Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJack This Log [RESOLVED]


  • This topic is locked This topic is locked

#1
gooter

gooter

    Member

  • Member
  • PipPip
  • 26 posts
I've had this spyware for about a month now and its making my computer really slow. I've run macafee and others loads of times with no luck - although it does keep quarantine files with vundo in the title which makes me think it is vundo that I've got?? I've clicked on your links to vundofix.exe but nothing comes up at all - even on my sisters 'clean' computer?

Anyway, I've posted my HiJackThis log below, to make sure it is vundo. Any help would be much appreciated...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:37, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\C Drive downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\etdxrvmh.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\rqfcqxar.dll",s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10237 bytes

Thanks in advance guys :)
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello gooter

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Kahdah, thanks mate!


Deckard's System Scanner v20071014.68
Run by matt on 2008-06-08 19:17:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-06-08 18:17:25 UTC - RP1214 - Deckard's System Scanner Restore Point
9: 2008-06-08 13:01:05 UTC - RP1213 - System Checkpoint
8: 2008-06-07 12:38:55 UTC - RP1212 - System Checkpoint
7: 2008-06-06 09:07:12 UTC - RP1211 - System Checkpoint
6: 2008-06-04 23:11:27 UTC - RP1210 - System Checkpoint


-- First Restore Point --
1: 2008-05-28 19:13:53 UTC - RP1205 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.71 GiB (less than 15%) free.


-- HijackThis (run as matt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:40, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\New Folder (2)\dss.exe
c:\PROGRA~1\mcafee\mpf\mc\mpfalert.exe
C:\CDRIVE~1\matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ydpncexy.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\kjiljofs.dll
O2 - BHO: {7d9f5bce-243b-b439-abf4-0c598be65fc5} - {5cf56eb8-95c0-4fba-934b-b342ecb5f9d7} - C:\WINDOWS\system32\pojurwip.dll
O2 - BHO: (no name) - {6ACDAFDA-A9C7-4F08-B985-1765C4BE63F2} - C:\WINDOWS\system32\pmkhf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\ddcdbbx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\etdxrvmh.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\rqfcqxar.dll",s
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ddcdbbx - C:\WINDOWS\SYSTEM32\ddcdbbx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11067 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S2 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_1058&PID_0901\57442D5743414E4B37313830393235
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_1058&PID_0901\57442D5743414E4B37313830393235
Service: USBSTOR


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 01:00:19 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-05-15 01:01:21 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 19:16:43 0 d-------- D:\Deckard
2008-06-07 21:25:54 104512 --a------ C:\WINDOWS\system32\pojurwip.dll
2008-06-07 21:22:55 93760 --a------ C:\WINDOWS\system32\etdxrvmh.dll
2008-06-07 21:16:54 103488 --a------ C:\WINDOWS\system32\rqfcqxar.dll
2008-06-06 21:07:59 102464 --a------ C:\WINDOWS\system32\holmehqv.dll
2008-06-06 21:05:24 104000 --a------ C:\WINDOWS\system32\tcyfcpsp.dll
2008-06-05 21:18:05 102976 --a------ C:\WINDOWS\system32\hqxyfyqe.dll
2008-06-05 21:06:03 101440 --a------ C:\WINDOWS\system32\sfvwmwbt.dll
2008-06-04 21:20:44 102976 --a------ C:\WINDOWS\system32\torkcldo.dll
2008-06-04 21:03:03 101440 --a------ C:\WINDOWS\system32\ohdhvlbt.dll
2008-06-04 21:02:43 522335 --ahs---- C:\WINDOWS\system32\fhkmp.ini2
2008-06-04 21:02:37 280064 --a------ C:\WINDOWS\system32\pmkhf.dll
2008-06-03 08:51:52 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2008-05-27 18:55:57 2624 --a------ C:\WINDOWS\system32\btvkqbie.exe
2008-05-27 18:40:56 92224 --a------ C:\WINDOWS\system32\kjiljofs.dll
2008-05-26 18:31:25 2624 --a------ C:\WINDOWS\system32\rdqskteg.exe
2008-05-26 18:19:32 92224 --a------ C:\WINDOWS\system32\cyuntmkx.dll
2008-05-25 18:25:23 2624 --a------ C:\WINDOWS\system32\gpohheys.exe
2008-05-25 18:16:22 92224 --a------ C:\WINDOWS\system32\yqecsefi.dll
2008-05-24 18:16:47 2624 --a------ C:\WINDOWS\system32\mtcxckdy.exe
2008-05-24 18:16:27 92224 --a------ C:\WINDOWS\system32\xdfmvkvc.dll
2008-05-23 18:28:31 2624 --a------ C:\WINDOWS\system32\mhgfxnhv.exe
2008-05-23 18:14:06 92224 --a------ C:\WINDOWS\system32\foquwqjh.dll
2008-05-23 18:13:27 585428 --ahs---- C:\WINDOWS\system32\tvvwa.ini2
2008-05-21 22:48:39 2624 --a------ C:\WINDOWS\system32\khjfgkta.exe
2008-05-21 22:42:57 92224 --a------ C:\WINDOWS\system32\baggfdjf.dll
2008-05-20 22:49:50 2624 --a------ C:\WINDOWS\system32\whperuho.exe
2008-05-20 22:44:02 92224 --a------ C:\WINDOWS\system32\dhjnxwng.dll
2008-05-19 22:42:05 2624 --a------ C:\WINDOWS\system32\qnauwduo.exe
2008-05-19 22:41:56 92224 --a------ C:\WINDOWS\system32\lwtwrnvr.dll
2008-05-18 21:32:36 2112 --a------ C:\WINDOWS\system32\pjttrjqf.exe
2008-05-18 21:27:23 3648 --a------ C:\WINDOWS\system32\howlvjvy.dll
2008-05-18 21:24:04 3648 --a------ C:\WINDOWS\system32\jcjqjrxb.dll
2008-05-17 21:29:53 2112 --a------ C:\WINDOWS\system32\ntiuvrst.exe
2008-05-17 21:23:53 3648 --a------ C:\WINDOWS\system32\bopnksnf.dll
2008-05-16 21:35:21 2112 --a------ C:\WINDOWS\system32\hncfyisc.exe
2008-05-16 21:23:22 3648 --a------ C:\WINDOWS\system32\empcdfrw.dll
2008-05-15 21:39:49 2112 --a------ C:\WINDOWS\system32\mcvbxymf.exe
2008-05-15 21:22:16 3648 --a------ C:\WINDOWS\system32\cvhwcwpg.dll
2008-05-14 21:06:51 2112 --a------ C:\WINDOWS\system32\twffnpfq.exe
2008-05-14 20:55:24 3648 --a------ C:\WINDOWS\system32\nnebmtwm.dll
2008-05-14 07:10:57 53312 --a------ C:\WINDOWS\system32\ydpncexy.dll
2008-05-13 08:06:22 2112 --a------ C:\WINDOWS\system32\oyeotwry.exe
2008-05-12 22:35:42 53312 --a------ C:\WINDOWS\system32\bicfumon.dll
2008-05-11 21:11:08 2112 --a------ C:\WINDOWS\system32\wqgjcmao.exe
2008-05-11 21:05:08 53312 --a------ C:\WINDOWS\system32\ewsxgdit.dll
2008-05-10 21:17:07 2112 --a------ C:\WINDOWS\system32\dchgegrg.exe
2008-05-10 21:08:06 53312 --a------ C:\WINDOWS\system32\jofjtasb.dll
2008-05-09 21:15:39 2112 --a------ C:\WINDOWS\system32\tpomjnpc.exe
2008-05-09 21:06:39 53312 --a------ C:\WINDOWS\system32\mbsmfrja.dll
2008-05-08 21:07:13 2112 --a------ C:\WINDOWS\system32\ibeiojbx.exe
2008-05-08 21:04:20 53312 --a------ C:\WINDOWS\system32\flaqqtrj.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-08 19:13:09 0 d-------- D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-07 18:18:17 0 d-------- C:\Program Files\McAfee
2008-05-29 09:27:24 0 d-------- C:\Program Files\utorrent
2008-05-22 20:09:34 667527 --ahs---- C:\WINDOWS\system32\ghkmp.ini2
2008-05-08 21:19:18 0 d-------- D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-07 21:08:46 2112 --a------ C:\WINDOWS\system32\xextpemb.exe
2008-05-07 21:05:46 53312 --a------ C:\WINDOWS\system32\gypalbnf.dll
2008-05-06 21:05:09 2112 --a------ C:\WINDOWS\system32\nshcvvwh.exe
2008-05-06 20:59:47 53312 --a------ C:\WINDOWS\system32\fwiqucfm.dll
2008-05-05 20:51:31 53312 --a------ C:\WINDOWS\system32\fkoqsvut.dll
2008-05-05 19:45:45 53312 --a------ C:\WINDOWS\system32\bfxnxbrf.dll
2008-05-04 19:42:40 53312 --a------ C:\WINDOWS\system32\yuiyndix.dll
2008-05-04 14:21:35 0 d-------- C:\Program Files\Java
2008-05-03 19:43:44 53312 --a------ C:\WINDOWS\system32\yriibmvw.dll
2008-05-02 19:40:51 53312 --a------ C:\WINDOWS\system32\jxjusumr.dll
2008-04-30 20:44:36 53312 --a------ C:\WINDOWS\system32\iqwgrkkj.dll
2008-04-29 20:41:08 53312 --a------ C:\WINDOWS\system32\xcyhxvnq.dll
2008-04-29 14:22:23 53312 --a------ C:\WINDOWS\system32\xaytunrv.dll
2008-04-28 14:20:23 53312 --a------ C:\WINDOWS\system32\hkiuboju.dll
2008-04-27 14:16:07 53312 --a------ C:\WINDOWS\system32\jgewcskv.dll
2008-04-25 21:03:56 53312 --a------ C:\WINDOWS\system32\ycmrilsh.dll
2008-04-24 21:04:02 53312 --a------ C:\WINDOWS\system32\shewaxkw.dll
2008-04-23 21:04:19 53312 --a------ C:\WINDOWS\system32\qsbayjnn.dll
2008-04-22 20:59:53 53312 --a------ C:\WINDOWS\system32\elrmuute.dll
2008-04-22 20:08:04 0 d-------- D:\Documents and Settings\matt\Application Data\Real
2008-04-21 00:30:43 53312 --a------ C:\WINDOWS\system32\sxxejqoj.dll
2008-04-16 07:59:49 53312 --a------ C:\WINDOWS\system32\jbxowpij.dll
2008-04-15 07:56:45 3648 --a------ C:\WINDOWS\system32\mmhqeqvj.dll
2008-04-15 07:56:40 53312 --a------ C:\WINDOWS\system32\meamevlv.dll
2008-04-14 07:06:37 3648 --a------ C:\WINDOWS\system32\ukqecnmp.dll
2008-04-14 07:03:37 53312 --a------ C:\WINDOWS\system32\luimuilq.dll
2008-04-13 01:23:52 3648 --a------ C:\WINDOWS\system32\pyrfgiof.dll
2008-04-13 01:20:51 53312 --a------ C:\WINDOWS\system32\odrxoxmn.dll
2008-04-12 23:17:57 3648 --a------ C:\WINDOWS\system32\mvistfvh.dll
2008-04-12 23:11:55 53312 --a------ C:\WINDOWS\system32\pouldhsd.dll
2008-04-11 23:10:56 3648 --a------ C:\WINDOWS\system32\wgblofhf.dll
2008-04-11 23:10:33 53312 --a------ C:\WINDOWS\system32\xeoiouvc.dll
2008-04-11 22:07:38 3648 --a------ C:\WINDOWS\system32\gbuqfkyc.dll
2008-04-11 22:04:48 53312 --a------ C:\WINDOWS\system32\pyhrmjvr.dll
2008-04-10 22:06:20 3648 --a------ C:\WINDOWS\system32\dvseroym.dll
2008-04-10 22:03:46 53312 --a------ C:\WINDOWS\system32\fserutut.dll
2008-04-09 21:08:02 3648 --a------ C:\WINDOWS\system32\wivadlbq.dll
2008-04-09 21:05:02 53312 --a------ C:\WINDOWS\system32\hhojqxji.dll
2008-04-08 21:03:30 3648 --a------ C:\WINDOWS\system32\jxssiksx.dll
2008-04-08 21:03:22 53312 --a------ C:\WINDOWS\system32\lhdkrmfd.dll
2008-04-08 20:09:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-07 21:03:28 53312 --a------ C:\WINDOWS\system32\gvtiuuqm.dll
2008-04-06 18:14:01 89664 --a------ C:\WINDOWS\system32\mqnvtkak.dll
2008-04-06 18:13:48 53312 --a------ C:\WINDOWS\system32\abuogrod.dll
2008-04-06 14:05:26 89664 --a------ C:\WINDOWS\system32\emqccgjt.dll
2008-04-06 14:02:38 53312 --a------ C:\WINDOWS\system32\iyymitly.dll
2008-04-04 21:33:52 53312 --a------ C:\WINDOWS\system32\arwdxidn.dll
2008-04-02 21:34:22 83520 --a------ C:\WINDOWS\system32\lkyvefty.dll
2008-03-23 20:01:56 38912 --a------ C:\WINDOWS\system32\ddcdbbx.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
14/05/2008 07:10 53312 --a------ C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
27/05/2008 18:40 92224 --a------ C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5cf56eb8-95c0-4fba-934b-b342ecb5f9d7}]
07/06/2008 21:25 104512 --a------ C:\WINDOWS\system32\pojurwip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ACDAFDA-A9C7-4F08-B985-1765C4BE63F2}]
04/06/2008 21:02 280064 --a------ C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
23/03/2008 20:01 38912 --a------ C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/08/2005 17:35]
"nwiz"="nwiz.exe" [02/08/2005 17:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/08/2005 17:35]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"RTHDCPL"="RTHDCPL.EXE" [22/09/2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"54de0b5e"="C:\WINDOWS\system32\etdxrvmh.dll" [07/06/2008 21:22]
"BM57ed38c2"="C:\WINDOWS\system32\rqfcqxar.dll" [07/06/2008 21:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 15:00]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [27/04/2007 19:22]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [20/10/2005 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [23/03/2008 20:01 38912]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 08/04/2008 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll 23/03/2008 20:01 38912 C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 208.67.70.3
127.0.0.1 38.99.150.167
127.0.0.1 38.99.150.205
127.0.0.1 88.255.90.60
127.0.0.1 opal.spod.org
127.0.0.1 sendspace.com
127.0.0.1 ad1.ny.yieldmanager.com
127.0.0.1 ad2.ny.yieldmanager.com
127.0.0.1 ny.yieldmanager.com
127.0.0.1 yieldmanager.com

2 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 19:24:09 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.06GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 1023.48 MiB / 337.86 MiB
Pagefile Memory (total/avail): 2458.03 MiB / 1843.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.99 GiB total, 0.71 GiB free.
D: is Fixed (NTFS) - 111.24 GiB total, 0.75 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 465.76 GiB total, 1.26 GiB free.

\\.\PHYSICALDRIVE0 - ST3160023AS - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 7.81 GiB
\PARTITION1 (bootable) - Installable File System - 29.99 GiB - C:
\PARTITION2 - Installable File System - 111.24 GiB - D:

\\.\PHYSICALDRIVE1 - Seagate FreeAgentDesktop USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
FW: Norton Personal Firewall v2006 (Symantec Corporation)
AV: Norton AntiVirus v2005 (Symantec Corporation)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\kdx\\KHost.exe"="C:\\WINDOWS\\kdx\\KHost.exe:*:Enabled:Delivery Manager"
"C:\\Program Files\\KService\\KService.exe"="C:\\Program Files\\KService\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\ehome\\ehshell.exe"="C:\\WINDOWS\\ehome\\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\matt\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=049654320772
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\matt
LOGONSERVER=\\049654320772
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=D:\DOCUME~1\matt\LOCALS~1\Temp
TMP=D:\DOCUME~1\matt\LOCALS~1\Temp
USERDOMAIN=049654320772
USERNAME=matt
USERPROFILE=D:\Documents and Settings\matt
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

matt (admin)
MCX1
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "c:\apps\skype\phone\unins000.exe"
--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
--> C:\PROGRA~1\Norman\NORMAN~1\UNWISE.EXE C:\PROGRA~1\Norman\NORMAN~1\INSTALL.LOG
--> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Learn2.com\StRunner\stuninst.exe
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
--> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D35DFD7-DED3-4D49-8293-C9D82DA322FB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D SexVilla Oxin's Style! --> "G:\Music\New Folder\Country&Western\Xtra\New Folder\Oxin's Style!\3D SexVilla\unins000.exe"
A-Z Video Converter Ultimate 7.66 --> "C:\Program Files\A-Z\A-Z Video Converter Ultimate\unins000.exe"
Acer eOpening Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF1EA239-9F8A-475B-91BE-3DA009599D73}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVIcodec (remove only) --> "C:\Program Files\AVIcodec\uninst.exe"
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CM4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}
Company of Heroes --> MsiExec.exe /X{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
===============
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#5
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks Kahdah, I ran combofix - the log and a new hijackthis log is below. Just so you know, when combofix was running, a message kept coming up saying unable to locate REGT.CFEXE, please try to reinstall the application - it came up about two dozen times!

Also, two message came up once each during combofix (and then again when the computer restarted) saying there was an error loading C\WINDOWS\SYSTEM32\KWBEEPYT.DLL and C\WINDOWS\SYSTEM32\KWBEEPYT.DLL - "specified module could not be found". I don't know if any of that is importent, but I thought it best to mention it...

Thanks again

ComboFix 08-06-08.2 - matt 2008-06-09 16:51:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.444 [GMT 1:00]
Running from: D:\Documents and Settings\matt\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\assys.dll
C:\WINDOWS\BM57ed38c2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\anlmohrn.ini
C:\WINDOWS\system32\avabdlnt.ini
C:\WINDOWS\system32\awyefkym.ini
C:\WINDOWS\system32\baggfdjf.dll
C:\WINDOWS\system32\bgrmigpk.ini
C:\WINDOWS\system32\bopnksnf.dll
C:\WINDOWS\system32\btvkqbie.exe
C:\WINDOWS\system32\bxntqqro.ini
C:\WINDOWS\system32\cbhwqpga.ini
C:\WINDOWS\system32\ccwniutb.ini
C:\WINDOWS\system32\cvhwcwpg.dll
C:\WINDOWS\system32\cyhwavty.ini
C:\WINDOWS\system32\cyuntmkx.dll
C:\WINDOWS\system32\dabhdbdn.ini
C:\WINDOWS\system32\dchgegrg.exe
C:\WINDOWS\system32\ddcdbbx.dll
C:\WINDOWS\system32\dfgjjqwp.ini
C:\WINDOWS\system32\dhjeheoc.ini
C:\WINDOWS\system32\dhjnxwng.dll
C:\WINDOWS\system32\dvseroym.dll
C:\WINDOWS\system32\emofpxrp.ini
C:\WINDOWS\system32\empcdfrw.dll
C:\WINDOWS\system32\emqccgjt.dll
C:\WINDOWS\system32\enajgplf.ini
C:\WINDOWS\system32\esmyooyi.ini
C:\WINDOWS\system32\fddckfds.ini
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fmnasmcj.ini
C:\WINDOWS\system32\foquwqjh.dll
C:\WINDOWS\system32\gbuqfkyc.dll
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\gltfqatk.ini
C:\WINDOWS\system32\gmofovex.ini
C:\WINDOWS\system32\gpohheys.exe
C:\WINDOWS\system32\gtrnwkgc.ini
C:\WINDOWS\system32\gwghnjyi.ini
C:\WINDOWS\system32\hiwfnrku.ini
C:\WINDOWS\system32\hltxsjqb.ini
C:\WINDOWS\system32\hmvrxdte.ini
C:\WINDOWS\system32\hncfyisc.exe
C:\WINDOWS\system32\holmehqv.dll
C:\WINDOWS\system32\howlvjvy.dll
C:\WINDOWS\system32\hqxyfyqe.dll
C:\WINDOWS\system32\htuniscq.ini
C:\WINDOWS\system32\iajtaqpd.ini
C:\WINDOWS\system32\ibeiojbx.exe
C:\WINDOWS\system32\jbaeaurw.ini
C:\WINDOWS\system32\jbmnxmgl.ini
C:\WINDOWS\system32\jcjqjrxb.dll
C:\WINDOWS\system32\jobabxsj.ini
C:\WINDOWS\system32\jxssiksx.dll
C:\WINDOWS\system32\khjfgkta.exe
C:\WINDOWS\system32\kjiljofs.dll
C:\WINDOWS\system32\kkjcmbpb.ini
C:\WINDOWS\system32\krojwcgm.ini
C:\WINDOWS\system32\kwbeepyt.dll
C:\WINDOWS\system32\lkyvefty.dll
C:\WINDOWS\system32\lplkdsup.ini
C:\WINDOWS\system32\luoehbry.ini
C:\WINDOWS\system32\lwtwrnvr.dll
C:\WINDOWS\system32\mcvbxymf.exe
C:\WINDOWS\system32\meuolnkv.ini
C:\WINDOWS\system32\mhgfxnhv.exe
C:\WINDOWS\system32\mhhuddfw.ini
C:\WINDOWS\system32\mmhqeqvj.dll
C:\WINDOWS\system32\movaksmg.ini
C:\WINDOWS\system32\mqnvtkak.dll
C:\WINDOWS\system32\mtcxckdy.exe
C:\WINDOWS\system32\mvistfvh.dll
C:\WINDOWS\system32\njarltsl.ini
C:\WINDOWS\system32\nnebmtwm.dll
C:\WINDOWS\system32\nshcvvwh.exe
C:\WINDOWS\system32\ntiuvrst.exe
C:\WINDOWS\system32\ohdhvlbt.dll
C:\WINDOWS\system32\ophgimjl.ini
C:\WINDOWS\system32\oquoygid.ini
C:\WINDOWS\system32\orhitbso.ini
C:\WINDOWS\system32\ovbgkgqt.ini
C:\WINDOWS\system32\oyeotwry.exe
C:\WINDOWS\system32\pjttrjqf.exe
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pojurwip.dll
C:\WINDOWS\system32\pycgtvet.ini
C:\WINDOWS\system32\pyrfgiof.dll
C:\WINDOWS\system32\qnauwduo.exe
C:\WINDOWS\system32\quoylsat.dll
C:\WINDOWS\system32\qvtxbqiw.ini
C:\WINDOWS\system32\rbkbgxwd.ini
C:\WINDOWS\system32\rdefkvjl.ini
C:\WINDOWS\system32\rdqskteg.exe
C:\WINDOWS\system32\rfjtnjkm.ini
C:\WINDOWS\system32\rqfcqxar.dll
C:\WINDOWS\system32\sbuprxkf.ini
C:\WINDOWS\system32\sfvwmwbt.dll
C:\WINDOWS\system32\smrtqqyo.ini
C:\WINDOWS\system32\tcyfcpsp.dll
C:\WINDOWS\system32\teuxffap.ini
C:\WINDOWS\system32\tkpvopqu.dll
C:\WINDOWS\system32\tldjfsnn.ini
C:\WINDOWS\system32\torkcldo.dll
C:\WINDOWS\system32\tpomjnpc.exe
C:\WINDOWS\system32\trqvyfih.ini
C:\WINDOWS\system32\tvnndllp.ini
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\twffnpfq.exe
C:\WINDOWS\system32\ukcaogqc.ini
C:\WINDOWS\system32\ukqecnmp.dll
C:\WINDOWS\system32\uoekavfs.ini
C:\WINDOWS\system32\uqpovpkt.ini
C:\WINDOWS\system32\uqxivalu.ini
C:\WINDOWS\system32\voyyjyny.ini
C:\WINDOWS\system32\vqwkoiaf.ini
C:\WINDOWS\system32\wbnnverb.ini
C:\WINDOWS\system32\wdcrqmfk.ini
C:\WINDOWS\system32\wdgpykdh.ini
C:\WINDOWS\system32\wgblofhf.dll
C:\WINDOWS\system32\whperuho.exe
C:\WINDOWS\system32\wivadlbq.dll
C:\WINDOWS\system32\wqgjcmao.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\xdfmvkvc.dll
C:\WINDOWS\system32\xextpemb.exe
C:\WINDOWS\system32\xqdfhekh.ini
C:\WINDOWS\system32\xvfeubaw.ini
C:\WINDOWS\system32\xwvebtaq.ini
C:\WINDOWS\system32\ykruvged.ini
C:\WINDOWS\system32\yqecsefi.dll
C:\WINDOWS\system32\ytfevykl.ini
C:\WINDOWS\uawin.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-05-14 07:10 . 2008-05-14 07:10 53,312 --a------ C:\WINDOWS\system32\ydpncexy.dll
2008-05-12 22:35 . 2008-05-12 22:35 53,312 --a------ C:\WINDOWS\system32\bicfumon.dll
2008-05-12 22:30 . 2008-05-25 02:20 3,532 --a------ C:\drmHeader.bin
2008-05-11 21:05 . 2008-05-11 21:05 53,312 --a------ C:\WINDOWS\system32\ewsxgdit.dll
2008-05-10 21:08 . 2008-05-10 21:08 53,312 --a------ C:\WINDOWS\system32\jofjtasb.dll
2008-05-09 21:06 . 2008-05-09 21:06 53,312 --a------ C:\WINDOWS\system32\mbsmfrja.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 16:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-09 15:23 --------- d-----w D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-09 15:16 --------- d-----w C:\Program Files\thriXXX
2008-06-07 17:18 --------- d-----w C:\Program Files\McAfee
2008-05-29 08:27 --------- d-----w C:\Program Files\utorrent
2008-05-08 20:19 --------- d-----w D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-04 13:21 --------- d-----w C:\Program Files\Java
2007-07-08 09:36 87,608 ----a-w D:\Documents and Settings\matt\Application Data\inst.exe
2007-07-08 09:36 47,360 ----a-w D:\Documents and Settings\matt\Application Data\pcouffin.sys
2006-10-27 21:10 557,056 ----a-w D:\Documents and Settings\matt\chatlnk.exe
2006-08-13 15:47 6,224 ----a-w D:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-04-14 17:58 108 ----a-w D:\Documents and Settings\matt\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
C:\WINDOWS\system32\quoylsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-05-14 07:10 53312 --a------ C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 19:22 312848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 17:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 17:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 17:35 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"54de0b5e"="C:\WINDOWS\system32\tkpvopqu.dll" [ ]
"BM57ed38c2"="C:\WINDOWS\system32\kwbeepyt.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF9455.exe" [2004-08-10 15:00 388608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00 15360]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-08 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\Program Files\\KService\\KService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-04-14 09:59]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 00:01:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 00:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 17:04:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\APPS\ABOARD\AOSD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-06-09 17:09:15 - machine was rebooted [matt]
ComboFix-quarantined-files.txt 2008-06-09 16:09:09

Pre-Run: 653,651,968 bytes free
Post-Run: 457,052,160 bytes free

342 --- E O F --- 2008-03-13 03:03:45

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:07, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\C Drive downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: {c99fe860-2e1c-dd6b-ace4-c95a85449e22} - {22e94458-a59c-4eca-b6dd-c1e2068ef99c} - C:\WINDOWS\system32\quoylsat.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ydpncexy.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\kjiljofs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C5D23E70-458C-4765-9598-011AF2B10091} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\ddcdbbx.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\tkpvopqu.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\kwbeepyt.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF9455.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ddcdbbx - ddcdbbx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11037 bytes
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The file missing was a malware file that has been deleted and now we will fix the registry entry so it will not keep happening.

If you didn't install this program >thrixxx or Virtually Jenna, then please uninstall it and delete this folder C:\Program Files\thrixxx

Please delete your version of Combofix and redownload it from Here to your Desktop.


=====================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\ydpncexy.dll
C:\WINDOWS\system32\bicfumon.dll
C:\WINDOWS\system32\ewsxgdit.dll
C:\WINDOWS\system32\jofjtasb.dll
C:\WINDOWS\system32\mbsmfrja.dll
C:\WINDOWS\system32\tkpvopqu.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"54de0b5e"=-
"BM57ed38c2"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
What!?!? Me? Download that? No way, never, I ....er... downloaded it for a friend! Yes, that's it, a friend.... :)

:) :) :)

Anyway.... below are my new logs:


ComboFix 08-06-09.7 - matt 2008-06-10 17:17:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.485 [GMT 1:00]
Running from: D:\Documents and Settings\matt\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\matt\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\bicfumon.dll
C:\WINDOWS\system32\ewsxgdit.dll
C:\WINDOWS\system32\jofjtasb.dll
C:\WINDOWS\system32\mbsmfrja.dll
C:\WINDOWS\system32\tkpvopqu.dll
C:\WINDOWS\system32\ydpncexy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bicfumon.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\ewsxgdit.dll
C:\WINDOWS\system32\jofjtasb.dll
C:\WINDOWS\system32\mbsmfrja.dll
C:\WINDOWS\system32\ydpncexy.dll
D:\Documents and Settings\matt\Application Data\inst.exe
D:\Documents and Settings\MCX1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-05-12 22:30 . 2008-06-09 23:23 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-09 15:23 --------- d-----w D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-09 15:16 --------- d-----w C:\Program Files\thriXXX
2008-06-07 17:18 --------- d-----w C:\Program Files\McAfee
2008-05-29 08:27 --------- d-----w C:\Program Files\utorrent
2008-05-08 20:19 --------- d-----w D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-08 20:04 53,312 ----a-w C:\WINDOWS\system32\flaqqtrj.dll
2008-05-07 20:05 53,312 ----a-w C:\WINDOWS\system32\gypalbnf.dll
2008-05-06 19:59 53,312 ----a-w C:\WINDOWS\system32\fwiqucfm.dll
2008-05-05 19:51 53,312 ----a-w C:\WINDOWS\system32\fkoqsvut.dll
2008-05-05 18:45 53,312 ----a-w C:\WINDOWS\system32\bfxnxbrf.dll
2008-05-04 18:42 53,312 ----a-w C:\WINDOWS\system32\yuiyndix.dll
2008-05-04 13:21 --------- d-----w C:\Program Files\Java
2008-05-03 18:43 53,312 ----a-w C:\WINDOWS\system32\yriibmvw.dll
2008-05-02 18:40 53,312 ----a-w C:\WINDOWS\system32\jxjusumr.dll
2008-04-30 19:44 53,312 ----a-w C:\WINDOWS\system32\iqwgrkkj.dll
2008-04-29 19:41 53,312 ----a-w C:\WINDOWS\system32\xcyhxvnq.dll
2008-04-29 13:22 53,312 ----a-w C:\WINDOWS\system32\xaytunrv.dll
2008-04-28 13:20 53,312 ----a-w C:\WINDOWS\system32\hkiuboju.dll
2008-04-27 13:16 53,312 ----a-w C:\WINDOWS\system32\jgewcskv.dll
2008-04-25 20:03 53,312 ----a-w C:\WINDOWS\system32\ycmrilsh.dll
2008-04-24 20:04 53,312 ----a-w C:\WINDOWS\system32\shewaxkw.dll
2008-04-23 20:04 53,312 ----a-w C:\WINDOWS\system32\qsbayjnn.dll
2008-04-22 19:59 53,312 ----a-w C:\WINDOWS\system32\elrmuute.dll
2008-04-20 23:30 53,312 ----a-w C:\WINDOWS\system32\sxxejqoj.dll
2008-04-16 06:59 53,312 ----a-w C:\WINDOWS\system32\jbxowpij.dll
2008-04-15 06:56 53,312 ----a-w C:\WINDOWS\system32\meamevlv.dll
2008-04-14 06:03 53,312 ----a-w C:\WINDOWS\system32\luimuilq.dll
2008-04-13 00:20 53,312 ----a-w C:\WINDOWS\system32\odrxoxmn.dll
2008-04-12 22:11 53,312 ----a-w C:\WINDOWS\system32\pouldhsd.dll
2008-04-11 22:10 53,312 ----a-w C:\WINDOWS\system32\xeoiouvc.dll
2008-04-11 21:04 53,312 ----a-w C:\WINDOWS\system32\pyhrmjvr.dll
2008-04-10 21:03 53,312 ----a-w C:\WINDOWS\system32\fserutut.dll
2008-04-09 20:05 53,312 ----a-w C:\WINDOWS\system32\hhojqxji.dll
2008-04-08 20:03 53,312 ----a-w C:\WINDOWS\system32\lhdkrmfd.dll
2008-04-07 20:03 53,312 ----a-w C:\WINDOWS\system32\gvtiuuqm.dll
2008-04-06 17:13 53,312 ----a-w C:\WINDOWS\system32\abuogrod.dll
2008-04-06 13:02 53,312 ----a-w C:\WINDOWS\system32\iyymitly.dll
2008-04-04 20:33 53,312 ----a-w C:\WINDOWS\system32\arwdxidn.dll
2007-07-08 09:36 47,360 ----a-w D:\Documents and Settings\matt\Application Data\pcouffin.sys
2006-10-27 21:10 557,056 ----a-w D:\Documents and Settings\matt\chatlnk.exe
2006-08-13 15:47 6,224 ----a-w D:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-04-14 17:58 108 ----a-w D:\Documents and Settings\matt\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [email protected]_17.08.01.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 16:02:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 15:10:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-09 15:26:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-10 16:09:41 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-09 15:26:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-10 16:09:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-10 15:11:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat
+ 2008-06-10 15:11:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
C:\WINDOWS\system32\quoylsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 19:22 312848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 17:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 17:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 17:35 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"54de0b5e"="C:\WINDOWS\system32\tkpvopqu.dll" [ ]
"BM57ed38c2"="C:\WINDOWS\system32\kwbeepyt.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF9455.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00 15360]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-08 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\Program Files\\KService\\KService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-04-14 09:59]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 00:01:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 00:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 17:20:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 17:22:10
ComboFix-quarantined-files.txt 2008-06-10 16:22:02
ComboFix2.txt 2008-06-09 16:09:16

Pre-Run: 885,170,176 bytes free
Post-Run: 867,385,344 bytes free

227 --- E O F --- 2008-03-13 03:03:45




Deckard's System Scanner v20071014.68
Run by matt on 2008-06-10 17:30:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.9 GiB (less than 15%) free.


-- HijackThis (run as matt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:06, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\Documents and Settings\matt\Desktop\dss.exe
C:\CDRIVE~1\matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: {c99fe860-2e1c-dd6b-ace4-c95a85449e22} - {22e94458-a59c-4eca-b6dd-c1e2068ef99c} - C:\WINDOWS\system32\quoylsat.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ydpncexy.dll (file missing)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\kjiljofs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C5D23E70-458C-4765-9598-011AF2B10091} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\ddcdbbx.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\tkpvopqu.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\kwbeepyt.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF9455.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ddcdbbx - ddcdbbx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11087 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 17:19:45 0 d-------- D:\Qoobox
2008-06-09 16:48:35 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 16:48:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 16:48:35 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 16:48:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 16:48:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 16:48:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 16:48:34 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 16:48:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 19:16:43 0 d-------- D:\Deckard


-- Find3M Report ---------------------------------------------------------------

2008-06-09 16:23:18 0 d-------- D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-09 16:16:43 0 d-------- C:\Program Files\thriXXX
2008-06-07 18:18:17 0 d-------- C:\Program Files\McAfee
2008-05-29 09:27:24 0 d-------- C:\Program Files\utorrent
2008-05-08 21:19:18 0 d-------- D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-08 21:04:20 53312 --a------ C:\WINDOWS\system32\flaqqtrj.dll
2008-05-07 21:05:46 53312 --a------ C:\WINDOWS\system32\gypalbnf.dll
2008-05-06 20:59:47 53312 --a------ C:\WINDOWS\system32\fwiqucfm.dll
2008-05-05 20:51:31 53312 --a------ C:\WINDOWS\system32\fkoqsvut.dll
2008-05-05 19:45:45 53312 --a------ C:\WINDOWS\system32\bfxnxbrf.dll
2008-05-04 19:42:40 53312 --a------ C:\WINDOWS\system32\yuiyndix.dll
2008-05-04 14:21:35 0 d-------- C:\Program Files\Java
2008-05-03 19:43:44 53312 --a------ C:\WINDOWS\system32\yriibmvw.dll
2008-05-02 19:40:51 53312 --a------ C:\WINDOWS\system32\jxjusumr.dll
2008-04-30 20:44:36 53312 --a------ C:\WINDOWS\system32\iqwgrkkj.dll
2008-04-29 20:41:08 53312 --a------ C:\WINDOWS\system32\xcyhxvnq.dll
2008-04-29 14:22:23 53312 --a------ C:\WINDOWS\system32\xaytunrv.dll
2008-04-28 14:20:23 53312 --a------ C:\WINDOWS\system32\hkiuboju.dll
2008-04-27 14:16:07 53312 --a------ C:\WINDOWS\system32\jgewcskv.dll
2008-04-25 21:03:56 53312 --a------ C:\WINDOWS\system32\ycmrilsh.dll
2008-04-24 21:04:02 53312 --a------ C:\WINDOWS\system32\shewaxkw.dll
2008-04-23 21:04:19 53312 --a------ C:\WINDOWS\system32\qsbayjnn.dll
2008-04-22 20:59:53 53312 --a------ C:\WINDOWS\system32\elrmuute.dll
2008-04-22 20:08:04 0 d-------- D:\Documents and Settings\matt\Application Data\Real
2008-04-21 00:30:43 53312 --a------ C:\WINDOWS\system32\sxxejqoj.dll
2008-04-16 07:59:49 53312 --a------ C:\WINDOWS\system32\jbxowpij.dll
2008-04-15 07:56:40 53312 --a------ C:\WINDOWS\system32\meamevlv.dll
2008-04-14 07:03:37 53312 --a------ C:\WINDOWS\system32\luimuilq.dll
2008-04-13 01:20:51 53312 --a------ C:\WINDOWS\system32\odrxoxmn.dll
2008-04-12 23:11:55 53312 --a------ C:\WINDOWS\system32\pouldhsd.dll
2008-04-11 23:10:33 53312 --a------ C:\WINDOWS\system32\xeoiouvc.dll
2008-04-11 22:04:48 53312 --a------ C:\WINDOWS\system32\pyhrmjvr.dll
2008-04-10 22:03:46 53312 --a------ C:\WINDOWS\system32\fserutut.dll
2008-04-09 21:05:02 53312 --a------ C:\WINDOWS\system32\hhojqxji.dll
2008-04-08 21:03:22 53312 --a------ C:\WINDOWS\system32\lhdkrmfd.dll
2008-04-07 21:03:28 53312 --a------ C:\WINDOWS\system32\gvtiuuqm.dll
2008-04-06 18:13:48 53312 --a------ C:\WINDOWS\system32\abuogrod.dll
2008-04-06 14:02:38 53312 --a------ C:\WINDOWS\system32\iyymitly.dll
2008-04-04 21:33:52 53312 --a------ C:\WINDOWS\system32\arwdxidn.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
C:\WINDOWS\system32\quoylsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/08/2005 17:35]
"nwiz"="nwiz.exe" [02/08/2005 17:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/08/2005 17:35]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"RTHDCPL"="RTHDCPL.EXE" [22/09/2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"54de0b5e"="C:\WINDOWS\system32\tkpvopqu.dll" []
"BM57ed38c2"="C:\WINDOWS\system32\kwbeepyt.dll" []
"combofix"="C:\WINDOWS\system32\CF9455.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 15:00]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [27/04/2007 19:22]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [20/10/2005 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 08/04/2008 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE




-- End of Deckard's System Scanner: finished at 2008-06-10 17:31:59 ------------
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
It appears that you are about to run out of Hard drive space:
System Drive C: has 0.9 GiB (less than 15%) free.

I suggest getting rid of any programs that you don't use any more if Norton is still installed then uninstall it.
================
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
===================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\flaqqtrj.dll
C:\WINDOWS\system32\gypalbnf.dll
C:\WINDOWS\system32\fwiqucfm.dll
C:\WINDOWS\system32\fkoqsvut.dll
C:\WINDOWS\system32\bfxnxbrf.dll
C:\WINDOWS\system32\yriibmvw.dll
C:\WINDOWS\system32\jxjusumr.dll
C:\WINDOWS\system32\iqwgrkkj.dll
C:\WINDOWS\system32\xcyhxvnq.dll
C:\WINDOWS\system32\xaytunrv.dll
C:\WINDOWS\system32\hkiuboju.dll
C:\WINDOWS\system32\jgewcskv.dll
C:\WINDOWS\system32\ycmrilsh.dll
C:\WINDOWS\system32\shewaxkw.dll
C:\WINDOWS\system32\qsbayjnn.dll
C:\WINDOWS\system32\elrmuute.dll
C:\WINDOWS\system32\sxxejqoj.dll
C:\WINDOWS\system32\jbxowpij.dll
C:\WINDOWS\system32\meamevlv.dll
C:\WINDOWS\system32\luimuilq.dll
C:\WINDOWS\system32\odrxoxmn.dll
C:\WINDOWS\system32\pouldhsd.dll
C:\WINDOWS\system32\xeoiouvc.dll
C:\WINDOWS\system32\pyhrmjvr.dll
C:\WINDOWS\system32\fserutut.dll
C:\WINDOWS\system32\hhojqxji.dll
C:\WINDOWS\system32\lhdkrmfd.dll
C:\WINDOWS\system32\gvtiuuqm.dll
C:\WINDOWS\system32\abuogrod.dll
C:\WINDOWS\system32\iyymitly.dll
C:\WINDOWS\system32\arwdxidn.dll
C:\WINDOWS\system32\yuiyndix.dll
C:\WINDOWS\system32\tkpvopqu.dll
C:\WINDOWS\system32\kwbeepyt.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"54de0b5e"=-
"BM57ed38c2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I uninstalled Norton ages ago - McAffee wouldn't install with Norton still there. I even got a special tool from Norton to completely remove it. I guess it didn't work, I'll have to go back to them I suppose. Yeah, and I'll try and free up some space on C.

Deckard's System Scanner v20071014.68
Run by matt on 2008-06-10 20:31:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.87 GiB (less than 15%) free.


-- HijackThis (run as matt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:51, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Documents and Settings\matt\Desktop\dss.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\CDRIVE~1\matt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: {c99fe860-2e1c-dd6b-ace4-c95a85449e22} - {22e94458-a59c-4eca-b6dd-c1e2068ef99c} - C:\WINDOWS\system32\quoylsat.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ydpncexy.dll (file missing)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\kjiljofs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {C5D23E70-458C-4765-9598-011AF2B10091} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\ddcdbbx.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\tkpvopqu.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\kwbeepyt.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF9455.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: ddcdbbx - ddcdbbx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11021 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 17:19:45 0 d-------- D:\Qoobox
2008-06-09 16:48:35 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 16:48:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 16:48:35 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 16:48:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 16:48:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 16:48:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 16:48:34 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 16:48:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 19:16:43 0 d-------- D:\Deckard


-- Find3M Report ---------------------------------------------------------------

2008-06-10 20:20:30 0 d-------- D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-09 16:16:43 0 d-------- C:\Program Files\thriXXX
2008-06-07 18:18:17 0 d-------- C:\Program Files\McAfee
2008-05-29 09:27:24 0 d-------- C:\Program Files\utorrent
2008-05-08 21:19:18 0 d-------- D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-04 14:21:35 0 d-------- C:\Program Files\Java
2008-04-22 20:08:04 0 d-------- D:\Documents and Settings\matt\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
C:\WINDOWS\system32\quoylsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/08/2005 17:35]
"nwiz"="nwiz.exe" [02/08/2005 17:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/08/2005 17:35]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"RTHDCPL"="RTHDCPL.EXE" [22/09/2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"54de0b5e"="C:\WINDOWS\system32\tkpvopqu.dll" []
"BM57ed38c2"="C:\WINDOWS\system32\kwbeepyt.dll" []
"combofix"="C:\WINDOWS\system32\CF9455.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 15:00]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [27/04/2007 19:22]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [20/10/2005 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 08/04/2008 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE




-- End of Deckard's System Scanner: finished at 2008-06-10 20:34:22 ------------



ComboFix 08-06-09.7 - matt 2008-06-10 20:23:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.477 [GMT 1:00]
Running from: D:\Documents and Settings\matt\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\matt\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\abuogrod.dll
C:\WINDOWS\system32\arwdxidn.dll
C:\WINDOWS\system32\bfxnxbrf.dll
C:\WINDOWS\system32\elrmuute.dll
C:\WINDOWS\system32\fkoqsvut.dll
C:\WINDOWS\system32\flaqqtrj.dll
C:\WINDOWS\system32\fserutut.dll
C:\WINDOWS\system32\fwiqucfm.dll
C:\WINDOWS\system32\gvtiuuqm.dll
C:\WINDOWS\system32\gypalbnf.dll
C:\WINDOWS\system32\hhojqxji.dll
C:\WINDOWS\system32\hkiuboju.dll
C:\WINDOWS\system32\iqwgrkkj.dll
C:\WINDOWS\system32\iyymitly.dll
C:\WINDOWS\system32\jbxowpij.dll
C:\WINDOWS\system32\jgewcskv.dll
C:\WINDOWS\system32\jxjusumr.dll
C:\WINDOWS\system32\kwbeepyt.dll
C:\WINDOWS\system32\lhdkrmfd.dll
C:\WINDOWS\system32\luimuilq.dll
C:\WINDOWS\system32\meamevlv.dll
C:\WINDOWS\system32\odrxoxmn.dll
C:\WINDOWS\system32\pouldhsd.dll
C:\WINDOWS\system32\pyhrmjvr.dll
C:\WINDOWS\system32\qsbayjnn.dll
C:\WINDOWS\system32\shewaxkw.dll
C:\WINDOWS\system32\sxxejqoj.dll
C:\WINDOWS\system32\tkpvopqu.dll
C:\WINDOWS\system32\xaytunrv.dll
C:\WINDOWS\system32\xcyhxvnq.dll
C:\WINDOWS\system32\xeoiouvc.dll
C:\WINDOWS\system32\ycmrilsh.dll
C:\WINDOWS\system32\yriibmvw.dll
C:\WINDOWS\system32\yuiyndix.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\abuogrod.dll
C:\WINDOWS\system32\arwdxidn.dll
C:\WINDOWS\system32\bfxnxbrf.dll
C:\WINDOWS\system32\elrmuute.dll
C:\WINDOWS\system32\fkoqsvut.dll
C:\WINDOWS\system32\flaqqtrj.dll
C:\WINDOWS\system32\fserutut.dll
C:\WINDOWS\system32\fwiqucfm.dll
C:\WINDOWS\system32\gvtiuuqm.dll
C:\WINDOWS\system32\gypalbnf.dll
C:\WINDOWS\system32\hhojqxji.dll
C:\WINDOWS\system32\hkiuboju.dll
C:\WINDOWS\system32\iqwgrkkj.dll
C:\WINDOWS\system32\iyymitly.dll
C:\WINDOWS\system32\jbxowpij.dll
C:\WINDOWS\system32\jgewcskv.dll
C:\WINDOWS\system32\jxjusumr.dll
C:\WINDOWS\system32\lhdkrmfd.dll
C:\WINDOWS\system32\luimuilq.dll
C:\WINDOWS\system32\meamevlv.dll
C:\WINDOWS\system32\odrxoxmn.dll
C:\WINDOWS\system32\pouldhsd.dll
C:\WINDOWS\system32\pyhrmjvr.dll
C:\WINDOWS\system32\qsbayjnn.dll
C:\WINDOWS\system32\shewaxkw.dll
C:\WINDOWS\system32\sxxejqoj.dll
C:\WINDOWS\system32\xaytunrv.dll
C:\WINDOWS\system32\xcyhxvnq.dll
C:\WINDOWS\system32\xeoiouvc.dll
C:\WINDOWS\system32\ycmrilsh.dll
C:\WINDOWS\system32\yriibmvw.dll
C:\WINDOWS\system32\yuiyndix.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-05-12 22:30 . 2008-06-09 23:23 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 19:25 --------- d-----w D:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-10 19:20 --------- d-----w D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-09 15:16 --------- d-----w C:\Program Files\thriXXX
2008-06-07 17:18 --------- d-----w C:\Program Files\McAfee
2008-05-29 08:27 --------- d-----w C:\Program Files\utorrent
2008-05-08 20:19 --------- d-----w D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-04 13:21 --------- d-----w C:\Program Files\Java
2007-07-08 09:36 47,360 ----a-w D:\Documents and Settings\matt\Application Data\pcouffin.sys
2006-10-27 21:10 557,056 ----a-w D:\Documents and Settings\matt\chatlnk.exe
2006-08-13 15:47 6,224 ----a-w D:\Documents and Settings\All Users\Application Data\ypinfo.bin
2006-04-14 17:58 108 ----a-w D:\Documents and Settings\matt\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [email protected]_17.08.01.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 16:02:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 16:25:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-09 15:26:39 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-10 16:09:41 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-09 15:26:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-10 16:09:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-10 16:25:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_768.dat
+ 2008-06-10 16:25:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e94458-a59c-4eca-b6dd-c1e2068ef99c}]
C:\WINDOWS\system32\quoylsat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
C:\WINDOWS\system32\ydpncexy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
C:\WINDOWS\system32\kjiljofs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D23E70-458C-4765-9598-011AF2B10091}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}]
C:\WINDOWS\system32\ddcdbbx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 19:22 312848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 15:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 17:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 17:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 17:35 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
"54de0b5e"="C:\WINDOWS\system32\tkpvopqu.dll" [ ]
"BM57ed38c2"="C:\WINDOWS\system32\kwbeepyt.dll" [ ]
"combofix"="C:\WINDOWS\system32\CF9455.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15:00 15360]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CF3FC4E8-8132-4D99-B43D-AEC175D64E8B}"= C:\WINDOWS\system32\ddcdbbx.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-08 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdbbx]
ddcdbbx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.yv12"= yv12vfw.dll
"VIDC.XVID"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\Program Files\\KService\\KService.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-04-14 09:59]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 12:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 12:12]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 15:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 00:01:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 00:00:19 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 20:26:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-10 20:28:29
ComboFix-quarantined-files.txt 2008-06-10 19:28:21
ComboFix2.txt 2008-06-10 16:22:12
ComboFix3.txt 2008-06-09 16:09:16

Pre-Run: 929,067,008 bytes free
Post-Run: 912,277,504 bytes free

247 --- E O F --- 2008-03-13 03:03:45
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: {c99fe860-2e1c-dd6b-ace4-c95a85449e22} - {22e94458-a59c-4eca-b6dd-c1e2068ef99c} - C:\WINDOWS\system32\quoylsat.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\ydpncexy.dll (file missing)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\kjiljofs.dll (file missing)
O2 - BHO: (no name) - {C5D23E70-458C-4765-9598-011AF2B10091} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {CF3FC4E8-8132-4D99-B43D-AEC175D64E8B} - C:\WINDOWS\system32\ddcdbbx.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [54de0b5e] rundll32.exe "C:\WINDOWS\system32\tkpvopqu.dll",b
O4 - HKLM\..\Run: [BM57ed38c2] Rundll32.exe "C:\WINDOWS\system32\kwbeepyt.dll",s
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF9455.exe /c C:\ComboFix\Combobatch.bat
O20 - Winlogon Notify: ddcdbbx - ddcdbbx.dll (file missing)



Now click on Fix Checked and then close Hijackthis.
======================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

Advertisements


#11
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Okay, I've finally managed to get Kaspersky to finish scanning - it scanned for almost 14 hours and then froze up on me :)

Here is the scan report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 23:05:00
Records in database: 857625
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 102629
Threat name: 16
Infected objects: 95
Suspicious objects: 4
Duration of the scan: 03:34:23


File name / Threat name / Threats count
C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack\MagicISO Maker 5.4.251.exe Infected: Email-Worm.Win32.VB.dq 1
C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack.rar Infected: Email-Worm.Win32.VB.dq 1
C:\Program Files\Nero\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\QooBox\Quarantine\C\WINDOWS\system32\abuogrod.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\arwdxidn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\baggfdjf.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bfxnxbrf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bicfumon.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bopnksnf.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\btvkqbie.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cvhwcwpg.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cyuntmkx.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dhjnxwng.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dvseroym.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\elrmuute.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\empcdfrw.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\emqccgjt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ewsxgdit.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fkoqsvut.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\flaqqtrj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\foquwqjh.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fserutut.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fwiqucfm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gbuqfkyc.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gpohheys.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gvtiuuqm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gypalbnf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hhojqxji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hkiuboju.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\holmehqv.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\howlvjvy.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hqxyfyqe.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iqwgrkkj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iyymitly.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jbxowpij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jcjqjrxb.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jgewcskv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jofjtasb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jxjusumr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jxssiksx.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\khjfgkta.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kjiljofs.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kwbeepyt.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lhdkrmfd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lkyvefty.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qvk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\luimuilq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lwtwrnvr.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mbsmfrja.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\meamevlv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mhgfxnhv.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mmhqeqvj.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mqnvtkak.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mvn 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mtcxckdy.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mvistfvh.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnebmtwm.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\odrxoxmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ohdhvlbt.dll.vir Infected: Trojan.Win32.Monder.mu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pojurwip.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pouldhsd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pyhrmjvr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pyrfgiof.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qnauwduo.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qsbayjnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\quoylsat.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rdqskteg.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rqfcqxar.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sfvwmwbt.dll.vir Infected: Trojan.Win32.Monder.mu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\shewaxkw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sxxejqoj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tcyfcpsp.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tkpvopqu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\torkcldo.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ukqecnmp.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wgblofhf.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\whperuho.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wivadlbq.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xaytunrv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xcyhxvnq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xdfmvkvc.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xeoiouvc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ycmrilsh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ydpncexy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yqecsefi.dll.vir Infected: Trojan.Win32.Obfuscated.auw 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yriibmvw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yuiyndix.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\QooBox\Quarantine\catchme2008-06-09_165849.07.zip Infected: Trojan.Win32.Monder.gen 1
D:\Deckard\System Scanner\20080610173046\backup\DOCUME~1\matt\LOCALS~1\Temp\TQBa.exe Infected: Trojan-Spy.Win32.Zbot.cee 1
D:\Deckard\System Scanner\20080610173046\backup\WINDOWS\temp\B.tmp Infected: Trojan-Spy.Win32.Zbot.cew 1
D:\Documents and Settings\matt\Desktop\DnLds\Smart.DVD.CD.Burner.v3.0.94.Incl.Keymaker-AGAiN\SmartDCB.exe Infected: Trojan.Win32.Delf.bqj 1
D:\Documents and Settings\matt\Desktop\Films\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 2
D:\Documents and Settings\matt\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 4
D:\Documents and Settings\matt\My Documents\Downloads\DVD-Cloner.IV.v4.10.914\Nero 7 Premium Reloaded 7.7.5.1 (full) + Portable Nero 7.5.9.0\Nero-7.7.5.1_eng\Nero-7.7.5.1_eng.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6\XP Codec Pack 2.0.6.exe Infected: not-a-virus:AdWare.Win32.SeeCha.e 1
D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6.zip Infected: not-a-virus:AdWare.Win32.SeeCha.e 1
D:\Documents and Settings\matt\Shared\New Folder (2)\07 the clash rebel waltz.wm Infected: Trojan-Downloader.WMA.Wimad.m 1

The selected area was scanned.
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Using cracked software is how you became infected it is a sure way to continue to stay infected if you continue using cracks.
================================
You have some infected e-mails in your Outlook personal storage.
Please delete everything in Outlook (only e-mails) because I do not know where the infected one are kaspersky doesn't tell me.
So just to be safe I would remove everything.
==============================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\Documents and Settings\matt\Shared\New Folder (2)\07 the clash rebel waltz.wm
    D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6.zip
    D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6\XP Codec Pack 2.0.6.exe
    D:\Documents and Settings\matt\My Documents\Downloads\DVD-Cloner.IV.v4.10.914\Nero 7 Premium Reloaded 7.7.5.1 (full) + Portable Nero 7.5.9.0\Nero-7.7.5.1_eng\Nero-7.7.5.1_eng.exe
    D:\Documents and Settings\matt\Desktop\DnLds\Smart.DVD.CD.Burner.v3.0.94.Incl.Keymaker-AGAiN
    C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack
    C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack.rar 
    D:\Documents and Settings\matt\Desktop\Films\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================
Post the OT Move it log and a new Hijackthis then let me know how everything is running?
  • 0

#13
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Yeah, downloading cracked software isn't very clever -I'll think twice next time and I've deleted all my emails from Outlook (I don't use it anyway).

Here is the log file:

D:\Documents and Settings\matt\Shared\New Folder (2)\07 the clash rebel waltz.wm moved successfully.
D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6.zip moved successfully.
D:\Documents and Settings\matt\My Documents\Downloads\XP-Codec-Pack-2.0.6\XP Codec Pack 2.0.6.exe moved successfully.
D:\Documents and Settings\matt\My Documents\Downloads\DVD-Cloner.IV.v4.10.914\Nero 7 Premium Reloaded 7.7.5.1 (full) + Portable Nero 7.5.9.0\Nero-7.7.5.1_eng\Nero-7.7.5.1_eng.exe moved successfully.
D:\Documents and Settings\matt\Desktop\DnLds\Smart.DVD.CD.Burner.v3.0.94.Incl.Keymaker-AGAiN moved successfully.
C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack moved successfully.
C:\C Drive downloads\MagicISO Maker 5.4.251 + Crack.rar moved successfully.
D:\Documents and Settings\matt\Desktop\Films\Nero 8 Ultra Edition\Nero 8 Ultra Edition.iso moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06132008_201225
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Can you please post a final Hijackthis log please also let me know how things are running.
  • 0

#15
gooter

gooter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It looks like its running very well :)

I didn't see any messages come up during the latest hijackthis scan, so hopefully its all okay:


Deckard's System Scanner v20071014.68
Run by matt on 2008-06-13 21:14:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.91 GiB (less than 15%) free.


-- HijackThis (run as matt.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:29, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\eHome\ehmsas.exe
D:\Documents and Settings\matt\Desktop\dss.exe
C:\CDRIVE~1\matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rlslog.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1151441692312
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,21/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: McAfee Application Installer Cleanup (0039921213265804) (0039921213265804mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\003992~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10270 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 20:12:25 0 d-------- D:\_OTMoveIt
2008-06-12 11:16:27 0 d-------- C:\WINDOWS\LastGood
2008-06-10 17:19:45 0 d-------- D:\Qoobox
2008-06-09 16:48:35 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 16:48:35 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 16:48:35 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 16:48:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 16:48:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 16:48:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 16:48:34 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 16:48:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 19:16:43 0 d-------- D:\Deckard


-- Find3M Report ---------------------------------------------------------------

2008-06-13 21:13:45 0 d-------- D:\Documents and Settings\matt\Application Data\uTorrent
2008-06-12 11:16:26 0 d-------- C:\Program Files\McAfee
2008-06-09 16:16:43 0 d-------- C:\Program Files\thriXXX
2008-05-29 09:27:24 0 d-------- C:\Program Files\utorrent
2008-05-08 21:19:18 0 d-------- D:\Documents and Settings\matt\Application Data\AdobeUM
2008-05-04 14:21:35 0 d-------- C:\Program Files\Java
2008-04-22 20:08:04 0 d-------- D:\Documents and Settings\matt\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 15:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/08/2005 17:35]
"nwiz"="nwiz.exe" [02/08/2005 17:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/08/2005 17:35]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07/01/2005 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [08/06/2005 16:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [02/05/2003 11:31]
"RTHDCPL"="RTHDCPL.EXE" [22/09/2005 13:36 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 23:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 17:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 15:00]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe" [27/04/2007 19:22]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [20/10/2005 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 08/04/2008 20:09 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE




-- End of Deckard's System Scanner: finished at 2008-06-13 21:15:17 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP