Yeah this is a different computer.
Heres the logs:
Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:56 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ihl.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rhrc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {018DB482-7B62-5DE0-1486-552755FCBF9C} - C:\WINDOWS\system32\ynpbwq.dll (file missing)
O2 - BHO: (no name) - {08DDB645-7DF4-587A-D7BA-56A70D5DE299} - C:\WINDOWS\system32\nakfe.dll (file missing)
O2 - BHO: (no name) - {09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99} - C:\WINDOWS\System32\adfre.dll (file missing)
O2 - BHO: (no name) - {0BBD75E8-B658-C389-2C25-CFCE6BBEEACB} - C:\WINDOWS\System32\vsdq.dll (file missing)
O2 - BHO: (no name) - {0DDBB783-7C33-04B6-1486-552755FCBFCD} - C:\WINDOWS\system32\sdgkurr.dll (file missing)
O2 - BHO: (no name) - {1060F535-32D3-4257-A7DD-1043B364F699} - C:\WINDOWS\system32\ngw.dll (file missing)
O2 - BHO: (no name) - {17E7AD32-63D1-4C01-A33D-1EE338EFADCF} - C:\WINDOWS\system32\wqsyo.dll (file missing)
O2 - BHO: (no name) - {30A3A947-38F8-1D7E-88AF-1763716FD599} - C:\WINDOWS\system32\noxy.dll (file missing)
O2 - BHO: (no name) - {30DC7C60-BD85-9459-A03D-9E2B55CF8AC9} - C:\WINDOWS\system32\gpme.dll (file missing)
O2 - BHO: (no name) - {32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF} - C:\WINDOWS\system32\gfafnr.dll (file missing)
O2 - BHO: (no name) - {336D1D8A-D76B-A2EE-1A66-FB8DBE22829E} - C:\WINDOWS\system32\ujxym.dll (file missing)
O2 - BHO: (no name) - {389E0C71-96C0-E017-E449-B919160F839C} - C:\WINDOWS\System32\zytszbn.dll (file missing)
O2 - BHO: (no name) - {391a72a1-108d-435a-875e-5b9048e11657} - C:\WINDOWS\system32\bxdo.dll
O2 - BHO: (no name) - {3DEBBBE3-700F-03D0-7710-0CB26D6A84C5} - C:\WINDOWS\system32\wvbu.dll (file missing)
O2 - BHO: (no name) - {3EB9BEE2-2100-0582-7710-0CB26D6A84C5} - C:\WINDOWS\system32\iyvaeiv.dll (file missing)
O2 - BHO: (no name) - {40B2AF36-60D1-4607-A33D-1EE338EEFBCE} - C:\WINDOWS\system32\tfqrmno.dll (file missing)
O2 - BHO: (no name) - {440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4} - C:\WINDOWS\System32\hhjfepx.dll (file missing)
O2 - BHO: (no name) - {489719DA-856D-A5B7-1906-AD58137FF29A} - C:\WINDOWS\system32\jtoa.dll (file missing)
O2 - BHO: (no name) - {4C966D50-F2E1-8536-CC1B-DCEF490AA09B} - C:\WINDOWS\System32\bdechfv.dll (file missing)
O2 - BHO: (no name) - {5343B90C-71EF-5533-C33B-5E0796A0BBC0} - C:\WINDOWS\system32\vdsuj.dll (file missing)
O2 - BHO: (no name) - {58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1} - C:\WINDOWS\system32\vxvkhbe.dll (file missing)
O2 - BHO: (no name) - {5D5D9065-56D0-7A07-A19D-74D58A72B1CA} - C:\WINDOWS\system32\nnly.dll (file missing)
O2 - BHO: (no name) - {653910DB-D364-F5BF-1A66-FB8DBE2283C4} - C:\WINDOWS\system32\wuyhazj.dll (file missing)
O2 - BHO: (no name) - {666F1C8E-803E-F1EC-1A66-FB8DBE228399} - C:\WINDOWS\system32\klgiusg.dll (file missing)
O2 - BHO: (no name) - {6CC36C15-A2F6-D17C-852F-DF7F101886CA} - C:\WINDOWS\System32\tsip.dll (file missing)
O2 - BHO: (no name) - {80C0F530-3ED1-1E00-F288-151346DB6E90} - C:\WINDOWS\system32\brad.dll (file missing)
O2 - BHO: (no name) - {82AFC98F-026D-21E6-1C26-2FF078C96E97} - C:\WINDOWS\system32\vceiu.dll (file missing)
O2 - BHO: (no name) - {8497A663-69DB-4F02-F288-151346DA3AC3} - C:\WINDOWS\system32\winyi.dll (file missing)
O2 - BHO: (no name) - {87FA9A8F-5739-2FE5-1C26-2FF078C96DC1} - C:\WINDOWS\system32\opestyqx.dll (file missing)
O2 - BHO: (no name) - {91CA3F3F-A089-D55A-FC48-89EA19EB2498} - C:\WINDOWS\system32\poch.dll (file missing)
O2 - BHO: (no name) - {999124F8-BF4A-C1CA-3CF4-927B408879C2} - C:\WINDOWS\System32\ocl.dll (file missing)
O2 - BHO: (no name) - {9C137440-BEAB-C922-D17A-CA3EC4247397} - C:\WINDOWS\System32\szkzx.dll (file missing)
O2 - BHO: (no name) - {A37C6440-A5A4-8E76-D09A-D40FA7931991} - C:\WINDOWS\System32\jdm.dll (file missing)
O2 - BHO: (no name) - {ABE26C86-A969-8EEE-1C86-855A623E47CB} - C:\WINDOWS\System32\thu.dll (file missing)
O2 - BHO: (no name) - {B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8} - C:\WINDOWS\system32\rkk.dll (file missing)
O2 - BHO: (no name) - {C3108EB2-430A-35D3-2265-6B7490D479C2} - C:\WINDOWS\system32\busbpxlh.dll (file missing)
O2 - BHO: (no name) - {CD49B6DC-7863-5EBE-1D86-05E2997773C4} - C:\WINDOWS\system32\yebaxa.dll (file missing)
O2 - BHO: (no name) - {DD0537FD-FE1A-82C1-3254-D83F847637C0} - C:\WINDOWS\System32\scmird.dll (file missing)
O2 - BHO: (no name) - {E012E019-7CF8-5078-D9DA-5017C68508C4} - C:\WINDOWS\system32\tizw.dll (file missing)
O2 - BHO: (no name) - {E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA} - C:\WINDOWS\system32\hci.dll (file missing)
O2 - BHO: (no name) - {E7656B20-A0C5-D146-B51C-8C7AE0E30E90} - C:\WINDOWS\system32\rzooxpfq.dll (file missing)
O2 - BHO: (no name) - {E76E7917-B4AC-9420-F1A9-B0DECBB709C8} - C:\WINDOWS\system32\orfvjgb.dll (file missing)
O2 - BHO: (no name) - {E8DECCAB-5B49-23CE-6B91-24800F3E04C3} - C:\WINDOWS\system32\ctome.dll (file missing)
O2 - BHO: (no name) - {EB72754B-BAFE-9F7F-89AF-97ABAC74509B} - C:\WINDOWS\system32\qbaism.dll
O2 - BHO: (no name) - {F949E9D2-7C63-59B0-13A6-07F2C80413C5} - C:\WINDOWS\system32\irvsfo.dll (file missing)
O2 - BHO: (no name) - {FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2} - C:\WINDOWS\system32\cqxybnhp.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Yunguyo.exe] C:\WINDOWS\System32\Yunguyo.exe
O4 - HKLM\..\Run: [test3] C:\WINDOWS\System32\test3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ihl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search -
http://edits.mywebse...html?p=ZNfox000O8 - Extra context menu item: &플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://download.ewid...oOnlineScan.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1127436662072O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1127436645478O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -
http://gamedownload....GPlugin9USA.cabO20 - AppInit_DLLs: c:\windows\system32\winlogon.dll ping.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O24 - Desktop Component 0: (no name) -
http://us.i1.yimg.co...lue/shd_r_1.gifO24 - Desktop Component 1: (no name) -
http://perso.wanadoo...a_Naruto_43.jpg--
End of file - 11204 bytes
Combofix Log:ComboFix 07-11-19.4C - Administrator 2007-11-28 16:44:38.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.57 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Application Data\ECURIT~1
C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Administrator\Application Data\WNSXS~1
C:\Documents and Settings\Administrator\Application Data\YSTEM~1
C:\Documents and Settings\Administrator\My Documents\WNSXS~1
C:\Documents and Settings\NetworkService\Application Data\ASEMBL~1
C:\Documents and Settings\NetworkService\Application Data\ECURIT~1
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\NetworkService\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\cmapp
C:\Program Files\cmapp\Client\hf.txt
C:\Program Files\cmapp\Client\rf.txt
C:\Program Files\cmapp\Client\sf.txt
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1\M?crosoft\
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\maxifiles
C:\Program Files\maxifiles\affid.dat
C:\Program Files\mcroso~1
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\altpayments_terms.txt
C:\Program Files\mediapipe\api.exe
C:\Program Files\mediapipe\insdl.dll
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\Program Files\mediapipe\register.dll
C:\Program Files\winupdates
C:\Program Files\ymbols~1
C:\Program Files\ystem~1
C:\WINDOWS\libbz2.dll
C:\WINDOWS\mcroso~1
C:\WINDOWS\rk.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\mswinstall.exe
C:\WINDOWS\system32\Cache\runsearch.exe
C:\WINDOWS\system32\Cache\wrapperouter.exe
C:\WINDOWS\system32\cemetrix.dll
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\knpmbxa.dll
C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymbols~1\smss.exe
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem~1\сsrss.exe
C:\WINDOWS\ystem3~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Windows Overlay Components
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-25 09:55 82,432 -r-hs---- C:\WINDOWS\system32\rhrc.exe
2007-11-23 15:59 12,800 --a------ C:\WINDOWS\system32\bxdo.dll
2007-11-19 16:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-19 16:58 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-19 16:58 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-19 16:58 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-19 16:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-08 13:03 <DIR> d--hs---- C:\FOUND.005
2007-11-02 14:35 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-10-31 17:46 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 01:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\U3
2007-10-18 04:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2007-10-18 03:20 --------- d-----w C:\Program Files\MySpace
2007-10-18 03:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MySpace
2007-10-16 04:46 --------- d-----w C:\Program Files\FlashGet
2007-10-02 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-02 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2006-07-17 17:52 117,546 ---ha-w C:\Documents and Settings\Administrator\Application Data\ptads.bin
2005-09-16 02:48 27,718 ----a-w C:\Program Files\Movieland Terms.html
2004-06-23 21:55 20,480 ----a-w C:\Program Files\ProcManager.exe
2003-09-09 16:34 143,448 ----a-w C:\Program Files\Common Files\sprxi.exe
1998-12-09 03:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 03:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
2004-02-02 20:11 32 --sha-w C:\WINDOWS\{897DDF1F-0993-4B49-91CE-730C9B837BB0}.dat
2007-08-14 15:16 230,400 --sh--r C:\WINDOWS\system32\wοwexec.exe
2004-02-02 20:11 32 --sha-w C:\WINDOWS\system32\{681CB933-5711-4252-87EE-490FB5769286}.dat
2006-02-25 04:33 71,168 --sh--r C:\WINDOWS\system32\config\systemprofile\My Documents\ΑрpPatch\ati2evxx.exe
2007-08-14 16:46 70,144 --sh--r C:\WINDOWS\system32\АрpPatch\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{018DB482-7B62-5DE0-1486-552755FCBF9C}]
C:\WINDOWS\system32\ynpbwq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08DDB645-7DF4-587A-D7BA-56A70D5DE299}]
C:\WINDOWS\system32\nakfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09BB20EC-B258-C3DF-2C25-CFCE6BBFBB99}]
C:\WINDOWS\System32\adfre.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BBD75E8-B658-C389-2C25-CFCE6BBEEACB}]
C:\WINDOWS\System32\vsdq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DDBB783-7C33-04B6-1486-552755FCBFCD}]
C:\WINDOWS\system32\sdgkurr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1060F535-32D3-4257-A7DD-1043B364F699}]
C:\WINDOWS\system32\ngw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17E7AD32-63D1-4C01-A33D-1EE338EFADCF}]
C:\WINDOWS\system32\wqsyo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30A3A947-38F8-1D7E-88AF-1763716FD599}]
C:\WINDOWS\system32\noxy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30DC7C60-BD85-9459-A03D-9E2B55CF8AC9}]
C:\WINDOWS\system32\gpme.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32DB1653-D2E1-F36A-C55B-F8CD5A6D82CF}]
C:\WINDOWS\system32\gfafnr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D1D8A-D76B-A2EE-1A66-FB8DBE22829E}]
C:\WINDOWS\system32\ujxym.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389E0C71-96C0-E017-E449-B919160F839C}]
C:\WINDOWS\System32\zytszbn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391a72a1-108d-435a-875e-5b9048e11657}]
2007-11-28 16:50 12800 --a------ C:\WINDOWS\system32\bxdo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DEBBBE3-700F-03D0-7710-0CB26D6A84C5}]
C:\WINDOWS\system32\wvbu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EB9BEE2-2100-0582-7710-0CB26D6A84C5}]
C:\WINDOWS\system32\iyvaeiv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40B2AF36-60D1-4607-A33D-1EE338EEFBCE}]
C:\WINDOWS\system32\tfqrmno.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440F325C-FBE5-8A6A-C1DB-808ADFA5F3C4}]
C:\WINDOWS\System32\hhjfepx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489719DA-856D-A5B7-1906-AD58137FF29A}]
C:\WINDOWS\system32\jtoa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C966D50-F2E1-8536-CC1B-DCEF490AA09B}]
C:\WINDOWS\System32\bdechfv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5343B90C-71EF-5533-C33B-5E0796A0BBC0}]
C:\WINDOWS\system32\vdsuj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58AD42F9-DA4D-F39A-6FF1-F2AD7C7FB7C1}]
C:\WINDOWS\system32\vxvkhbe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D5D9065-56D0-7A07-A19D-74D58A72B1CA}]
C:\WINDOWS\system32\nnly.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{653910DB-D364-F5BF-1A66-FB8DBE2283C4}]
C:\WINDOWS\system32\wuyhazj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{666F1C8E-803E-F1EC-1A66-FB8DBE228399}]
C:\WINDOWS\system32\klgiusg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CC36C15-A2F6-D17C-852F-DF7F101886CA}]
C:\WINDOWS\System32\tsip.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80C0F530-3ED1-1E00-F288-151346DB6E90}]
C:\WINDOWS\system32\brad.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82AFC98F-026D-21E6-1C26-2FF078C96E97}]
C:\WINDOWS\system32\vceiu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8497A663-69DB-4F02-F288-151346DA3AC3}]
C:\WINDOWS\system32\winyi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87FA9A8F-5739-2FE5-1C26-2FF078C96DC1}]
C:\WINDOWS\system32\opestyqx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91CA3F3F-A089-D55A-FC48-89EA19EB2498}]
C:\WINDOWS\system32\poch.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{999124F8-BF4A-C1CA-3CF4-927B408879C2}]
C:\WINDOWS\System32\ocl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C137440-BEAB-C922-D17A-CA3EC4247397}]
C:\WINDOWS\System32\szkzx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A37C6440-A5A4-8E76-D09A-D40FA7931991}]
C:\WINDOWS\System32\jdm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABE26C86-A969-8EEE-1C86-855A623E47CB}]
C:\WINDOWS\System32\thu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0697F1A-E8FE-C72B-F1A9-B0DECBB70EC8}]
C:\WINDOWS\system32\rkk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3108EB2-430A-35D3-2265-6B7490D479C2}]
C:\WINDOWS\system32\busbpxlh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD49B6DC-7863-5EBE-1D86-05E2997773C4}]
C:\WINDOWS\system32\yebaxa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD0537FD-FE1A-82C1-3254-D83F847637C0}]
C:\WINDOWS\System32\scmird.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E012E019-7CF8-5078-D9DA-5017C68508C4}]
C:\WINDOWS\system32\tizw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E53E7D1E-B9AA-C121-F1A9-B0DECBB70FCA}]
C:\WINDOWS\system32\hci.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7656B20-A0C5-D146-B51C-8C7AE0E30E90}]
C:\WINDOWS\system32\rzooxpfq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E76E7917-B4AC-9420-F1A9-B0DECBB709C8}]
C:\WINDOWS\system32\orfvjgb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DECCAB-5B49-23CE-6B91-24800F3E04C3}]
C:\WINDOWS\system32\ctome.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB72754B-BAFE-9F7F-89AF-97ABAC74509B}]
2007-08-14 07:15 60928 --a------ C:\WINDOWS\system32\qbaism.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F949E9D2-7C63-59B0-13A6-07F2C80413C5}]
C:\WINDOWS\system32\irvsfo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA7A3C08-A2BE-8268-CB3B-8EBAAD3447C2}]
C:\WINDOWS\system32\cqxybnhp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2004-10-29 14:50 C:\WINDOWS\system32\nwiz.exe]
"Yunguyo.exe"="C:\WINDOWS\System32\Yunguyo.exe" [2005-10-08 03:28]
"test3"="C:\WINDOWS\System32\test3.exe" [2005-10-17 14:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-26 20:02]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 00:56]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 00:56]
"Jol"="C:\WINDOWS\System32\wοwexec.exe" [2007-08-14 07:16]
"Eruo"="C:\WINDOWS\System32\АРPP~1\winlogon.exe" [2007-08-14 08:46]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
ihl.exe [2006-09-26 16:46:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\winlogon.dll ping.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AdDestroyer.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AdDestroyer.lnk
backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^4Google2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\4Google2.lnk
backup=C:\WINDOWS\pss\4Google2.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-11-01 14:13 684032 --a------ C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
2002-08-26 22:35 79480 --a------ C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltPayments]
C:\Program Files\AltPayments\AltPayments.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUNPS2]
RUNDLL32 AUNPS2.DLL,_Run@16
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2003-12-02 16:11 54296 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
2003-12-02 16:11 58392 --a------ C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr52]
RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMAPP]
C:\Program Files\CMAPP\Client\cmappclient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMSystem]
C:\Program Files\CMSystem\CMSystem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]
C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Reminder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50]
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --a------ C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eruo]
C:\Program Files\ebre\rhrc.exe -vt rbnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
C:\PROGRA~1\Web Offer\wo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 17:28 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2001-08-23 05:00 44032 --a------ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-06-14 16:24 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KillAndClean]
C:\Program Files\KillAndClean\KillAndClean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway.exe]
C:\WINDOWS\System32\MediaGateway.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]
C:\Program Files\p2pnetworks\mpp2pl.exe /H
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyDailyHoroscope]
C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6P_0001_N91M1807]
C:\Documents and Settings\Administrator\Desktop\WinAntiVirusPro2006FreeInstall.exe -nag
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
c:\windows\system32\ossproxy.exe -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
C:\Program Files\Privacy Champion\pscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
C:\Program Files\pspvideo9\pspVideo9.exe -t
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\Program Files\Registry Cleaner\RegClean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
c:\program files\180searchassistant\salm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search-Exe]
C:\Program Files\se\v11\se.EXE /H
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
Smtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Begone]
c:\freescan\freescan.exe -FastScan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-26 18:14 36975 --a------ C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 2]
C:\Program Files\SurfSideKick 2\Ssk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\u3ri4ko5]
C:\Program Files\u3ri4ko5\u3ri4ko5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
R1 NPPTNT;NPPTNT;\??\C:\WINDOWS\System32\npptNT.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS
S3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS\system32\DRIVERS\IntelH51.sys
S3 Intels51;Intel® 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
S3 MooseKOPMA;MooseKOPMA;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\MooseKOPMA.sys
S3 MzBot;MzBot;\??\C:\MzBot.sys
S3 xp1;xp1;\??\C:\Documents and Settings\Administrator\Desktop\36. hacks\xp.sys
S3 zenos1;zenos1;\??\C:\Documents and Settings\Administrator\Desktop\ZenosEngine\zenos.sys
S3 zenx1;zenx1;\??\C:\Documents and Settings\Administrator\Desktop\ZenxEngine_LATEST\zenx.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\304260a5-cd3e-4468-8532-a001953f2711]
C:\WINDOWS\System32\dmdmrmx.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 00:59:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-28 06:52:02 C:\WINDOWS\Tasks\WebReg 20041016225225.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe\/TaskName 20041016225225 /N
"2006-01-31 03:21:16 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-11-29 00:49:58 C:\WINDOWS\Tasks\RUTASK.job"
- C:\WINDOWS\ru.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-28 16:50:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-28 16:59:17 - machine was rebooted
.
--- E O F ---
fixwareout log:Username "Administrator" - 8/2007 Wed 16:32:41 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csqmg.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{278FF197-2FD0-4383-875A-B0A8865A5428}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48FF0ABC-F00F-4020-B845-7FBAF87AE47F}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9FC64092-1C4F-46E1-8D81-49642DC89AF0}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F5D9FB92-7EAB-4CA1-9DD8-BA12DDBD70B9}
"nameserver"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{48FF0ABC-F00F-4020-B845-7FBAF87AE47F}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9FC64092-1C4F-46E1-8D81-49642DC89AF0}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DFA67C3B-AB95-42ED-A4C7-D779EEA0C94D}
"DhcpNameServer"="85.255.115.46,85.255.112.230" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "1dedoc" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "emvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "domdnb" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "orcimlh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "hjgmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nlcalik" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "cmnmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}150AA287CED8-244A-23E4-88EE-3DF9A21F{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}1D3FE13F8ED5-889B-CED4-12F1-4303841C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}881AACBBFC22-EC8B-F5A4-E9A4-3B2C6F2A{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}2DB0F3219B04-1E98-1D64-8117-741C8C0C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}3B37B2D4F827-D389-9A04-1DE4-016547A2{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}7FC66FDC27F5-3F9A-4F94-8ECF-BB4851B7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "bscmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D9CA8DC5330D-8078-5474-87B5-98D2046C{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}D025649AAC31-F8F8-1104-1A5F-5F0192A3{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "ctbmd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "jbfsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "jvlsc" Value deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "gmqsc" Value deleted
HKCR\CLSID\{6B2B1210-1D14-45E8-A261-DE45DFEDA574}\_h\4 Deleted.
HKCR\CLSID\{74D0FE39-3AFB-4854-9B59-339F8746DA3E}\_h\4 Deleted.
HKCR\CLSID\{DB67DC8A-1E74-4D0E-8998-59B5781A966E}\_h\4 Deleted.
....
~~~~~ Misc files.
C:\Documents and Settings\Administrator\Application Data\kc.tmp Deleted
C:\Documents and Settings\All Users\Favorites\AdultGambling.url Deleted
C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url Deleted
C:\Documents and Settings\All Users\Favorites\Free Online Dating.url Deleted
C:\Documents and Settings\All Users\Favorites\[bleep] Real Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Kill Annoying Popups.url Deleted
C:\Documents and Settings\All Users\Favorites\NEW VIAGRA at Half Price!.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Chat With Nude Girls.url Deleted
C:\Documents and Settings\All Users\Favorites\Online Sex Poker Rooms.url Deleted
C:\Documents and Settings\All Users\Favorites\Order CIALIS online without leaving home..url Deleted
C:\Documents and Settings\All Users\Favorites\PC protection in under 2 minutes!.url Deleted
C:\Documents and Settings\All Users\Favorites\Play Adult-Poker.url Deleted
C:\Documents and Settings\All Users\Favorites\Remove Toolbars.url Deleted
C:\Documents and Settings\All Users\Favorites\SEX Dating - Real Girls For Real SEX.url Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall.url Deleted
C:\Documents and Settings\All Users\Favorites\SPYWARE.url Deleted
C:\Documents and Settings\All Users\Favorites\Stop PopUps On Your Computer.url Deleted
C:\Documents and Settings\All Users\Favorites\VIAGRA at incredible low price. Bonus Pills!.url Deleted
C:\Documents and Settings\All Users\Favorites\View ADULT photos of REAL GIRLS!.url Deleted
C:\Documents and Settings\All Users\Favorites\XXX personal photos.url Deleted
C:\WINDOWS\System32\kilacln.exe Deleted
C:\WINDOWS\System32\winctrl16.exe Deleted
C:\WINDOWS\System32\winctrl32.exe Deleted
C:\WINDOWS\System32\winctrl64.exe Deleted
C:\Documents and Settings\All Users\Favorites\Online Pharmacy Deleted
C:\Documents and Settings\All Users\Favorites\Sex and Dating Deleted
C:\Documents and Settings\All Users\Favorites\Spyware Uninstall Deleted
C:\WINDOWS\system32\{7B1584BB-FCE8-49F4-A9F3-5F72CDF66CF7}.exe Deleted
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"Yunguyo.exe"="C:\\WINDOWS\\System32\\Yunguyo.exe"
"test3"="C:\\WINDOWS\\System32\\test3.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
C:\WINDOWS\System32\AUTOEXEC.NT missing
~~~~~ End report ~~~~~
Sign In
Create Account
