I would like to say you guys are great and thank god for people like you
Here is my smithfraud log:
SmitFraudFix v2.301
Scan done at 5:31:32.01, Tue 03/11/2008
Run from C:\Documents and Settings\AnnaRoy\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\764.exe FOUND !
C:\WINDOWS\7search.dll FOUND !
C:\WINDOWS\absolute key logger.lnk FOUND !
C:\WINDOWS\aconti.exe FOUND !
C:\WINDOWS\aconti.ini FOUND !
C:\WINDOWS\aconti.log FOUND !
C:\WINDOWS\aconti.sdb FOUND !
C:\WINDOWS\acontidialer.txt FOUND !
C:\WINDOWS\adbar.dll FOUND !
C:\WINDOWS\cbinst$.exe FOUND !
C:\WINDOWS\daxtime.dll FOUND !
C:\WINDOWS\default.htm FOUND !
C:\WINDOWS\dp0.dll FOUND !
C:\WINDOWS\eventlowg.dll FOUND !
C:\WINDOWS\fhfmm-Uninstaller.exe FOUND !
C:\WINDOWS\fhfmm.exe FOUND !
C:\WINDOWS\flt.dll FOUND !
C:\WINDOWS\hcwprn.exe FOUND !
C:\WINDOWS\hotporn.exe FOUND !
C:\WINDOWS\iexplorr23.dll FOUND !
C:\WINDOWS\ie_32.exe FOUND !
C:\WINDOWS\jd2002.dll FOUND !
C:\WINDOWS\kkcomp$.exe FOUND !
C:\WINDOWS\kkcomp.dll FOUND !
C:\WINDOWS\kkcomp.exe FOUND !
C:\WINDOWS\kvnab$.exe FOUND !
C:\WINDOWS\kvnab.dll FOUND !
C:\WINDOWS\kvnab.exe FOUND !
C:\WINDOWS\liqad$.exe FOUND !
C:\WINDOWS\liqad.dll FOUND !
C:\WINDOWS\liqad.exe FOUND !
C:\WINDOWS\liqui-Uninstaller.exe FOUND !
C:\WINDOWS\liqui.dll FOUND !
C:\WINDOWS\liqui.exe FOUND !
C:\WINDOWS\ngd.dll FOUND !
C:\WINDOWS\pbar.dll FOUND !
C:\WINDOWS\pbsysie.dll FOUND !
C:\WINDOWS\settn.dll FOUND !
C:\WINDOWS\spredirect.dll FOUND !
C:\WINDOWS\vxddsk.exe FOUND !
C:\WINDOWS\wbeCheck.exe FOUND !
C:\WINDOWS\wbeInst$.exe FOUND !
C:\WINDOWS\wml.exe FOUND !
C:\WINDOWS\xadbrk.dll FOUND !
C:\WINDOWS\xadbrk.exe FOUND !
C:\WINDOWS\xadbrk_.exe FOUND !
C:\WINDOWS\xxxvideo.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\acespy\ FOUND !
C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\ESHOPEE.exe FOUND !
C:\WINDOWS\system32\mgmrwmrv.exe FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !
C:\WINDOWS\system32\vxddsk.exe FOUND !
C:\WINDOWS\system32\winfrun32.bin FOUND !
C:\WINDOWS\system32\wml.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\AnnaRoy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AnnaRoy\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\3721\ FOUND !
C:\Program Files\Accoona\ FOUND !
C:\Program Files\akl\ FOUND !
C:\Program Files\amsys\ FOUND !
C:\Program Files\e-zshopper\ FOUND !
C:\Program Files\Helper\ FOUND !
C:\Program Files\p2pnetworks\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}"="hemoglobinometries"
[HKEY_CLASSES_ROOT\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c7cd9e83-3bf6-47f8-b2e2-b114c96c1888}\InProcServer32]
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 24.25.227.55
DNS Server Search Order: 24.25.227.56
DNS Server Search Order: 66.75.160.63
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B8F41D9-CEC7-47CB-8436-3E8D874EF73A}: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.25.227.55 24.25.227.56 66.75.160.63
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Here is my Deckard system scanner log:
Deckard's System Scanner v20071014.68
Run by AnnaRoy on 2008-03-11 05:42:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
58: 2008-03-11 15:42:46 UTC - RP147 - Deckard's System Scanner Restore Point
57: 2008-03-08 09:07:45 UTC - RP146 - Last known good configuration
56: 2008-03-08 09:07:25 UTC - RP145 - System Checkpoint
55: 2008-03-08 09:07:25 UTC - RP144 - System Checkpoint
54: 2008-03-08 09:07:25 UTC - RP143 - System Checkpoint
-- First Restore Point --
1: 2008-03-08 09:07:11 UTC - RP90 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-11 05:47:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rdshost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Documents and Settings\AnnaRoy\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {08A3084E-E8C8-4DE1-9FB4-48179982C8DE} - C:\WINDOWS\system32\khfcabc.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {D4AC3A2F-EA82-4C95-8797-EF88493C5207} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: Her - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - C:\WINDOWS\system32\marwin32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7062] command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5385] cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesga...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O15 - Trusted Zone: *.musicmatch.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: khfcabc - C:\WINDOWS\system32\khfcabc.dll
O22 - SharedTaskScheduler: hemoglobinometries - {c7cd9e83-3bf6-47f8-b2e2-b114c96c1888} - (no file)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
--
End of file - 12381 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
S1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys (file missing)
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper Disk Defragmenter>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-11 and 2008-03-11 -----------------------------
2008-03-11 05:32:46 878 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-11 05:30:39 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-11 05:30:38 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-11 05:30:37 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-11 05:30:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-11 05:30:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 05:30:34 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-11 05:30:26 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-11 05:04:18 16640 --a------ C:\WINDOWS\kvnab.dll
2008-03-11 05:04:17 23808 --a------ C:\WINDOWS\kvnab.exe
2008-03-11 05:04:15 12032 --a------ C:\WINDOWS\settn.dll
2008-03-11 05:04:15 15360 --a------ C:\WINDOWS\kvnab$.exe
2008-03-11 05:04:14 31232 --a------ C:\WINDOWS\hcwprn.exe
2008-03-11 05:04:11 20480 --a------ C:\WINDOWS\pbsysie.dll
2008-03-11 05:04:09 19200 --a------ C:\WINDOWS\wbeInst$.exe
2008-03-11 05:04:09 17152 --a------ C:\WINDOWS\wbeCheck.exe
2008-03-11 05:04:01 12544 --a------ C:\WINDOWS\system32\wml.exe
2008-03-11 05:04:01 0 d-------- C:\Program Files\Accoona
2008-03-11 05:04:00 21760 --a------ C:\WINDOWS\7search.dll
2008-03-11 04:17:43 17664 --a------ C:\WINDOWS\adbar.dll
2008-03-11 04:17:39 23552 --a------ C:\WINDOWS\aconti.exe
2008-03-11 04:17:37 17408 --a------ C:\WINDOWS\xxxvideo.exe
2008-03-11 04:17:32 32000 --a------ C:\WINDOWS\764.exe
2008-03-11 04:15:28 30720 --a------ C:\WINDOWS\hotporn.exe
2008-03-10 23:35:06 0 d-------- C:\Program Files\e-zshopper
2008-03-10 23:34:56 0 d-------- C:\Program Files\3721
2008-03-10 22:17:47 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-10 21:33:45 0 d-------- C:\Program Files\amsys
2008-03-10 21:21:48 14080 --a------ C:\WINDOWS\iexplorr23.dll
2008-03-10 21:21:45 16384 --a------ C:\WINDOWS\system32\ace16win.dll
2008-03-10 21:21:37 12544 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-03-10 21:21:30 24320 --a------ C:\WINDOWS\pbar.dll
2008-03-10 07:45:38 37376 --a------ C:\WINDOWS\mrofinu72.exe
2008-03-08 18:34:38 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Macromedia
2008-03-08 18:33:44 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Google
2008-03-08 18:30:53 0 d-------- C:\Documents and Settings\royce.FINONA\Application Data\Identities
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\SendTo
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Recent
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\PrintHood
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\NetHood
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\My Documents
2008-03-08 18:29:43 0 d--h----- C:\Documents and Settings\royce.FINONA\Local Settings
2008-03-08 18:29:43 0 dr------- C:\Documents and Settings\royce.FINONA\Favorites
2008-03-08 18:29:43 0 d-------- C:\Documents and Settings\royce.FINONA\Desktop
2008-03-08 18:29:43 0 d--hs---- C:\Documents and Settings\royce.FINONA\Cookies
2008-03-08 18:29:43 0 dr-h----- C:\Documents and Settings\royce.FINONA\Application Data
2008-03-08 18:29:43 0 d---s---- C:\Documents and Settings\royce.FINONA\Application Data\Microsoft
2008-03-08 18:29:42 0 d--h----- C:\Documents and Settings\royce.FINONA\Templates
2008-03-08 18:29:42 0 dr------- C:\Documents and Settings\royce.FINONA\Start Menu
2008-03-08 18:29:42 2097152 --ah----- C:\Documents and Settings\royce.FINONA\NTUSER.DAT
2008-03-07 23:19:29 16640 --a------ C:\WINDOWS\eventlowg.dll
2008-03-07 23:19:29 12288 --a------ C:\WINDOWS\daxtime.dll
2008-03-07 23:19:28 22272 --a------ C:\WINDOWS\system32\msole32.exe
2008-03-07 23:19:28 25344 --a------ C:\WINDOWS\liqui.dll
2008-03-07 23:19:27 18176 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-03-07 23:19:27 13312 --a------ C:\WINDOWS\liqui.exe
2008-03-07 23:19:27 24576 --a------ C:\WINDOWS\fhfmm.exe
2008-03-07 23:19:26 29184 --a------ C:\WINDOWS\xadbrk.dll
2008-03-07 23:19:26 25600 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-03-07 23:19:25 27392 --a------ C:\WINDOWS\xadbrk_.exe
2008-03-07 23:19:25 9472 --a------ C:\WINDOWS\xadbrk.exe
2008-03-07 23:19:24 25088 --a------ C:\WINDOWS\kkcomp.dll
2008-03-07 23:19:23 25088 --a------ C:\WINDOWS\liqad.dll
2008-03-07 23:19:23 9984 --a------ C:\WINDOWS\kkcomp.exe
2008-03-07 23:19:23 16640 --a------ C:\WINDOWS\kkcomp$.exe
2008-03-07 23:19:22 15104 --a------ C:\WINDOWS\liqad.exe
2008-03-07 23:19:22 22784 --a------ C:\WINDOWS\liqad$.exe
2008-03-07 23:19:19 20992 --a------ C:\WINDOWS\cbinst$.exe
2008-03-07 23:19:15 30976 --a------ C:\WINDOWS\jd2002.dll
2008-03-07 23:19:04 28416 --a------ C:\WINDOWS\spredirect.dll
2008-03-07 23:19:03 20224 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-03-07 23:18:56 32512 --a------ C:\WINDOWS\ie_32.exe
2008-03-07 23:18:54 0 d-------- C:\WINDOWS\system32\acespy
2008-03-07 23:18:53 18688 --a------ C:\WINDOWS\ngd.dll
2008-03-07 23:18:52 22272 --a------ C:\WINDOWS\dp0.dll
2008-03-07 23:18:51 0 d-------- C:\Program Files\p2pnetworks
2008-03-07 23:18:46 0 d-------- C:\Program Files\akl
2008-03-07 23:18:45 30208 --a------ C:\WINDOWS\vxddsk.exe
2008-03-07 23:18:43 8192 --a------ C:\WINDOWS\wml.exe
2008-03-07 23:18:42 29952 --a------ C:\WINDOWS\flt.dll
2008-03-07 23:06:53 145021 --ahs---- C:\WINDOWS\system32\klnmp.ini2
2008-03-07 23:03:18 26112 --a------ C:\WINDOWS\system32\marwin32.dll
2008-03-07 23:03:08 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-07 23:03:02 0 d-------- C:\WINDOWS\?racle
2008-03-07 23:02:51 89099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe <Not Verified; Microsoft; runbll>
2008-03-07 23:02:40 0 d-------- C:\Program Files\webHancer
2008-03-07 23:02:25 0 d-------- C:\Program Files\QdrPack
2008-03-07 23:01:14 37376 --a------ C:\WINDOWS\system32\khfcabc.dll
2008-02-17 17:35:33 0 d-------- C:\Documents and Settings\AnnaRoy\.housecall6.6
-- Find3M Report ---------------------------------------------------------------
2008-03-11 04:11:13 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\Identities
2008-03-10 21:20:27 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-10 19:52:14 0 d-------- C:\Program Files\Common Files
2008-03-07 23:00:58 2404 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-11 19:46:03 0 d-------- C:\Program Files\Helper
2008-02-10 23:30:30 6442 --a------ C:\WINDOWS\unins000.dat
2008-02-10 23:15:10 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 22:43:06 0 d-------- C:\Program Files\Canon
2008-02-06 23:22:53 0 d-------- C:\Documents and Settings\AnnaRoy\Application Data\ScanSoft
2008-02-06 23:22:07 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-06 23:21:20 0 d-------- C:\Program Files\ScanSoft
2008-02-06 23:19:38 0 d-------- C:\Program Files\ArcSoft
2008-02-06 23:19:37 0 d--h----- C:\Program Files\InstallShield Installation Information
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}]
03/07/2008 11:01 PM 37376 --a------ C:\WINDOWS\system32\khfcabc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8041E642-8CFC-4720-BC9D-D2DB8904286F}]
C:\Program Files\QdrDrive\QdrDrive12.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4AC3A2F-EA82-4C95-8797-EF88493C5207}]
C:\WINDOWS\system32\pmnlk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
03/07/2008 11:03 PM 26112 --a------ C:\WINDOWS\system32\marwin32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 03:07 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB7062"=command /c del "C:\WINDOWS\system32\pmnlk.dll_old"
"SpybotDeletingD5385"=cmd /c del "C:\WINDOWS\system32\pmnlk.dll_old"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]
"{08A3084E-E8C8-4DE1-9FB4-48179982C8DE}"= C:\WINDOWS\system32\khfcabc.dll [03/07/2008 11:01 PM 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcabc]
khfcabc.dll 03/07/2008 11:01 PM 37376 C:\WINDOWS\system32\khfcabc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnlk.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Msetup4.exe
*Newly Created Service* - ENTDRV51
-- End of Deckard's System Scanner: finished at 2008-03-11 05:54:11 ------------
Decard extra log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 255.53 MiB / 38.78 MiB
Pagefile Memory (total/avail): 704.18 MiB / 455.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.53 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 19.58 GiB free.
D: is Fixed (NTFS) - 26.6 GiB total, 5.35 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 26.6 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Disabled:Framework Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AnnaRoy\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FINONA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AnnaRoy
LOGONSERVER=\\FINONA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.1_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AnnaRoy\LOCALS~1\Temp
TMP=C:\DOCUME~1\AnnaRoy\LOCALS~1\Temp
USERDOMAIN=FINONA
USERNAME=AnnaRoy
USERPROFILE=C:\Documents and Settings\AnnaRoy
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
AnnaRoy (admin)
royce.FINONA (new local, admin)
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ADI® SoundMAX® Integrated Digital Audio Driver for Microsoft® Windows® XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{485EC31F-0446-11D6-B60A-08004609B39F}\Setup.exe" -l0x9
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Diskeeper Professional Premier Edition --> MsiExec.exe /X{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}
DVD Region+CSS Free 5.9.5.2 --> "C:\Program Files\DVD Region+CSS Free\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment, SE v1.4.1_07 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
LimeWire PRO 4.10.5 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type2276 / Error
Event Submitted/Written: 03/11/2008 05:30:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2275 / Error
Event Submitted/Written: 03/11/2008 05:30:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2274 / Error
Event Submitted/Written: 03/11/2008 05:30:35 AM / 03/11/2008 05:30:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2273 / Error
Event Submitted/Written: 03/11/2008 05:30:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type2272 / Error
Event Submitted/Written: 03/11/2008 05:30:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type6541 / Error
Event Submitted/Written: 03/10/2008 11:00:49 PM / 03/10/2008 11:00:50 PM
Event ID/Source: 55 / Ntfs
Event Description:
The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Event Record #/Type6536 / Error
Event Submitted/Written: 03/10/2008 07:46:16 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Event Record #/Type6530 / Warning
Event Submitted/Written: 03/10/2008 07:35:38 PM / 03/10/2008 07:35:39 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type6512 / Error
Event Submitted/Written: 03/10/2008 07:27:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
DMICall
Event Record #/Type6488 / Error
Event Submitted/Written: 03/08/2008 06:30:09 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
DMICall
-- End of Deckard's System Scanner: finished at 2008-03-11 05:54:11 ------------
Here is my combofix log:
Start Time= Tue 03/11/2008 3:58:51.04
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-03-11 02:45:18 28416 ( A.... ) "C:\WINDOWS\7search.dll"
2008-03-10 23:35:08 ( .D... ) "C:\Program Files\e-zshopper"
2008-03-10 23:35:04 ( .D... ) "C:\Program Files\Accoona"
2008-03-10 23:34:58 ( .D... ) "C:\Program Files\3721"
2008-03-10 23:24:54 21504 ( A.... ) "C:\WINDOWS\764.exe"
2008-03-10 23:22:52 14336 ( A.... ) "C:\WINDOWS\aconti.exe"
2008-03-10 21:43:54 25344 ( A.... ) "C:\WINDOWS\settn.dll"
2008-03-10 21:43:54 19712 ( A.... ) "C:\WINDOWS\kvnab.exe"
2008-03-10 21:43:54 11008 ( A.... ) "C:\WINDOWS\kvnab$.exe"
2008-03-10 21:43:50 24576 ( A.... ) "C:\WINDOWS\hcwprn.exe"
2008-03-10 21:43:48 25600 ( A.... ) "C:\WINDOWS\pbsysie.dll"
2008-03-10 21:43:44 23040 ( A.... ) "C:\WINDOWS\wbeInst$.exe"
2008-03-10 21:43:44 14592 ( A.... ) "C:\WINDOWS\wbeCheck.exe"
2008-03-10 21:43:40 16896 ( A.... ) "C:\WINDOWS\hotporn.exe"
2008-03-10 21:41:44 12544 ( A.... ) "C:\WINDOWS\kvnab.dll"
2008-03-10 21:33:46 ( .D... ) "C:\Program Files\amsys"
2008-03-10 21:21:50 14080 ( A.... ) "C:\WINDOWS\iexplorr23.dll"
2008-03-10 21:21:46 16384 ( A.... ) "C:\WINDOWS\system32\ace16win.dll"
2008-03-10 21:21:38 22016 ( A.... ) "C:\WINDOWS\system32\wml.exe"
2008-03-10 21:21