Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups saying computer is infected [CLOSED]


  • This topic is locked This topic is locked

#1
andreeee

andreeee

    New Member

  • Member
  • Pip
  • 9 posts
I used to have little messages that popup from the sys tray saying my computer was infected but i did the How to remove Outerinfo tutorial and the How to remove Trojan.Zlob-X.a - IEDefender and they no longer popup.

I tried to do the How to remove trojan.w32.looksky tutorial but when SmitFraudFix asks if i want to clean the registry it wont let me push y or n and it keeps repeating the question, filling up the whole box with that question over and over again untill i exit out of it.

Also every now and then a message box pops up saying im infected and to choose yes or no to scan, I just exit out of it.

Everytime I open a program a message box appears with the button 'ok' and in the title bar it reads (example) 'firefox.exe - Bad Image' and the message is 'The application or DLL C:\WINDOWS\system32\wowfx.dll is not a valid Windows image. Please check this against your installation diskette.' The message is the same no matter what program i open. If I exit out of it or click ok the program loads.

I did an AVG Anti-Spyware 7.5 scan and quarrantined what was found, I still have a problem.

I thought it was time to post my HijackThis log because I cannot fix it.

So here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:38 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co....S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6ED63687-EB85-4687-A8D0-17E9792B20CA} - C:\WINDOWS\system32\opnlkhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dhvabtul.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--
End of file - 8810 bytes
  • 0

Advertisements


#2
MoNsTeReNeRgY22

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello and Welcome to Geeks to Go. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
For more information regarding this download, please visit this webpage: http://www.bleepingc...to-use-combofix
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
First of all Im suprised by such a quick reply, well done!

ComboFix got to about stage 35 complete then it started again saying 'Deleting files/folders.' After about 30 minutes of clicking bad image errors and nothing happening I got sick of it so I ended it.

Is there another way I could fix this, or a way to get rid of the bad image errors?
If not I'll try again.

By the way I forgot to mention that when ever I open my task manager, after the bad image error an error saying task manager has been disabled by your administrator comes up. I am an administrator and I have administrator priviledges so why can't I access the task manager?

Thanks so much for your help.

*EDIT - I did another ComboFix run, this is what happened:

This time it only deleted 1 file ("C:\WINDOWS\pskt.ini") insted of the 15+ it did last time.

It then completed stages 1-30.

Then it said - 'The process tried to write to a nonexistent pipe'

Then it completed stages 31-41.

Then it said - 'SED: can't read s/\\??\C:\\WINDOWS\\system32\\wowfx.dll\\0//Ig; s/\\??\C:\\WINDOWS\\system32\\wowfx.dll\\Q/\\??\C:\\WINDOWS\\system32\\wowfx.dll\\0/I; s/\\0$//: Invalid argument.

Then it completed stages 42-43.

Then it said FINDSTR: Search string too long.

Then it went blank then back to 'Deleting files/folders' and just stayed like that while clicked ok on the bad image errors that popped up every second.

Edited by andreeee, 11 March 2008 - 04:05 AM.

  • 0

#4
MoNsTeReNeRgY22

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

I am looking into these problems you had CF, and will get back to you. In the mean time, plese do the following.

Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.
Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • 0

#5
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
main.txt

Deckard's System Scanner v20071014.68
Run by Andre on 2008-03-12 17:17:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-03-12 05:18:20 UTC - RP330 - Deckard's System Scanner Restore Point
6: 2008-03-12 04:41:37 UTC - RP329 - Installed Opera 9.26
5: 2008-03-11 08:06:27 UTC - RP328 - ComboFix created restore point
4: 2008-03-11 05:09:34 UTC - RP327 - System Checkpoint
3: 2008-03-10 04:49:24 UTC - RP326 - Removed Ad-Aware 2007


-- First Restore Point --
1: 2008-03-09 13:11:03 UTC - RP324 - Installed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Andre.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20, on 2008-03-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Andre\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co....S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6ED63687-EB85-4687-A8D0-17E9792B20CA} - C:\WINDOWS\system32\opnlkhi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--
End of file - 8561 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.reg - regfile - shell\open\command - "regedit.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; Jacal Consulting; Game Jackal>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 ZSMC302 (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfee AntiSpyware Service - "c:\progra~1\mcafee\mcafee antispyware\massrv.exe" <Not Verified; McAfee, Inc.; McAfee AntiSpyware>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-12 17:00:03 258 --ah----- C:\WINDOWS\Tasks\A8713B3C918EB1D4.job
2008-03-02 15:49:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-18 05:30:00 362 --a------ C:\WINDOWS\Tasks\McAfee AntiSpyware.job
2006-08-27 21:56:41 256 --a------ C:\WINDOWS\Tasks\BugDoctorAndre.job


-- Files created between 2008-02-12 and 2008-03-12 -----------------------------

2008-03-12 16:41:46 0 d-------- C:\Program Files\Opera
2008-03-11 20:04:33 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-11 20:04:33 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-11 20:04:33 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-11 20:04:33 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-11 20:04:16 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-11 16:12:20 0 d-------- C:\Program Files\Trend Micro
2008-03-11 01:34:59 0 d-------- C:\Documents and Settings\Andre\Application Data\Grisoft
2008-03-11 01:05:03 2572 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 01:03:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-11 01:03:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-11 01:03:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-11 01:03:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-11 01:03:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-11 01:03:34 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-11 01:03:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 00:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 18:53:53 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll
2008-03-10 18:52:54 166689 --ahs---- C:\WINDOWS\system32\mopoq.ini2
2008-03-10 17:56:52 211909 ---hs---- C:\WINDOWS\system32\wwvut.ini2
2008-03-10 16:13:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 16:09:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 16:09:49 0 d-------- C:\Documents and Settings\Andre\Application Data\SUPERAntiSpyware.com
2008-03-10 12:38:52 91200 -----n--- C:\WINDOWS\system32\albinkab.dll
2008-03-10 12:37:14 89664 --a------ C:\WINDOWS\system32\grdspycw.dll
2008-03-10 01:55:00 91200 --a------ C:\WINDOWS\system32\tobofkeh.dll
2008-03-10 01:52:31 89664 --a------ C:\WINDOWS\system32\jjvarbag.dll
2008-03-10 01:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 00:54:34 0 d-------- C:\WINDOWS\FLEOK
2008-03-10 00:51:58 24320 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-10 00:51:57 16384 --a------ C:\WINDOWS\msapasrc.dll
2008-03-10 00:51:57 11264 --a------ C:\WINDOWS\msa64chk.dll
2008-03-10 00:51:32 11008 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-10 00:51:28 15360 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-10 00:51:28 11776 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-10 00:51:27 14848 --a------ C:\WINDOWS\shdocpl.dll
2008-03-10 00:51:27 29184 --a------ C:\WINDOWS\ntnut.exe
2008-03-10 00:51:26 20224 --a------ C:\WINDOWS\shdocpe.dll
2008-03-10 00:51:10 24832 --a------ C:\WINDOWS\winsb.dll
2008-03-10 00:51:05 26624 --a------ C:\WINDOWS\browserad.dll
2008-03-10 00:51:04 29184 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-10 00:51:03 21248 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-10 00:51:03 15872 --a------ C:\WINDOWS\avifile32.dll
2008-03-10 00:51:03 31744 --a------ C:\WINDOWS\autodisc32.dll
2008-03-10 00:51:02 30208 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-10 00:51:01 13824 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-10 00:51:01 20480 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-10 00:51:00 12288 --a------ C:\WINDOWS\athprxy32.dll
2008-03-10 00:51:00 15872 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-10 00:51:00 16384 --a------ C:\WINDOWS\asferror32.dll
2008-03-10 00:50:59 20480 --a------ C:\WINDOWS\apphelp32.dll
2008-03-10 00:50:54 21504 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-09 21:59:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 21:49:52 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-03-09 21:26:13 92224 --a------ C:\WINDOWS\system32\psrautoc.dll
2008-03-09 21:25:49 39936 --a------ C:\WINDOWS\system32\vtuvvwx.dll
2008-03-09 21:20:16 88640 --a------ C:\WINDOWS\system32\qjajusck.dll
2008-03-06 12:55:27 96832 --a------ C:\WINDOWS\system32\pjsmllpb.dll
2008-03-06 12:49:29 91712 --a------ C:\WINDOWS\system32\dmvvxpnp.dll
2008-03-06 12:40:49 96832 --a------ C:\WINDOWS\system32\lwdnoiwl.dll
2008-03-06 12:37:49 91712 --a------ C:\WINDOWS\system32\jglughgb.dll
2008-03-05 14:48:29 96832 --a------ C:\WINDOWS\system32\vexahhaa.dll
2008-03-05 14:45:29 89664 --a------ C:\WINDOWS\system32\uxvjmeeb.dll
2008-03-05 14:42:30 91712 --a------ C:\WINDOWS\system32\aakbgmdi.dll
2008-03-05 12:07:50 89664 --a------ C:\WINDOWS\system32\bdobqtqk.dll
2008-03-05 12:05:03 96832 --a------ C:\WINDOWS\system32\eamfsdfd.dll
2008-03-05 12:04:49 91712 --a------ C:\WINDOWS\system32\vwyhjkxh.dll
2008-03-04 19:22:18 95296 --a------ C:\WINDOWS\system32\knhfypop.dll
2008-03-04 19:16:19 91712 --a------ C:\WINDOWS\system32\vdapvbcw.dll
2008-03-04 18:41:43 0 d-------- C:\Program Files\SmartFTP Client
2008-03-04 18:39:15 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-04 12:54:51 95296 --a------ C:\WINDOWS\system32\wiybjvwe.dll
2008-03-04 12:51:52 91712 --a------ C:\WINDOWS\system32\msanlmqk.dll
2008-03-04 12:17:17 95296 --a------ C:\WINDOWS\system32\mjnirgsr.dll
2008-03-04 12:17:06 91712 --a------ C:\WINDOWS\system32\blhdevry.dll
2008-03-03 12:34:41 89664 --a------ C:\WINDOWS\system32\lolchhbw.dll
2008-03-03 12:31:41 84544 --a------ C:\WINDOWS\system32\spycibrv.dll
2008-03-03 12:29:52 91712 --a------ C:\WINDOWS\system32\pjlabpkb.dll
2008-03-03 00:35:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 00:32:21 0 d-------- C:\Program Files\Windows Live
2008-03-03 00:30:10 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 15:11:52 89664 --a------ C:\WINDOWS\system32\ohgdflff.dll
2008-03-02 15:05:58 91712 --a------ C:\WINDOWS\system32\pwbaalor.dll
2008-03-01 16:15:21 88640 --a------ C:\WINDOWS\system32\uitskogr.dll
2008-03-01 16:12:19 91712 --a------ C:\WINDOWS\system32\aldtvvtr.dll
2008-03-01 13:53:38 28435 --a------ C:\WINDOWS\system32\qjchfvwe.dll
2008-03-01 13:50:45 64 --a------ C:\WINDOWS\system32\cxdlkxio.dll
2008-03-01 13:50:39 64 --a------ C:\WINDOWS\system32\cibpunoy.dll
2008-02-29 19:02:29 0 dr-h----- C:\Documents and Settings\Chloe\Recent
2008-02-29 18:42:18 89664 --a------ C:\WINDOWS\system32\rnwexqew.dll
2008-02-29 18:39:19 84544 --a------ C:\WINDOWS\system32\otwuvwdg.dll
2008-02-29 18:37:20 91712 --a------ C:\WINDOWS\system32\vteruxds.dll
2008-02-29 13:26:28 84544 --a------ C:\WINDOWS\system32\fxjshkry.dll
2008-02-29 13:23:29 89664 --a------ C:\WINDOWS\system32\dgqjmamm.dll
2008-02-29 13:20:30 91712 --a------ C:\WINDOWS\system32\nrmweutp.dll
2008-02-29 11:41:27 89664 --a------ C:\WINDOWS\system32\nxlqjoro.dll
2008-02-29 11:37:02 91712 --a------ C:\WINDOWS\system32\xlkexhnm.dll
2008-02-29 00:10:13 0 d-------- C:\Program Files\PokerStars.NET
2008-02-28 23:05:52 84544 --a------ C:\WINDOWS\system32\isvfgkvm.dll
2008-02-28 23:03:05 89664 --a------ C:\WINDOWS\system32\yudqdbil.dll
2008-02-28 22:59:50 91712 --a------ C:\WINDOWS\system32\dwyjrvdq.dll
2008-02-28 22:38:12 89664 --a------ C:\WINDOWS\system32\oanxoijc.dll
2008-02-28 22:35:11 91712 --a------ C:\WINDOWS\system32\slryupkh.dll
2008-02-28 16:05:53 85056 --a------ C:\WINDOWS\system32\ydorecnu.dll
2008-02-28 16:02:50 90176 --a------ C:\WINDOWS\system32\dhlrqabp.dll
2008-02-28 13:22:00 91712 --a------ C:\WINDOWS\system32\ukeibife.dll
2008-02-27 20:24:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-02-27 20:19:09 0 d-------- C:\Program Files\Macromedia
2008-02-27 20:19:09 0 d-------- C:\Program Files\Common Files\Macromedia
2008-02-27 19:53:12 89152 --a------ C:\WINDOWS\system32\whrxauxt.dll
2008-02-27 13:49:25 89152 --a------ C:\WINDOWS\system32\oeavsisr.dll
2008-02-27 13:46:25 86080 --a------ C:\WINDOWS\system32\tghsdvad.dll
2008-02-27 13:43:25 91712 --a------ C:\WINDOWS\system32\kmuducbj.dll
2008-02-26 13:21:19 90688 --a------ C:\WINDOWS\system32\wgbxrrlt.dll
2008-02-25 23:46:01 0 d-------- C:\Program Files\Audacity
2008-02-25 11:10:17 90176 --a------ C:\WINDOWS\system32\vldfgvtn.dll
2008-02-24 22:01:41 89152 --a------ C:\WINDOWS\system32\pbupkmnl.dll
2008-02-24 18:51:02 89152 --a------ C:\WINDOWS\system32\ydctoclo.dll
2008-02-24 12:17:52 85056 --a------ C:\WINDOWS\system32\ofbdriyl.dll
2008-02-24 12:17:24 89152 --a------ C:\WINDOWS\system32\vbuuvaam.dll
2008-02-24 00:16:54 89152 --a------ C:\WINDOWS\system32\javmqxts.dll
2008-02-22 11:44:11 93760 --a------ C:\WINDOWS\system32\lkqiimtm.dll
2008-02-20 10:55:11 89152 --a------ C:\WINDOWS\system32\knqeiyan.dll
2008-02-18 14:03:24 97344 --a------ C:\WINDOWS\system32\ebsvnsoe.dll
2008-02-18 12:03:33 97344 --a------ C:\WINDOWS\system32\xuvxrqyr.dll
2008-02-17 15:36:27 92736 --a------ C:\WINDOWS\system32\watgisxh.dll
2008-02-13 21:45:59 86080 --a------ C:\WINDOWS\system32\latnakye.dll
2008-02-13 21:40:00 93248 --a------ C:\WINDOWS\system32\mqhajueh.dll
2008-02-13 18:07:23 93248 --a------ C:\WINDOWS\system32\xfxrttmi.dll
2008-02-13 11:24:11 86080 --a------ C:\WINDOWS\system32\tyhijffy.dll
2008-02-13 11:18:05 93248 --a------ C:\WINDOWS\system32\vnnxhevr.dll
2008-02-12 19:21:43 86080 --a------ C:\WINDOWS\system32\rpnebppw.dll
2008-02-12 19:15:49 93248 --a------ C:\WINDOWS\system32\ghuvqued.dll
2008-02-12 11:40:35 93248 --a------ C:\WINDOWS\system32\xjjkdkeo.dll
2008-02-12 00:54:18 93248 --a------ C:\WINDOWS\system32\jfhdeywe.dll


-- Find3M Report ---------------------------------------------------------------

2008-03-12 16:49:37 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-12 16:42:55 0 d-------- C:\Documents and Settings\Andre\Application Data\Opera
2008-03-10 22:25:55 93184 -----n--- C:\WINDOWS\system32\acfffaeddbcec.dll
2008-03-10 18:13:35 0 d-------- C:\Documents and Settings\Andre\Application Data\EXTRA LOCKS LOGO
2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files
2008-03-04 12:48:44 108562 -----n--- C:\WINDOWS\system32\bdebafab.dll
2008-02-27 22:58:38 0 d-------- C:\Documents and Settings\Andre\Application Data\Macromedia
2008-02-12 18:46:34 0 d-------- C:\Documents and Settings\Andre\Application Data\Microsoft Games
2008-02-12 18:32:48 0 d-------- C:\Documents and Settings\Andre\Application Data\Adobe
2008-02-11 14:05:12 93248 --a------ C:\WINDOWS\system32\yjpsnoxq.dll
2008-02-10 23:56:44 93248 --a------ C:\WINDOWS\system32\jpbuqoth.dll
2008-02-10 16:26:38 93760 --a------ C:\WINDOWS\system32\lelftaan.dll
2008-02-10 14:53:08 93760 --a------ C:\WINDOWS\system32\ungavyte.dll
2008-02-09 18:53:48 94784 --a------ C:\WINDOWS\system32\vttjqray.dll
2008-02-08 13:01:08 95808 --a------ C:\WINDOWS\system32\nodkdasf.dll
2008-02-08 12:53:14 95808 --a------ C:\WINDOWS\system32\awkyeqnk.dll
2008-02-08 00:00:27 95808 --a------ C:\WINDOWS\system32\hxiqgwhk.dll
2008-02-07 16:04:44 92224 --a------ C:\WINDOWS\system32\aanfdldq.dll
2008-02-06 20:58:03 90688 --a------ C:\WINDOWS\system32\ptpyipvn.dll
2008-02-06 20:55:04 94272 --a------ C:\WINDOWS\system32\ulooocjm.dll
2008-02-06 12:23:04 94272 --a------ C:\WINDOWS\system32\qnmjjnwd.dll
2008-02-06 00:17:41 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-05 17:52:44 93248 --a------ C:\WINDOWS\system32\fpdtlmjl.dll
2008-02-05 11:43:13 93248 --a------ C:\WINDOWS\system32\earagtsj.dll
2008-02-04 18:28:51 92736 --a------ C:\WINDOWS\system32\smjegtsm.dll
2008-02-04 17:13:00 92736 --a------ C:\WINDOWS\system32\ryvdyllf.dll
2008-02-04 11:59:38 92736 --a------ C:\WINDOWS\system32\mbwuyhdb.dll
2008-02-03 22:15:04 96832 --a------ C:\WINDOWS\system32\gqjnhynr.dll
2008-02-03 21:08:50 96832 --a------ C:\WINDOWS\system32\ejolvgji.dll
2008-02-03 15:52:00 96832 --a------ C:\WINDOWS\system32\kqgcwbcj.dll
2008-02-01 19:10:00 90688 --a------ C:\WINDOWS\system32\rwsmyvvq.dll
2008-02-01 19:07:01 94784 --a------ C:\WINDOWS\system32\reomjayr.dll
2008-01-31 12:39:23 92736 --a------ C:\WINDOWS\system32\aigphkbe.dll
2008-01-31 12:37:13 74304 --a------ C:\WINDOWS\system32\tpubxhvm.exe <Not Verified; ; DDC>
2008-01-30 17:09:27 78912 --a------ C:\WINDOWS\system32\sieieuey.dll
2008-01-30 17:06:29 74304 --a------ C:\WINDOWS\system32\dsqxtuhe.exe <Not Verified; ; DDC>
2008-01-28 19:38:30 89152 --a------ C:\WINDOWS\system32\ncsiigus.dll
2008-01-28 19:35:30 74304 --a------ C:\WINDOWS\system32\bycvqalq.exe <Not Verified; ; DDC>
2008-01-28 19:33:16 78912 --a------ C:\WINDOWS\system32\dvdryuct.dll
2008-01-28 13:25:56 74304 --a------ C:\WINDOWS\system32\fvjbxjaw.exe <Not Verified; ; DDC>
2008-01-28 13:25:33 78912 --a------ C:\WINDOWS\system32\jpjifblo.dll
2008-01-25 18:05:51 87616 --a------ C:\WINDOWS\system32\qpsmgele.dll
2008-01-25 17:58:47 74304 --a------ C:\WINDOWS\system32\xlipjvve.exe <Not Verified; ; DDC>
2008-01-25 17:55:50 80448 --a------ C:\WINDOWS\system32\bvddhavv.dll
2008-01-25 16:30:03 80448 --a------ C:\WINDOWS\system32\iaurcuef.dll
2008-01-25 16:27:04 74304 --a------ C:\WINDOWS\system32\ycngioof.exe <Not Verified; ; DDC>
2008-01-24 19:13:26 74304 --a------ C:\WINDOWS\system32\ehogavek.exe <Not Verified; ; DDC>
2008-01-24 19:10:36 80960 --a------ C:\WINDOWS\system32\vuutlqnd.dll
2008-01-24 16:16:14 87616 --a------ C:\WINDOWS\system32\oniironh.dll
2008-01-24 16:07:28 74304 --a------ C:\WINDOWS\system32\gtckmary.exe <Not Verified; ; DDC>
2008-01-24 16:07:09 80960 --a------ C:\WINDOWS\system32\rqupdbhx.dll
2008-01-23 22:02:59 89664 --a------ C:\WINDOWS\system32\fyhtufkn.dll
2008-01-23 21:59:53 77376 --a------ C:\WINDOWS\system32\fdigjsjr.dll
2008-01-23 21:56:48 74304 --a------ C:\WINDOWS\system32\cxrvxsax.exe <Not Verified; ; DDC>
2008-01-23 19:42:55 89664 --a------ C:\WINDOWS\system32\yiqhnywn.dll
2008-01-23 19:39:52 74304 --a------ C:\WINDOWS\system32\myyjetih.exe <Not Verified; ; DDC>
2008-01-23 19:36:52 77376 --a------ C:\WINDOWS\system32\eeaffsvh.dll
2008-01-23 15:22:01 74304 --a------ C:\WINDOWS\system32\uheaynvb.exe <Not Verified; ; DDC>
2008-01-23 15:19:00 77376 --a------ C:\WINDOWS\system32\naeplmlc.dll
2008-01-23 12:16:38 74304 --a------ C:\WINDOWS\system32\ncyyelhh.exe <Not Verified; ; DDC>
2008-01-23 12:16:34 77376 --a------ C:\WINDOWS\system32\hltlludy.dll
2008-01-22 22:52:39 77376 --a------ C:\WINDOWS\system32\nbwhnake.dll
2008-01-22 22:49:34 74304 --a------ C:\WINDOWS\system32\htkkdaep.exe <Not Verified; ; DDC>
2008-01-22 20:49:01 88640 --a------ C:\WINDOWS\system32\xmtghjhs.dll
2008-01-22 20:45:57 74304 --a------ C:\WINDOWS\system32\creyptxc.exe <Not Verified; ; DDC>
2008-01-22 20:43:51 78912 --a------ C:\WINDOWS\system32\jgwjhqqr.dll
2008-01-22 17:37:50 88640 --a------ C:\WINDOWS\system32\yaoxmbit.dll
2008-01-22 17:35:49 74304 --a------ C:\WINDOWS\system32\lxdrmeyh.exe <Not Verified; ; DDC>
2008-01-22 17:35:20 78912 --a------ C:\WINDOWS\system32\etloqrqo.dll
2008-01-22 16:05:13 74304 --a------ C:\WINDOWS\system32\sjcgyqyd.exe <Not Verified; ; DDC>
2008-01-22 16:03:20 78912 --a------ C:\WINDOWS\system32\injlwarn.dll
2008-01-22 14:10:25 74304 --a------ C:\WINDOWS\system32\csijxxyw.exe <Not Verified; ; DDC>
2008-01-22 14:07:26 78912 --a------ C:\WINDOWS\system32\wkkvbphs.dll
2008-01-21 16:36:43 85568 --a------ C:\WINDOWS\system32\vcirlutn.dll
2008-01-21 16:33:43 79424 --a------ C:\WINDOWS\system32\twvdjwui.dll
2008-01-21 16:30:42 74304 --a------ C:\WINDOWS\system32\hvhtisbq.exe <Not Verified; ; DDC>
2008-01-20 17:10:41 74304 --a------ C:\WINDOWS\system32\kyvoeilk.exe <Not Verified; ; DDC>
2008-01-20 17:09:29 78400 --a------ C:\WINDOWS\system32\gefvhsff.dll
2008-01-18 20:53:34 64 --a------ C:\WINDOWS\system32\ihrthapa.dll
2008-01-18 20:49:21 64 --a------ C:\WINDOWS\system32\nxromyit.dll
2008-01-18 11:53:31 86592 --a------ C:\WINDOWS\system32\gjnkeuhu.dll
2008-01-18 11:50:28 74304 --a------ C:\WINDOWS\system32\yvdenjbw.exe <Not Verified; ; DDC>
2008-01-18 11:47:35 77376 --a------ C:\WINDOWS\system32\gqreuuvh.dll
2008-01-17 12:38:22 76864 --a------ C:\WINDOWS\system32\orikbdft.dll
2008-01-17 12:38:12 74304 --a------ C:\WINDOWS\system32\ojqcstns.exe <Not Verified; ; DDC>
2008-01-17 10:01:39 86592 --a------ C:\WINDOWS\system32\pdrqhmjf.dll
2008-01-17 09:58:38 74304 --a------ C:\WINDOWS\system32\itahkyxp.exe <Not Verified; ; DDC>
2008-01-17 09:55:46 76864 --a------ C:\WINDOWS\system32\sneyfsgk.dll
2008-01-16 18:55:14 79936 --a------ C:\WINDOWS\system32\qxtdemhl.dll
2008-01-16 18:52:20 74304 --a------ C:\WINDOWS\system32\fhuxheni.exe <Not Verified; ; DDC>
2008-01-16 12:04:20 79936 --a------ C:\WINDOWS\system32\hdcqsaxy.dll
2008-01-16 12:04:08 74304 --a------ C:\WINDOWS\system32\dpfnllrl.exe <Not Verified; ; DDC>
2008-01-15 16:30:56 74304 --a------ C:\WINDOWS\system32\qojfihhx.exe <Not Verified; ; DDC>
2008-01-15 16:30:49 77888 --a------ C:\WINDOWS\system32\iluephmi.dll
2008-01-15 13:41:11 89152 --a------ C:\WINDOWS\system32\otlckofp.dll
2008-01-15 13:40:51 74304 --a------ C:\WINDOWS\system32\tlqbjovx.exe <Not Verified; ; DDC>
2008-01-15 13:38:30 77888 --a------ C:\WINDOWS\system32\wrlskwyi.dll
2008-01-15 11:21:27 89152 --a------ C:\WINDOWS\system32\plorygqj.dll
2008-01-15 11:18:22 74304 --a------ C:\WINDOWS\system32\wxxauokt.exe <Not Verified; ; DDC>
2008-01-15 11:18:13 77888 --a------ C:\WINDOWS\system32\saoneopc.dll
2008-01-14 21:24:25 90176 --a------ C:\WINDOWS\system32\ticglxde.dll
2008-01-14 21:22:26 76864 --a------ C:\WINDOWS\system32\enqmlsgb.dll
2008-01-14 21:18:46 74304 --a------ C:\WINDOWS\system32\vohqcquo.exe <Not Verified; ; DDC>
2008-01-14 18:10:09 74304 --a------ C:\WINDOWS\system32\qomkalhh.exe <Not Verified; ; DDC>
2008-01-14 18:08:59 79936 --a------ C:\WINDOWS\system32\mcfysdih.dll
2008-01-14 12:37:13 90176 --a------ C:\WINDOWS\system32\duhqbidv.dll
2008-01-14 12:34:18 74304 --a------ C:\WINDOWS\system32\fhcbwets.exe <Not Verified; ; DDC>
2008-01-14 12:34:10 79936 --a------ C:\WINDOWS\system32\mntvafhs.dll
2008-01-13 12:07:37 90176 --a------ C:\WINDOWS\system32\rgyrieib.dll
2008-01-13 12:04:37 76864 --a------ C:\WINDOWS\system32\erbnbcng.dll
2008-01-13 12:01:32 74304 --a------ C:\WINDOWS\system32\xtijatws.exe <Not Verified; ; DDC>
2008-01-12 14:36:42 74304 --a------ C:\WINDOWS\system32\mxntotbj.exe <Not Verified; ; DDC>
2008-01-12 14:34:08 76864 --a------ C:\WINDOWS\system32\ektnacrs.dll
2008-01-11 23:24:17 74304 --a------ C:\WINDOWS\system32\cdimyxxf.exe <Not Verified; ; DDC>
2008-01-11 23:21:28 76864 --a------ C:\WINDOWS\system32\mytdtntt.dll
2008-01-11 22:13:49 90176 --a------ C:\WINDOWS\system32\jgledbcx.dll
2008-01-11 22:10:38 74304 --a------ C:\WINDOWS\system32\yuxvvrow.exe <Not Verified; ; DDC>
2008-01-11 22:07:46 76864 --a------ C:\WINDOWS\system32\emnwuibn.dll
2008-01-11 21:42:09 90176 --a------ C:\WINDOWS\system32\sfjneibe.dll
2008-01-11 21:40:36 74304 --a------ C:\WINDOWS\system32\rnoxpcgw.exe <Not Verified; ; DDC>
2008-01-11 21:39:36 76864 --a------ C:\WINDOWS\system32\slkkuwtt.dll
2008-01-11 11:44:53 90176 --a------ C:\WINDOWS\system32\vjphrjye.dll
2008-01-11 11:41:25 79424 --a------ C:\WINDOWS\system32\axeykeup.dll
2008-01-11 11:38:20 74304 --a------ C:\WINDOWS\system32\tburhgrm.exe <Not Verified; ; DDC>
2008-01-10 18:33:08 74304 --a------ C:\WINDOWS\system32\pkvwqpxk.exe <Not Verified; ; DDC>
2008-01-10 18:30:06 79424 --a------ C:\WINDOWS\system32\ceayoewi.dll
2008-01-10 14:13:13 74304 --a------ C:\WINDOWS\system32\jkwwmrqo.exe <Not Verified; ; DDC>
2008-01-10 14:10:14 79936 --a------ C:\WINDOWS\system32\vyqbgkdi.dll
2008-01-09 11:47:49 74304 --a------ C:\WINDOWS\system32\prtwmhhh.exe <Not Verified; ; DDC>
2008-01-09 11:47:42 77888 --a------ C:\WINDOWS\system32\ebtcuser.dll
2008-01-08 14:06:33 90176 --a------ C:\WINDOWS\system32\dymldwdb.dll
2008-01-08 14:03:42 76864 --a------ C:\WINDOWS\system32\lgquuguf.dll
2008-01-08 14:00:37 74304 --a------ C:\WINDOWS\system32\nggrsece.exe <Not Verified; ; DDC>
2008-01-07 23:03:50 76864 --a------ C:\WINDOWS\system32\ljhdyfbq.dll
2008-01-07 23:03:39 74304 --a------ C:\WINDOWS\system32\nypecljv.exe <Not Verified; ; DDC>
2008-01-07 21:30:56 90176 --a------ C:\WINDOWS\system32\mapcnluk.dll
2008-01-07 21:29:10 76864 --a------ C:\WINDOWS\system32\ugqtygkb.dll
2008-01-07 21:26:26 74304 --a------ C:\WINDOWS\system32\ohetdfhv.exe <Not Verified; ; DDC>
2008-01-07 19:04:58 74304 --a------ C:\WINDOWS\system32\tcerysux.exe <Not Verified; ; DDC>
2008-01-07 19:01:54 76864 --a------ C:\WINDOWS\system32\rdmaesju.dll
2008-01-06 21:46:48 75840 --a------ C:\WINDOWS\system32\qrihkklr.dll
2008-01-06 21:46:44 74304 --a------ C:\WINDOWS\system32\vhcvismm.exe <Not Verified; ; DDC>
2008-01-06 18:50:45 75840 --a------ C:\WINDOWS\system32\estmqdrr.dll
2008-01-06 18:50:41 74304 --a------ C:\WINDOWS\system32\seldigcc.exe <Not Verified; ; DDC>
2008-01-06 18:13:40 90176 --a------ C:\WINDOWS\system32\ismyhvhi.dll
2008-01-06 18:13:17 74304 --a------ C:\WINDOWS\system32\puwrbbhb.exe <Not Verified; ; DDC>
2008-01-06 18:09:50 78912 --a------ C:\WINDOWS\system32\igqbasgq.dll
2008-01-05 20:18:32 78912 --a------ C:\WINDOWS\system32\wwecyiru.dll
2008-01-05 20:15:30 74304 --a------ C:\WINDOWS\system32\jmrvwyli.exe <Not Verified; ; DDC>
2008-01-05 19:02:23 90176 --a------ C:\WINDOWS\system32\audornpy.dll
2008-01-05 19:02:14 78912 --a------ C:\WINDOWS\system32\ystwbnwk.dll
2008-01-05 19:02:04 74304 --a------ C:\WINDOWS\system32\lyynwagx.exe <Not Verified; ; DDC>
2008-01-04 21:37:53 74304 --a------ C:\WINDOWS\system32\rpuoqkja.exe <Not Verified; ; DDC>
2008-01-04 21:34:45 77376 --a------ C:\WINDOWS\system32\redtyufc.dll
2008-01-04 14:42:23 87104 --a------ C:\WINDOWS\system32\viwivulv.dll
2008-01-04 14:39:24 74304 --a------ C:\WINDOWS\system32\ukosgsjc.exe <Not Verified; ; DDC>
2008-01-04 14:36:24 78400 --a------ C:\WINDOWS\system32\loovqjit.dll
2008-01-04 13:33:01 87104 --a------ C:\WINDOWS\system32\edanavmo.dll
2008-01-04 13:30:02 74304 --a------ C:\WINDOWS\system32\vfvjagxn.exe <Not Verified; ; DDC>
2008-01-04 13:27:23 78400 --a------ C:\WINDOWS\system32\xlvdvvjb.dll
2008-01-04 12:56:30 78400 --a------ C:\WINDOWS\system32\vasveioe.dll
2008-01-04 11:05:21 87104 --a------ C:\WINDOWS\system32\ycwejsaw.dll
2008-01-04 11:02:21 78400 --a------ C:\WINDOWS\system32\mahwyfis.dll
2008-01-04 10:59:22 74304 --a------ C:\WINDOWS\system32\rseoudwm.exe <Not Verified; ; DDC>
2008-01-03 12:44:30 74304 --a------ C:\WINDOWS\system32\kvldlrvn.exe <Not Verified; ; DDC>
2008-01-03 12:41:30 78400 --a------ C:\WINDOWS\system32\yubdxbyc.dll
2008-01-02 16:13:35 74304 --a------ C:\WINDOWS\system32\jectcjuk.exe <Not Verified; ; DDC>
2008-01-01 10:25:25 90176 --a------ C:\WINDOWS\system32\xpbfbafa.dll
2008-01-01 10:24:07 74304 --a------ C:\WINDOWS\system32\uccnvwyw.exe <Not Verified; ; DDC>
2008-01-01 00:53:53 74304 --a------ C:\WINDOWS\system32\jxxlsamr.exe <Not Verified; ; DDC>
2007-12-31 18:26:55 74304 --a------ C:\WINDOWS\system32\sgtrllbm.exe <Not Verified; ; DDC>
2007-12-30 18:14:17 74304 --a------ C:\WINDOWS\system32\cescurvb.exe <Not Verified; ; DDC>
2007-12-29 22:08:35 53584 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-29 19:18:55 74304 --a------ C:\WINDOWS\system32\rxrquikw.exe <Not Verified; ; DDC>
2007-12-28 21:24:10 74304 --a------ C:\WINDOWS\system32\vdvsjijn.exe <Not Verified; ; DDC>
2007-12-28 13:26:58 74304 --a------ C:\WINDOWS\system32\omwkjejf.exe <Not Verified; ; DDC>
2007-12-27 17:51:21 90176 --a------ C:\WINDOWS\system32\sgfsiufq.dll
2007-12-27 17:51:18 74304 --a------ C:\WINDOWS\system32\rgextalc.exe <Not Verified; ; DDC>
2007-12-27 11:48:31 74304 --a------ C:\WINDOWS\system32\vuphagcc.exe <Not Verified; ; DDC>
2007-12-26 23:18:28 74304 --a------ C:\WINDOWS\system32\ymjccbli.exe <Not Verified; ; DDC>
2007-12-26 20:47:19 74304 --a------ C:\WINDOWS\system32\omiskduo.exe <Not Verified; ; DDC>
2007-12-26 12:18:20 87104 --a------ C:\WINDOWS\system32\agchuxlt.dll
2007-12-26 12:18:15 74304 --a------ C:\WINDOWS\system32\xjxxwaxk.exe <Not Verified; ; DDC>
2007-12-25 18:00:25 74304 --a------ C:\WINDOWS\system32\xbkrhwef.exe <Not Verified; ; DDC>
2007-12-25 11:08:41 74304 --a------ C:\WINDOWS\system32\ptsrtxey.exe <Not Verified; ; DDC>
2007-12-24 12:54:15 87104 --a------ C:\WINDOWS\system32\lcuuogtb.dll
2007-12-24 12:51:19 74304 --a------ C:\WINDOWS\system32\uuhenara.exe <Not Verified; ; DDC>
2007-12-23 18:46:53 74304 --a------ C:\WINDOWS\system32\udtynivj.exe <Not Verified; ; DDC>
2007-12-23 12:45:44 87104 --a------ C:\WINDOWS\system32\aytexrku.dll
2007-12-23 12:42:37 74304 --a------ C:\WINDOWS\system32\gtgmodmg.exe <Not Verified; ; DDC>
2007-12-23 12:25:39 74304 --a------ C:\WINDOWS\system32\txdranio.exe <Not Verified; ; DDC>
2007-12-22 21:43:23 74304 --a------ C:\WINDOWS\system32\odycwwju.exe <Not Verified; ; DDC>
2007-12-21 23:21:10 85568 --a------ C:\WINDOWS\system32\vkndsvhn.dll
2007-12-21 23:20:58 74304 --a------ C:\WINDOWS\system32\xykaqsvw.exe <Not Verified; ; DDC>
2007-12-21 12:34:04 74304 --a------ C:\WINDOWS\system32\llmuemna.exe <Not Verified; ; DDC>
2007-12-20 19:54:49 74304 --a------ C:\WINDOWS\system32\qtalfwqi.exe <Not Verified; ; DDC>
2007-12-19 18:59:51 74304 --a------ C:\WINDOWS\system32\krcenjvm.exe <Not Verified; ; DDC>
2007-12-18 17:51:32 85568 --a------ C:\WINDOWS\system32\jvwmmkrd.dll
2007-12-18 17:48:20 74304 --a------ C:\WINDOWS\system32\rmnxgdby.exe <Not Verified; ; DDC>
2007-12-17 17:48:32 74304 --a------ C:\WINDOWS\system32\sbiumtia.exe <Not Verified; ; DDC>
2007-12-16 23:03:48 74304 --a------ C:\WINDOWS\system32\elrrcyih.exe <Not Verified; ; DDC>
2007-12-16 21:36:02 74304 --a------ C:\WINDOWS\system32\awwnbukf.exe <Not Verified; ; DDC>
2007-12-16 13:01:28 74304 --a------ C:\WINDOWS\system32\dhwoiukm.exe <Not Verified; ; DDC>
2007-12-15 23:47:15 85568 --a------ C:\WINDOWS\system32\ccjekvaj.dll
2007-12-15 23:44:11 74304 --a------ C:\WINDOWS\system32\impbatyr.exe <Not Verified; ; DDC>
2007-12-15 00:26:01 74304 --a------ C:\WINDOWS\system32\ltlewdpr.exe <Not Verified; ; DDC>
2007-12-14 09:07:27 85568 --a------ C:\WINDOWS\system32\oaqjcrxn.dll
2007-12-14 09:04:32 74304 --a------ C:\WINDOWS\system32\iyraokfj.exe <Not Verified; ; DDC>
2007-12-13 21:12:57 74304 --a------ C:\WINDOWS\system32\gtebmmhg.exe <Not Verified; ; DDC>
2007-12-13 16:38:53 74304 --a------ C:\WINDOWS\system32\qidvcbvv.exe <Not Verified; ; DDC>
2007-12-13 12:48:21 74304 --a------ C:\WINDOWS\system32\ebppedak.exe <Not Verified; ; DDC>
2007-12-13 11:28:35 74304 --a------ C:\WINDOWS\system32\jyojhmlw.exe <Not Verified; ; DDC>
2007-12-13 11:11:55 74304 --a------ C:\WINDOWS\system32\qmlxwwqx.exe <Not Verified; ; DDC>
2007-12-12 14:36:15 697 --a----c- C:\WINDOWS\eReg.dat
2007-12-12 11:59:10 85568 --a------ C:\WINDOWS\system32\hwkytdro.dll
2007-12-12 11:56:04 74304 --a------ C:\WINDOWS\system32\vcjbnvgn.exe <Not Verified; ; DDC>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ED63687-EB85-4687-A8D0-17E9792B20CA}]
C:\WINDOWS\system32\opnlkhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4E7CAAB-6535-4243-99BD-F12350B584A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b53875f2-ae1c-4efb-88c6-bc305a3748b4}]
C:\WINDOWS\system32\fnluqwgk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1205149217.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MPFEXE"="C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" [2005-11-11 17:00]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 18:29]
"Printer"="C:\WINDOWS\system32\printer.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"cc9fb054"="C:\WINDOWS\system32\rfnbkkci.dll" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 21:25]
"BMcfac83c8"="C:\WINDOWS\system32\esalcwdd.dll" [2008-03-10 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 00:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)
"DisableTaskMgr"=1 (0x1)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"UpdateManager"=C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"[email protected]"=0 (0x0)
"[email protected]"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
"{6ED63687-EB85-4687-A8D0-17E9792B20CA}"= C:\WINDOWS\system32\opnlkhi.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceSetup"= {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe "
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acfffaeddbcec]
C:\WINDOWS\system32\acfffaeddbcec.dll 2008-03-10 22:25 93184 C:\WINDOWS\system32\acfffaeddbcec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdebafab]
C:\WINDOWS\system32\bdebafab.dll 2008-03-04 12:48 108562 C:\WINDOWS\system32\bdebafab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkhi]
opnlkhi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvww]
C:\WINDOWS\system32\tuvww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winvfe32]
winvfe32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]
C:\WINDOWS\system32\wudb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Andre^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win33A.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\build delete remote idol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cc9fb054]
rundll32.exe "C:\WINDOWS\system32\vpkqdywl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkuj.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\holatgnw]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\holatgnw.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ListDog]
C:\DOCUME~1\Chloe\APPLIC~1\EXTRAL~1\BalmModeElse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mrolstqt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\part chin math idol]
C:\Documents and Settings\All Users\Application Data\That size part chin\Chic Enc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\sowcmqfy.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\xyartwbp.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uhilsrix]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\uhilsrix.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmtefmno]




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

79 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-12 17:27:40 ------------


Back to top -->

#6
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 255.48 MiB / 62.93 MiB
Pagefile Memory (total/avail): 664.79 MiB / 392.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.35 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 27.95 GiB total, 10.51 GiB free.
D: is Fixed (FAT32) - 18.63 GiB total, 5.7 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - ST320410A - 18.65 GiB - 1 partition
\PARTITION0 - Unknown - 18.64 GiB - D:

\\.\PHYSICALDRIVE0 - ST330621A - 27.95 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Andre\\Application Data\\printer.exe"="C:\\Documents and Settings\\Andre\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Andre\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Andre\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Andre\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Andre\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MessengerDiscovery\\Loader.exe"="C:\\Program Files\\MessengerDiscovery\\Loader.exe:*:Disabled:Loader"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\WINDOWS\\TEMP\\win1B54.tmp.exe"="C:\\WINDOWS\\TEMP\\win1B54.tmp.exe:*:Enabled:win1B54.tmp"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\WINDOWS\\system32\\dhvabtul.exe"="C:\\WINDOWS\\system32\\dhv"
"C:\\WINDOWS\\TEMP\\win2C89.tmp.exe"="C:\\WINDOWS\\TEMP\\win2C89.tmp.exe:*:Enabled:win2C89.tmp"
"C:\\WINDOWS\\TEMP\\win5E.tmp.exe"="C:\\WINDOWS\\TEMP\\win5E.tmp.exe:*:Enabled:win5E.tmp"
"C:\\DOCUME~1\\Andre\\LOCALS~1\\Temp\\RegMech.exe"="C:\\DOCUME~1\\Andre\\LOCALS~1\\Temp\\RegMech.exe:*:Enabled:Enabled"
"C:\\WINDOWS\\TEMP\\winC00.tmp.exe"="C:\\WINDOWS\\TEMP\\winC00.tmp.exe:*:Enabled:winC00.tmp"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\WINDOWS\\TEMP\\win1D.exe"="C:\\WINDOWS\\TEMP\\win1D.exe:*:Enabled:win1D"
"C:\\Documents and Settings\\Andre\\Application Data\\printer.exe"="C:\\Documents and Settings\\Andre\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Andre\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Andre\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Andre\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Andre\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Andre\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-DED34AE92B
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Andre
LOGONSERVER=\\USER-DED34AE92B
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Andre\LOCALS~1\Temp
TMP=C:\DOCUME~1\Andre\LOCALS~1\Temp
USERDOMAIN=USER-DED34AE92B
USERNAME=Andre
USERPROFILE=C:\Documents and Settings\Andre
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Andre (admin)
Chloe (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
McAfee AntiSpyware --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mas /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\masrem.ui::uninstall.htm
McAfee Personal Firewall Plus --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee QuickClean 6.1 --> MsiExec.exe /I{8B43D18F-DC74-4D44-814E-9BD3420B8E44}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SpamKiller --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
Messenger Live Connector --> MsiExec.exe /I{0D959BD2-2BA9-418B-963B-7B4D1297C512}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PokerStars.net --> "C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe -u
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type13792 / Error
Event Submitted/Written: 03/12/2008 05:15:04 PM
Event ID/Source: 0 / Adobe LM Service
Event Description:
Pipe broken

Event Record #/Type13786 / Warning
Event Submitted/Written: 03/12/2008 01:52:38 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{0837A661-FEC3-48B3-876C-91E7D32048A9}', feature 'ProgramFiles' failed during request for component '{173DF343-3C84-4390-96CD-B8E7DE9D9176}'

Event Record #/Type13785 / Warning
Event Submitted/Written: 03/12/2008 01:52:38 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{0837A661-FEC3-48B3-876C-91E7D32048A9}', feature 'ProgramFiles', component '{15196997-6218-4667-8CB0-0C7A1174E022}' failed. The resource 'C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Menus\menus.bak' does not exist.

Event Record #/Type13761 / Success
Event Submitted/Written: 03/11/2008 04:43:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13745 / Warning
Event Submitted/Written: 03/11/2008 00:13:42 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'ProductNonBootFiles' failed during request for component '{EED59264-D37E-4F24-A622-EA5AB43D0EAC}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type41583 / Warning
Event Submitted/Written: 03/12/2008 02:31:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type41582 / Warning
Event Submitted/Written: 03/12/2008 01:56:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type41552 / Error
Event Submitted/Written: 03/12/2008 00:50:05 PM / 03/12/2008 00:53:05 PM
Event ID/Source: 4 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Event Record #/Type41551 / Error
Event Submitted/Written: 03/12/2008 00:50:05 PM / 03/12/2008 00:53:05 PM
Event ID/Source: 5 / ACPI
Event Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Event Record #/Type41546 / Warning
Event Submitted/Written: 03/12/2008 02:09:41 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-12 17:27:40 ------------
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Reboot and post a new DSS log
  • 0

#8
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Heres the Smitfraudfix log, its probably not complete because I had the same problem as I explained in my first post

SmitFraudFix v2.301

Scan done at 12:00:49.34, 2008-03-13
Run from C:\Documents and Settings\Andre\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer=202.27.158.40,202.27.156.72


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Heres the Vundofix log


VundoFix V7.0.3

Scan started at 12:16:54 2008-03-13

Listing files found while scanning....

C:\windows\system32\awtuvvt.dll
C:\windows\system32\axjdirlt.dll
C:\WINDOWS\system32\axmvflhl.dll
C:\windows\system32\axuwnere.dll
C:\WINDOWS\system32\axwcctpw.dll
C:\windows\system32\bdsimxqy.dll
C:\windows\system32\beuykryp.dll
C:\windows\system32\bmcdlaep.dll
C:\windows\system32\bptqgmpp.dll
C:\windows\system32\bsxtalxh.dll
C:\windows\system32\cgidjykn.dll
C:\windows\system32\chlllavr.dll
C:\windows\system32\cwxikxsp.dll
C:\windows\system32\cxwyobrl.dll
C:\windows\system32\dgaoigee.ini
C:\windows\system32\dgdrnkjs.dll
C:\windows\system32\drvkujr.dll
C:\windows\system32\dwekidfx.dll
C:\windows\system32\ecnremtf.dll
C:\windows\system32\eegioagd.dll
C:\windows\system32\ekbotoom.dll
C:\windows\system32\erenwuxa.ini
C:\windows\system32\frdipfsy.dll
C:\windows\system32\ftmernce.ini
C:\windows\system32\fvldpnuu.dll
C:\windows\system32\fxsxtdnc.dll
C:\windows\system32\gclepjld.dll
C:\windows\system32\ggbnelik.dll
C:\windows\system32\gknrfphu.dll
C:\windows\system32\gmumbcpq.dll
C:\windows\system32\gsmmldul.dll
C:\windows\system32\gvouharq.dll
C:\windows\system32\gxbmgaoy.dll
C:\windows\system32\hdvbusdn.dll
C:\windows\system32\hvawsgjd.dll
C:\windows\system32\hxlatxsb.ini
C:\windows\system32\iaovkbku.dll
C:\windows\system32\ithsrusi.dll
C:\windows\system32\itrrukki.dll
C:\windows\system32\jlichrao.dll
C:\windows\system32\jrbhllla.dll
C:\windows\system32\kchnlpqt.dll
C:\windows\system32\khfgggf.dll
C:\windows\system32\kvgjntar.dll
C:\windows\system32\lerqhwry.dll
C:\windows\system32\letwcymo.dll
C:\windows\system32\lgfvbdqn.dll
C:\windows\system32\lhlfvmxa.ini
C:\windows\system32\llegonoe.dll
C:\windows\system32\lpgdeqfy.dll
C:\windows\system32\lrboywxc.ini
C:\windows\system32\mraggiva.dll
C:\windows\system32\mrhhtafv.dll
C:\windows\system32\nilpuumw.dll
C:\windows\system32\niobydqj.dll
C:\windows\system32\njoyovmj.dll
C:\windows\system32\nkyjdigc.ini
C:\windows\system32\nocqstdh.dll
C:\windows\system32\npnbnuut.dll
C:\windows\system32\nrrwhuss.dll
C:\windows\system32\nvfkdkqi.dll
C:\windows\system32\obwjeofa.dll
C:\windows\system32\oemnyack.dll
C:\windows\system32\ofbdriyl.dll
C:\windows\system32\omkjrmrv.dll
C:\windows\system32\onamprxs.dll
C:\WINDOWS\system32\opnlkhi.dll
C:\windows\system32\pealdcmb.ini
C:\windows\system32\peujenfi.dll
C:\windows\system32\ppmgqtpb.ini
C:\windows\system32\prqjjtgl.dll
C:\windows\system32\psxkixwc.ini
C:\windows\system32\ptobqbua.dll
C:\windows\system32\pvactnrt.dll
C:\windows\system32\pyanvasu.dll
C:\windows\system32\pyrkyueb.ini
C:\windows\system32\qbssujjx.dll
C:\windows\system32\qfaawrut.dll
C:\windows\system32\qffrdqnn.dll
C:\windows\system32\qihreqda.dll
C:\windows\system32\rdlwrvmw.dll
C:\windows\system32\retutsfi.dll
C:\windows\system32\rewfvsra.dll
C:\windows\system32\rroftybo.dll
C:\windows\system32\rsqvedyj.dll
C:\windows\system32\rvalllhc.ini
C:\windows\system32\rvjenrad.dll
C:\windows\system32\saehkvak.dll
C:\windows\system32\saklvadh.dll
C:\windows\system32\sentkasu.dll
C:\windows\system32\sibnkdcm.dll
C:\windows\system32\sjknrdgd.ini
C:\windows\system32\surmthlk.dll
C:\windows\system32\swaepuyy.dll
C:\windows\system32\tbjxgjpx.dll
C:\windows\system32\tcgtiwwl.dll
C:\windows\system32\tlridjxa.ini
C:\windows\system32\togkpoxv.dll
C:\windows\system32\tuvstur.dll
C:\windows\system32\tvwevoex.dll
C:\windows\system32\tyocndfy.dll
C:\windows\system32\uryvstqh.dll
C:\windows\system32\uubirbhi.dll
C:\windows\system32\vekevlms.dll
C:\windows\system32\vfoppwxj.dll
C:\windows\system32\vfyyugqg.dll
C:\windows\system32\voanvtej.dll
C:\windows\system32\vooofusq.dll
C:\windows\system32\vqacrsuv.dll
C:\windows\system32\vttlmlon.dll
C:\windows\system32\vvrlhfui.dll
C:\windows\system32\vxfowxsy.dll
C:\windows\system32\wbcchoya.dll
C:\windows\system32\wjuwkghq.dll
C:\windows\system32\wptccwxa.ini
C:\windows\system32\wpwrhkor.dll
C:\windows\system32\wvibanjn.dll
C:\windows\system32\xgoumqdg.dll
C:\windows\system32\xotrigqc.dll
C:\windows\system32\xqbysbve.dll
C:\windows\system32\xyartwbp.dll
C:\windows\system32\yaqcupld.dll
C:\windows\system32\yhehaloh.dll
C:\windows\system32\yjduubvn.dll
C:\windows\system32\ymyxkige.dll
C:\windows\system32\yqxmisdb.ini

Beginning removal...

Attempting to delete C:\windows\system32\awtuvvt.dll
C:\windows\system32\awtuvvt.dll Has been deleted!

Attempting to delete C:\windows\system32\axjdirlt.dll
C:\windows\system32\axjdirlt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\axmvflhl.dll
C:\WINDOWS\system32\axmvflhl.dll Has been deleted!

Attempting to delete C:\windows\system32\axuwnere.dll
C:\windows\system32\axuwnere.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\axwcctpw.dll
C:\WINDOWS\system32\axwcctpw.dll Has been deleted!

Attempting to delete C:\windows\system32\bdsimxqy.dll
C:\windows\system32\bdsimxqy.dll Has been deleted!

Attempting to delete C:\windows\system32\beuykryp.dll
C:\windows\system32\beuykryp.dll Has been deleted!

Attempting to delete C:\windows\system32\bmcdlaep.dll
C:\windows\system32\bmcdlaep.dll Has been deleted!

Attempting to delete C:\windows\system32\bptqgmpp.dll
C:\windows\system32\bptqgmpp.dll Has been deleted!

Attempting to delete C:\windows\system32\bsxtalxh.dll
C:\windows\system32\bsxtalxh.dll Has been deleted!

Attempting to delete C:\windows\system32\cgidjykn.dll
C:\windows\system32\cgidjykn.dll Has been deleted!

Attempting to delete C:\windows\system32\chlllavr.dll
C:\windows\system32\chlllavr.dll Has been deleted!

Attempting to delete C:\windows\system32\cwxikxsp.dll
C:\windows\system32\cwxikxsp.dll Has been deleted!

Attempting to delete C:\windows\system32\cxwyobrl.dll
C:\windows\system32\cxwyobrl.dll Has been deleted!

Attempting to delete C:\windows\system32\dgaoigee.ini
C:\windows\system32\dgaoigee.ini Has been deleted!

Attempting to delete C:\windows\system32\dgdrnkjs.dll
C:\windows\system32\dgdrnkjs.dll Has been deleted!

Attempting to delete C:\windows\system32\drvkujr.dll
C:\windows\system32\drvkujr.dll Has been deleted!

Attempting to delete C:\windows\system32\dwekidfx.dll
C:\windows\system32\dwekidfx.dll Has been deleted!

Attempting to delete C:\windows\system32\ecnremtf.dll
C:\windows\system32\ecnremtf.dll Has been deleted!

Attempting to delete C:\windows\system32\eegioagd.dll
C:\windows\system32\eegioagd.dll Has been deleted!

Attempting to delete C:\windows\system32\ekbotoom.dll
C:\windows\system32\ekbotoom.dll Has been deleted!

Attempting to delete C:\windows\system32\erenwuxa.ini
C:\windows\system32\erenwuxa.ini Has been deleted!

Attempting to delete C:\windows\system32\frdipfsy.dll
C:\windows\system32\frdipfsy.dll Has been deleted!

Attempting to delete C:\windows\system32\ftmernce.ini
C:\windows\system32\ftmernce.ini Has been deleted!

Attempting to delete C:\windows\system32\fvldpnuu.dll
C:\windows\system32\fvldpnuu.dll Has been deleted!

Attempting to delete C:\windows\system32\fxsxtdnc.dll
C:\windows\system32\fxsxtdnc.dll Has been deleted!

Attempting to delete C:\windows\system32\gclepjld.dll
C:\windows\system32\gclepjld.dll Has been deleted!

Attempting to delete C:\windows\system32\ggbnelik.dll
C:\windows\system32\ggbnelik.dll Has been deleted!

Attempting to delete C:\windows\system32\gknrfphu.dll
C:\windows\system32\gknrfphu.dll Has been deleted!

Attempting to delete C:\windows\system32\gmumbcpq.dll
C:\windows\system32\gmumbcpq.dll Has been deleted!

Attempting to delete C:\windows\system32\gsmmldul.dll
C:\windows\system32\gsmmldul.dll Has been deleted!

Attempting to delete C:\windows\system32\gvouharq.dll
C:\windows\system32\gvouharq.dll Has been deleted!

Attempting to delete C:\windows\system32\gxbmgaoy.dll
C:\windows\system32\gxbmgaoy.dll Has been deleted!

Attempting to delete C:\windows\system32\hdvbusdn.dll
C:\windows\system32\hdvbusdn.dll Has been deleted!

Attempting to delete C:\windows\system32\hvawsgjd.dll
C:\windows\system32\hvawsgjd.dll Has been deleted!

Attempting to delete C:\windows\system32\hxlatxsb.ini
C:\windows\system32\hxlatxsb.ini Has been deleted!

Attempting to delete C:\windows\system32\iaovkbku.dll
C:\windows\system32\iaovkbku.dll Has been deleted!

Attempting to delete C:\windows\system32\ithsrusi.dll
C:\windows\system32\ithsrusi.dll Has been deleted!

Attempting to delete C:\windows\system32\itrrukki.dll
C:\windows\system32\itrrukki.dll Has been deleted!

Attempting to delete C:\windows\system32\jlichrao.dll
C:\windows\system32\jlichrao.dll Has been deleted!

Attempting to delete C:\windows\system32\jrbhllla.dll
C:\windows\system32\jrbhllla.dll Has been deleted!

Attempting to delete C:\windows\system32\kchnlpqt.dll
C:\windows\system32\kchnlpqt.dll Has been deleted!

Attempting to delete C:\windows\system32\khfgggf.dll
C:\windows\system32\khfgggf.dll Has been deleted!

Attempting to delete C:\windows\system32\kvgjntar.dll
C:\windows\system32\kvgjntar.dll Has been deleted!

Attempting to delete C:\windows\system32\lerqhwry.dll
C:\windows\system32\lerqhwry.dll Has been deleted!

Attempting to delete C:\windows\system32\letwcymo.dll
C:\windows\system32\letwcymo.dll Has been deleted!

Attempting to delete C:\windows\system32\lgfvbdqn.dll
C:\windows\system32\lgfvbdqn.dll Has been deleted!

Attempting to delete C:\windows\system32\lhlfvmxa.ini
C:\windows\system32\lhlfvmxa.ini Has been deleted!

Attempting to delete C:\windows\system32\llegonoe.dll
C:\windows\system32\llegonoe.dll Has been deleted!

Attempting to delete C:\windows\system32\lpgdeqfy.dll
C:\windows\system32\lpgdeqfy.dll Has been deleted!

Attempting to delete C:\windows\system32\lrboywxc.ini
C:\windows\system32\lrboywxc.ini Has been deleted!

Attempting to delete C:\windows\system32\mraggiva.dll
C:\windows\system32\mraggiva.dll Has been deleted!

Attempting to delete C:\windows\system32\mrhhtafv.dll
C:\windows\system32\mrhhtafv.dll Has been deleted!

Attempting to delete C:\windows\system32\nilpuumw.dll
C:\windows\system32\nilpuumw.dll Has been deleted!

Attempting to delete C:\windows\system32\niobydqj.dll
C:\windows\system32\niobydqj.dll Has been deleted!

Attempting to delete C:\windows\system32\njoyovmj.dll
C:\windows\system32\njoyovmj.dll Has been deleted!

Attempting to delete C:\windows\system32\nkyjdigc.ini
C:\windows\system32\nkyjdigc.ini Has been deleted!

Attempting to delete C:\windows\system32\nocqstdh.dll
C:\windows\system32\nocqstdh.dll Has been deleted!

Attempting to delete C:\windows\system32\npnbnuut.dll
C:\windows\system32\npnbnuut.dll Has been deleted!

Attempting to delete C:\windows\system32\nrrwhuss.dll
C:\windows\system32\nrrwhuss.dll Has been deleted!

Attempting to delete C:\windows\system32\nvfkdkqi.dll
C:\windows\system32\nvfkdkqi.dll Has been deleted!

Attempting to delete C:\windows\system32\obwjeofa.dll
C:\windows\system32\obwjeofa.dll Has been deleted!

Attempting to delete C:\windows\system32\oemnyack.dll
C:\windows\system32\oemnyack.dll Has been deleted!

Attempting to delete C:\windows\system32\ofbdriyl.dll
C:\windows\system32\ofbdriyl.dll Has been deleted!

Attempting to delete C:\windows\system32\omkjrmrv.dll
C:\windows\system32\omkjrmrv.dll Has been deleted!

Attempting to delete C:\windows\system32\onamprxs.dll
C:\windows\system32\onamprxs.dll Has been deleted!

Attempting to delete C:\windows\system32\pealdcmb.ini
C:\windows\system32\pealdcmb.ini Has been deleted!

Attempting to delete C:\windows\system32\peujenfi.dll
C:\windows\system32\peujenfi.dll Has been deleted!

Attempting to delete C:\windows\system32\ppmgqtpb.ini
C:\windows\system32\ppmgqtpb.ini Has been deleted!

Attempting to delete C:\windows\system32\prqjjtgl.dll
C:\windows\system32\prqjjtgl.dll Has been deleted!

Attempting to delete C:\windows\system32\psxkixwc.ini
C:\windows\system32\psxkixwc.ini Has been deleted!

Attempting to delete C:\windows\system32\ptobqbua.dll
C:\windows\system32\ptobqbua.dll Has been deleted!

Attempting to delete C:\windows\system32\pvactnrt.dll
C:\windows\system32\pvactnrt.dll Has been deleted!

Attempting to delete C:\windows\system32\pyanvasu.dll
C:\windows\system32\pyanvasu.dll Has been deleted!

Attempting to delete C:\windows\system32\pyrkyueb.ini
C:\windows\system32\pyrkyueb.ini Has been deleted!

Attempting to delete C:\windows\system32\qbssujjx.dll
C:\windows\system32\qbssujjx.dll Has been deleted!

Attempting to delete C:\windows\system32\qfaawrut.dll
C:\windows\system32\qfaawrut.dll Has been deleted!

Attempting to delete C:\windows\system32\qffrdqnn.dll
C:\windows\system32\qffrdqnn.dll Has been deleted!

Attempting to delete C:\windows\system32\qihreqda.dll
C:\windows\system32\qihreqda.dll Has been deleted!

Attempting to delete C:\windows\system32\rdlwrvmw.dll
C:\windows\system32\rdlwrvmw.dll Has been deleted!

Attempting to delete C:\windows\system32\retutsfi.dll
C:\windows\system32\retutsfi.dll Has been deleted!

Attempting to delete C:\windows\system32\rewfvsra.dll
C:\windows\system32\rewfvsra.dll Has been deleted!

Attempting to delete C:\windows\system32\rroftybo.dll
C:\windows\system32\rroftybo.dll Has been deleted!

Attempting to delete C:\windows\system32\rsqvedyj.dll
C:\windows\system32\rsqvedyj.dll Has been deleted!

Attempting to delete C:\windows\system32\rvalllhc.ini
C:\windows\system32\rvalllhc.ini Has been deleted!

Attempting to delete C:\windows\system32\rvjenrad.dll
C:\windows\system32\rvjenrad.dll Has been deleted!

Attempting to delete C:\windows\system32\saehkvak.dll
C:\windows\system32\saehkvak.dll Has been deleted!

Attempting to delete C:\windows\system32\saklvadh.dll
C:\windows\system32\saklvadh.dll Has been deleted!

Attempting to delete C:\windows\system32\sentkasu.dll
C:\windows\system32\sentkasu.dll Has been deleted!

Attempting to delete C:\windows\system32\sibnkdcm.dll
C:\windows\system32\sibnkdcm.dll Has been deleted!

Attempting to delete C:\windows\system32\sjknrdgd.ini
C:\windows\system32\sjknrdgd.ini Has been deleted!

Attempting to delete C:\windows\system32\surmthlk.dll
C:\windows\system32\surmthlk.dll Has been deleted!

Attempting to delete C:\windows\system32\swaepuyy.dll
C:\windows\system32\swaepuyy.dll Has been deleted!

Attempting to delete C:\windows\system32\tbjxgjpx.dll
C:\windows\system32\tbjxgjpx.dll Has been deleted!

Attempting to delete C:\windows\system32\tcgtiwwl.dll
C:\windows\system32\tcgtiwwl.dll Has been deleted!

Attempting to delete C:\windows\system32\tlridjxa.ini
C:\windows\system32\tlridjxa.ini Has been deleted!

Attempting to delete C:\windows\system32\togkpoxv.dll
C:\windows\system32\togkpoxv.dll Has been deleted!

Attempting to delete C:\windows\system32\tuvstur.dll
C:\windows\system32\tuvstur.dll Has been deleted!

Attempting to delete C:\windows\system32\tvwevoex.dll
C:\windows\system32\tvwevoex.dll Has been deleted!

Attempting to delete C:\windows\system32\tyocndfy.dll
C:\windows\system32\tyocndfy.dll Has been deleted!

Attempting to delete C:\windows\system32\uryvstqh.dll
C:\windows\system32\uryvstqh.dll Has been deleted!

Attempting to delete C:\windows\system32\uubirbhi.dll
C:\windows\system32\uubirbhi.dll Has been deleted!

Attempting to delete C:\windows\system32\vekevlms.dll
C:\windows\system32\vekevlms.dll Has been deleted!

Attempting to delete C:\windows\system32\vfoppwxj.dll
C:\windows\system32\vfoppwxj.dll Has been deleted!

Attempting to delete C:\windows\system32\vfyyugqg.dll
C:\windows\system32\vfyyugqg.dll Has been deleted!

Attempting to delete C:\windows\system32\voanvtej.dll
C:\windows\system32\voanvtej.dll Has been deleted!

Attempting to delete C:\windows\system32\vooofusq.dll
C:\windows\system32\vooofusq.dll Has been deleted!

Attempting to delete C:\windows\system32\vqacrsuv.dll
C:\windows\system32\vqacrsuv.dll Has been deleted!

Attempting to delete C:\windows\system32\vttlmlon.dll
C:\windows\system32\vttlmlon.dll Has been deleted!

Attempting to delete C:\windows\system32\vvrlhfui.dll
C:\windows\system32\vvrlhfui.dll Has been deleted!

Attempting to delete C:\windows\system32\vxfowxsy.dll
C:\windows\system32\vxfowxsy.dll Has been deleted!

Attempting to delete C:\windows\system32\wbcchoya.dll
C:\windows\system32\wbcchoya.dll Has been deleted!

Attempting to delete C:\windows\system32\wjuwkghq.dll
C:\windows\system32\wjuwkghq.dll Has been deleted!

Attempting to delete C:\windows\system32\wptccwxa.ini
C:\windows\system32\wptccwxa.ini Has been deleted!

Attempting to delete C:\windows\system32\wpwrhkor.dll
C:\windows\system32\wpwrhkor.dll Has been deleted!

Attempting to delete C:\windows\system32\wvibanjn.dll
C:\windows\system32\wvibanjn.dll Has been deleted!

Attempting to delete C:\windows\system32\xgoumqdg.dll
C:\windows\system32\xgoumqdg.dll Has been deleted!

Attempting to delete C:\windows\system32\xotrigqc.dll
C:\windows\system32\xotrigqc.dll Has been deleted!

Attempting to delete C:\windows\system32\xqbysbve.dll
C:\windows\system32\xqbysbve.dll Has been deleted!

Attempting to delete C:\windows\system32\xyartwbp.dll
C:\windows\system32\xyartwbp.dll Has been deleted!

Attempting to delete C:\windows\system32\yaqcupld.dll
C:\windows\system32\yaqcupld.dll Has been deleted!

Attempting to delete C:\windows\system32\yhehaloh.dll
C:\windows\system32\yhehaloh.dll Has been deleted!

Attempting to delete C:\windows\system32\yjduubvn.dll
C:\windows\system32\yjduubvn.dll Has been deleted!

Attempting to delete C:\windows\system32\ymyxkige.dll
C:\windows\system32\ymyxkige.dll Has been deleted!

Attempting to delete C:\windows\system32\yqxmisdb.ini
C:\windows\system32\yqxmisdb.ini Has been deleted!

Performing Repairs to the registry.
Done!

Heres the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co....S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--
End of file - 8574 bytes

Heres the dss log
Deckard's System Scanner v20071014.68
Run by Andre on 2008-03-13 13:31:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Andre.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-03-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Andre\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.xtramsn.co....S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.xtramsn.co....S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85DA32C2-9D9B-4DCB-9FBB-35882FC4D2F8} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Search Assistant - {B4E7CAAB-6535-4243-99BD-F12350B584A2} - (no file)
O2 - BHO: {4b8473a5-03cb-6c88-bfe4-c1ea2f57835b} - {b53875f2-ae1c-4efb-88c6-bc305a3748b4} - C:\WINDOWS\system32\fnluqwgk.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1205149217.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [cc9fb054] rundll32.exe "C:\WINDOWS\system32\rfnbkkci.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BMcfac83c8] Rundll32.exe "C:\WINDOWS\system32\esalcwdd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B2A890B-588D-4B27-AE2F-7F29D2EF04C0}: NameServer = 202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acfffaeddbcec - C:\WINDOWS\system32\acfffaeddbcec.dll
O20 - Winlogon Notify: bdebafab - C:\WINDOWS\system32\bdebafab.dll
O20 - Winlogon Notify: opnlkhi - opnlkhi.dll (file missing)
O20 - Winlogon Notify: tuvww - C:\WINDOWS\system32\tuvww.dll (file missing)
O20 - Winlogon Notify: winvfe32 - winvfe32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
O21 - SSODL: ServiceSetup - {07f7210c-30b3-4e00-81ee-487aeb2523d9} - C:\WINDOWS\Installer\{07f7210c-30b3-4e00-81ee-487aeb2523d9}\ServiceSetup.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--
End of file - 8608 bytes

-- Files created between 2008-02-13 and 2008-03-13 -----------------------------

2008-03-13 12:16:54 0 d-------- C:\VundoFix Backups
2008-03-12 16:41:46 0 d-------- C:\Program Files\Opera
2008-03-11 20:04:33 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-11 20:04:33 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-11 20:04:33 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-11 20:04:33 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-11 20:04:16 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-11 16:12:20 0 d-------- C:\Program Files\Trend Micro
2008-03-11 01:34:59 0 d-------- C:\Documents and Settings\Andre\Application Data\Grisoft
2008-03-11 01:05:03 2572 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 01:03:34 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-11 01:03:34 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-11 01:03:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-11 01:03:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-11 01:03:34 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-11 01:03:34 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-11 01:03:34 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 00:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 18:53:53 89664 --a------ C:\WINDOWS\system32\esalcwdd.dll
2008-03-10 18:52:54 166689 --ahs---- C:\WINDOWS\system32\mopoq.ini2
2008-03-10 17:56:52 211909 ---hs---- C:\WINDOWS\system32\wwvut.ini2
2008-03-10 16:13:05 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-10 16:09:51 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 16:09:49 0 d-------- C:\Documents and Settings\Andre\Application Data\SUPERAntiSpyware.com
2008-03-10 12:38:52 91200 -----n--- C:\WINDOWS\system32\albinkab.dll
2008-03-10 12:37:14 89664 --a------ C:\WINDOWS\system32\grdspycw.dll
2008-03-10 01:55:00 91200 --a------ C:\WINDOWS\system32\tobofkeh.dll
2008-03-10 01:52:31 89664 --a------ C:\WINDOWS\system32\jjvarbag.dll
2008-03-10 01:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-10 01:07:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 00:54:34 0 d-------- C:\WINDOWS\FLEOK
2008-03-10 00:51:58 24320 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-03-10 00:51:57 16384 --a------ C:\WINDOWS\msapasrc.dll
2008-03-10 00:51:57 11264 --a------ C:\WINDOWS\msa64chk.dll
2008-03-10 00:51:32 11008 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-03-10 00:51:28 15360 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-03-10 00:51:28 11776 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-03-10 00:51:27 14848 --a------ C:\WINDOWS\shdocpl.dll
2008-03-10 00:51:27 29184 --a------ C:\WINDOWS\ntnut.exe
2008-03-10 00:51:26 20224 --a------ C:\WINDOWS\shdocpe.dll
2008-03-10 00:51:10 24832 --a------ C:\WINDOWS\winsb.dll
2008-03-10 00:51:05 26624 --a------ C:\WINDOWS\browserad.dll
2008-03-10 00:51:04 29184 --a------ C:\WINDOWS\aviwrap32.dll
2008-03-10 00:51:03 21248 --a------ C:\WINDOWS\avisynthex32.dll
2008-03-10 00:51:03 15872 --a------ C:\WINDOWS\avifile32.dll
2008-03-10 00:51:03 31744 --a------ C:\WINDOWS\autodisc32.dll
2008-03-10 00:51:02 30208 --a------ C:\WINDOWS\audiosrv32.dll
2008-03-10 00:51:01 13824 --a------ C:\WINDOWS\ati2dvag32.dll
2008-03-10 00:51:01 20480 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-03-10 00:51:00 12288 --a------ C:\WINDOWS\athprxy32.dll
2008-03-10 00:51:00 15872 --a------ C:\WINDOWS\asycfilt32.dll
2008-03-10 00:51:00 16384 --a------ C:\WINDOWS\asferror32.dll
2008-03-10 00:50:59 20480 --a------ C:\WINDOWS\apphelp32.dll
2008-03-10 00:50:54 21504 --a------ C:\WINDOWS\changeurl_30.dll
2008-03-09 21:59:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 21:49:52 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-03-09 21:26:13 92224 --a------ C:\WINDOWS\system32\psrautoc.dll
2008-03-09 21:25:49 39936 --a------ C:\WINDOWS\system32\vtuvvwx.dll
2008-03-09 21:20:16 88640 --a------ C:\WINDOWS\system32\qjajusck.dll
2008-03-06 12:55:27 96832 --a------ C:\WINDOWS\system32\pjsmllpb.dll
2008-03-06 12:49:29 91712 --a------ C:\WINDOWS\system32\dmvvxpnp.dll
2008-03-06 12:40:49 96832 --a------ C:\WINDOWS\system32\lwdnoiwl.dll
2008-03-06 12:37:49 91712 --a------ C:\WINDOWS\system32\jglughgb.dll
2008-03-05 14:48:29 96832 --a------ C:\WINDOWS\system32\vexahhaa.dll
2008-03-05 14:45:29 89664 --a------ C:\WINDOWS\system32\uxvjmeeb.dll
2008-03-05 14:42:30 91712 --a------ C:\WINDOWS\system32\aakbgmdi.dll
2008-03-05 12:07:50 89664 --a------ C:\WINDOWS\system32\bdobqtqk.dll
2008-03-05 12:05:03 96832 --a------ C:\WINDOWS\system32\eamfsdfd.dll
2008-03-05 12:04:49 91712 --a------ C:\WINDOWS\system32\vwyhjkxh.dll
2008-03-04 19:22:18 95296 --a------ C:\WINDOWS\system32\knhfypop.dll
2008-03-04 19:16:19 91712 --a------ C:\WINDOWS\system32\vdapvbcw.dll
2008-03-04 18:41:43 0 d-------- C:\Program Files\SmartFTP Client
2008-03-04 18:39:15 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-04 12:54:51 95296 --a------ C:\WINDOWS\system32\wiybjvwe.dll
2008-03-04 12:51:52 91712 --a------ C:\WINDOWS\system32\msanlmqk.dll
2008-03-04 12:17:17 95296 --a------ C:\WINDOWS\system32\mjnirgsr.dll
2008-03-04 12:17:06 91712 --a------ C:\WINDOWS\system32\blhdevry.dll
2008-03-03 12:34:41 89664 --a------ C:\WINDOWS\system32\lolchhbw.dll
2008-03-03 12:31:41 84544 --a------ C:\WINDOWS\system32\spycibrv.dll
2008-03-03 12:29:52 91712 --a------ C:\WINDOWS\system32\pjlabpkb.dll
2008-03-03 00:35:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 00:32:21 0 d-------- C:\Program Files\Windows Live
2008-03-03 00:30:10 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 15:11:52 89664 --a------ C:\WINDOWS\system32\ohgdflff.dll
2008-03-02 15:05:58 91712 --a------ C:\WINDOWS\system32\pwbaalor.dll
2008-03-01 16:15:21 88640 --a------ C:\WINDOWS\system32\uitskogr.dll
2008-03-01 16:12:19 91712 --a------ C:\WINDOWS\system32\aldtvvtr.dll
2008-03-01 13:53:38 28435 --a------ C:\WINDOWS\system32\qjchfvwe.dll
2008-03-01 13:50:45 64 --a------ C:\WINDOWS\system32\cxdlkxio.dll
2008-03-01 13:50:39 64 --a------ C:\WINDOWS\system32\cibpunoy.dll
2008-02-29 19:02:29 0 dr-h----- C:\Documents and Settings\Chloe\Recent
2008-02-29 18:42:18 89664 --a------ C:\WINDOWS\system32\rnwexqew.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Edited by Rorschach112, 14 March 2008 - 02:34 PM.

  • 0

#10
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I accidentally posted 2 posts and it wont let me post all of the log (it cuts out some of it) so they're in attachments
Please delete the other post

Attached Files


Edited by andreeee, 16 March 2008 - 03:10 AM.

  • 0

Advertisements


#11
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I accidentally posted 2 posts and it wont let me post all of the log (it cuts out some of it) so they're in attachments

Edited by andreeee, 16 March 2008 - 02:23 AM.

  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete your version of ComboFix.exe and the folder C:\ComboFix



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#13
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix doesn't really work with me, read post 3 in this topic.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Sorry about that

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - Bot Check, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#15
andreeee

andreeee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Allgood.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP