss License Manager (SpssLM) - Unknown owner - C:\WINDOWS\system32\spss_lmd.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP