Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

explorer.exe turns off and on [CLOSED]

Started by lotse , Jul 03 2008 01:41 PM

  • This topic is locked This topic is locked

#1
lotse
Posted 03 July 2008 - 01:41 PM

lotse

    New Member

  • Member
  • Pip
  • 1 posts
Hello there. I know, that here are several threads about similar problem. I did everything what was there. But I stlill have this problem. So I'll paste ComboFix and Hijackthis logs. Maybe You'll be able to help me.

First goes ComboFix log. Hijackthis will be next.

ComboFix 08-07-02.5 - vobis 2008-07-03 20:52:55.3 - NTFSx86
Running from: G:\ComboFix.exe
Command switches used :: C:\Documents and Settings\vobis\Desktop\CFScript.txt
* Created a new restore point.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\FPAIRqss.ini
C:\WINDOWS\system32\FPAIRqss.ini2
C:\WINDOWS\system32\ssqRIAPF.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-03 to 2008-07-03 )))))))))))))))))))))))))))))))
.

2008-07-03 21:15 . 2008-07-03 21:15 53,248 --a------ C:\Temp\catchme.dll
2008-07-03 21:13 . 2008-07-03 21:13 <DIR> d-------- C:\Temp\sv9ne.tmp
2008-07-03 21:12 . 2008-07-03 21:12 <DIR> d-------- C:\Temp\Konnekt_Lothar_6838247e
2008-07-03 19:52 . 2008-07-03 21:13 <DIR> d---s---- C:\Temp\Temporary Internet Files
2008-07-03 19:47 . 2008-07-03 21:16 <DIR> d-------- C:\Temp
2008-07-03 15:39 . 2008-07-03 15:49 347 --ahs---- C:\WINDOWS\system32\ooqpqqss.ini
2008-07-03 15:33 . 2008-07-03 06:13 303,104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33 . 2008-07-03 06:13 253,952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33 . 2008-07-03 06:13 225,280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:33 . 2008-07-03 06:13 155,648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33 . 2008-06-27 08:35 117,760 --a------ C:\WINDOWS\system32\vav.cpl
2008-07-03 15:33 . 2008-07-03 06:13 86,016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33 . 2008-07-03 15:33 28,800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:19 . 2008-07-03 15:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17 . 2008-07-03 15:17 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16 . 2008-07-03 15:16 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:42 . 2008-07-03 14:42 292 --a------ C:\WINDOWS\vtmb.ini
2008-07-03 14:28 . 2008-07-03 14:28 <DIR> d-------- C:\Program Files\Activision
2008-07-01 00:40 . 2008-07-01 00:40 4 --a------ C:\loadcounter.dat
2008-06-25 19:01 . 2008-06-26 02:19 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-20 14:52 . 2008-06-21 00:50 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50 . 2008-06-20 14:50 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 19:16 266,022,432 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-03 19:14 --------- d-----w C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 19:13 1,434,144 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-03 19:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 19:10 3,567,980 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-03 19:10 138,584 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-03 12:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 10:13 --------- d-----w C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 05:31 --------- d-----w C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 09:48 --------- d-----w C:\Documents and Settings\vobis\Application Data\Skype
2008-06-30 16:10 --------- d-----w C:\Program Files\eMule
2008-06-20 12:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-04 13:13 --------- d-----w C:\Program Files\Last.fm
2008-05-26 14:51 --------- d-----w C:\Program Files\thriXXX
2008-05-21 22:57 --------- d-----w C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-21 22:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-21 21:22 --------- d-----w C:\Program Files\Cheat Engine
2008-05-21 16:53 --------- d-----w C:\Program Files\Speeditup Free
2008-05-21 13:17 --------- d-----w C:\Program Files\Ubisoft
2008-05-21 10:05 --------- d-----w C:\Program Files\GameShadow
2008-05-20 19:37 --------- d-----w C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 12:39 --------- d-----w C:\Program Files\SSI
2008-05-15 09:02 --------- d-----w C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-14 23:15 --------- d-----w C:\Program Files\Mount&Blade
2008-05-13 20:57 --------- d-----w C:\Program Files\DivX
2008-02-06 16:53 349 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 22:00 2,855 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.PIF
2007-12-27 21:50 4,438 ----a-w C:\Program Files\foobar2000_0.9.5 beta 9.exe
2003-12-18 10:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 06:46 10,960 ----a-w C:\Program Files\EULA.txt
.

((((((((((((((((((((((((((((( snapshot_2008-07-03_20.01.40.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-03 17:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-03 19:11:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AB802BE5-5918-4875-954F-C878E08FC60E}"= "C:\WINDOWS\nqgpedlr.dll" [2008-07-03 06:13 155648]

[HKEY_CLASSES_ROOT\clsid\{ab802be5-5918-4875-954f-c878e08fc60e}]
[HKEY_CLASSES_ROOT\nqgpedlr.1]
[HKEY_CLASSES_ROOT\TypeLib\{7FD9DE6F-3A11-4BA6-B17E-E5C2D1FBB371}]
[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09 57344]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52 204800]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41 81920]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19 81920]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03 356352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54 180269]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20 190008]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59 389120]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46 135168]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08 3965440]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24 1065800]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 68096 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= "C:\WINDOWS\system32\xxyywwtQ.dll" [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2235:TCP"= 2235:TCP:slsk
"2237:TCP"= 2237:TCP:torrent

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 12:27]
R2 GtDetectSc;GtDetectSc Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe [2007-08-29 12:10]
R2 GtFlashSwitch;GtFlashSwitch Service;C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe [2007-08-29 12:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-08-25 16:15]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-08-25 16:15]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-08-25 16:15]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2005-08-25 16:15]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 01:30:01 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.exe
- C:\Program Files\RegClean
"2008-07-03 11:54:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 21:15:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xxyywwtQ.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehRec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.bin
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-07-03 21:25:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 19:25:14
ComboFix2.txt 2008-07-03 18:06:31
ComboFix3.txt 2007-11-14 15:09:51

Pre-Run: 31,130,398,720 bytes free
Post-Run: 31,148,519,424 bajt˘w wolnych

239 --- E O F --- 2008-01-11 02:01:13






And now hijackthis





Deckard's System Scanner v20071014.68
Run by vobis on 2008-07-03 21:27:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as vobis.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:18, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\OpenOffice.org 2.0.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\vobis\My Documents\zxvc\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\vobis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcf.pl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {5D72C2A4-9AC6-4727-A705-CEA1F0220B78} - C:\WINDOWS\system32\xxyywwtQ.dll
O2 - BHO: QXK Olive - {8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8} - C:\WINDOWS\kgqfweltedw.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {7c112c6f-55f1-67ca-76a4-d52fd338a0da} - {ad0a833d-f25d-4a67-ac76-1f55f6c211c7} - C:\WINDOWS\system32\cjnpsqrw.dll
O2 - BHO: (no name) - {AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3} - C:\WINDOWS\system32\urqRKARh.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: nqgpedlr - {AB802BE5-5918-4875-954F-C878E08FC60E} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AVManager] "C:\Program Files\Wistron\AVManager\AVManager.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OpenOffice.org 2.0.3.lnk = C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LOTH
O17 - HKLM\Software\..\Telephony: DomainName = LOTH
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LOTH
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: xxyywwtQ - C:\WINDOWS\SYSTEM32\xxyywwtQ.dll
O21 - SSODL: axrfgvek - {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Canon Inc. - (no file)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Canon Inc. - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Canon Inc. - (no file)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtDetectSc.exe
O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax\GtFlashSwitch.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10254 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 21:17:35 347 --ahs---- C:\WINDOWS\system32\hRAKRqru.ini2
2008-07-03 21:17:30 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll
2008-07-03 19:47:12 0 d-------- C:\Temp
2008-07-03 19:21:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-03 19:21:36 68096 --a------ C:\WINDOWS\zip.exe
2008-07-03 19:21:36 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-03 19:21:36 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-03 19:21:36 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-03 19:21:36 98816 --a------ C:\WINDOWS\sed.exe
2008-07-03 19:21:36 80412 --a------ C:\WINDOWS\grep.exe
2008-07-03 19:21:36 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-03 15:33:52 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll
2008-07-03 15:33:14 253952 --a------ C:\WINDOWS\okmdepgb.dll
2008-07-03 15:33:14 155648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-03 15:33:14 86016 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-03 15:33:14 303104 --a------ C:\WINDOWS\kgqfweltedw.dll
2008-07-03 15:33:14 225280 --a------ C:\WINDOWS\axrfgvek.dll
2008-07-03 15:19:51 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-03 15:17:07 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-03 15:16:58 0 d-------- C:\Documents and Settings\vobis\Application Data\DAEMON Tools
2008-07-03 14:28:10 0 d-------- C:\Program Files\Activision
2008-07-01 00:40:18 4 --a------ C:\loadcounter.dat
2008-06-25 19:01:15 0 d-------- C:\Program Files\VideoLAN
2008-06-20 14:52:57 0 d-------- C:\Documents and Settings\vobis\Application Data\SPORE Creature Creator
2008-06-20 14:50:39 0 d-------- C:\Program Files\Electronic Arts
2008-06-04 11:06:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BESTplayer


-- Find3M Report ---------------------------------------------------------------

2008-07-03 21:14:01 0 d-------- C:\Documents and Settings\vobis\Application Data\OpenOffice.org2
2008-07-03 14:43:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 12:13:26 0 d-------- C:\Documents and Settings\vobis\Application Data\foobar2000
2008-07-03 07:31:35 0 d-------- C:\Documents and Settings\vobis\Application Data\BitTorrent
2008-07-02 16:27:54 3718 --a----c- C:\WINDOWS\mozver.dat
2008-07-02 11:48:21 0 d-------- C:\Documents and Settings\vobis\Application Data\Skype
2008-07-01 15:23:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Adobe
2008-06-30 18:10:51 0 d-------- C:\Program Files\eMule
2008-06-04 15:13:02 0 d-------- C:\Program Files\Last.fm
2008-05-26 16:51:52 0 d-------- C:\Program Files\thriXXX
2008-05-22 00:57:29 0 d-------- C:\Documents and Settings\vobis\Application Data\MegauploadToolbar
2008-05-22 00:31:29 0 d-------- C:\Program Files\Spyware Doctor
2008-05-21 23:22:19 0 d-------- C:\Program Files\Cheat Engine
2008-05-21 18:53:20 0 d-------- C:\Program Files\Speeditup Free
2008-05-21 15:17:35 0 d-------- C:\Program Files\Ubisoft
2008-05-21 12:05:39 0 d-------- C:\Program Files\GameShadow
2008-05-20 21:37:24 0 d-------- C:\Program Files\Table Tennis Pro V2 Lite
2008-05-20 14:39:27 0 d-------- C:\Program Files\SSI
2008-05-15 11:02:44 0 d-------- C:\Documents and Settings\vobis\Application Data\Mount&Blade
2008-05-15 01:15:46 0 d-------- C:\Program Files\Mount&Blade
2008-05-13 22:57:45 0 d-------- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}]
2008-07-03 15:33 28800 --a------ C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1F2BC9-E92D-4D2E-B268-74FB9F908DD8}]
2008-07-03 06:13 303104 --a------ C:\WINDOWS\kgqfweltedw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad0a833d-f25d-4a67-ac76-1f55f6c211c7}]
2007-12-13 17:58 80448 --a------ C:\WINDOWS\system32\cjnpsqrw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AED9108A-49BE-4C7D-BE37-C59CCFB6C5E3}]
2008-07-03 21:17 318720 --a------ C:\WINDOWS\system32\urqRKARh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 06:49 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 16:29]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 15:09]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 14:52]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 12:41]
"AVManager"="C:\Program Files\Wistron\AVManager\AVManager.exe" [2004-12-15 16:19]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-10-04 00:03]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 11:01 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-08 14:54]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 15:47]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 14:20]
"iPlusManager"="C:\Program Files\iPlus\iPlusChecker.exe" [2008-01-03 11:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PC-Checkup"="C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 02:08]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 18:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09]

C:\Documents and Settings\vobis\Start Menu\Programs\Startup\
OpenOffice.org 2.0.3.lnk - C:\Program Files\OpenOffice.org 2.0.3\program\quickstart.exe [2006-07-02 17:46:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-03 13:26:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}"= C:\WINDOWS\system32\xxyywwtQ.dll [2008-07-03 15:33 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {8244C237-C97A-48D6-87D9-80C46CD54C78} - C:\WINDOWS\axrfgvek.dll [2008-07-03 06:13 225280]
"okmdepgb"= {549FBC21-5D37-42A0-9FDB-F673D4DD91A1} - C:\WINDOWS\okmdepgb.dll [2008-07-03 06:13 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwtQ]
xxyywwtQ.dll 2008-07-03 15:33 28800 C:\WINDOWS\system32\xxyywwtQ.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqRKARh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

*Newly Created Service* - CATCHME



-- End of Deckard's System Scanner: finished at 2008-07-03 21:31:49 ------------
  • 0

Advertisements

#2
fenzodahl512
Posted 08 July 2008 - 02:20 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Since its been a few days since your last log, please post a fresh DSS log for further review..


Regards
fenzodahl512
  • 0

#3
fenzodahl512
Posted 14 July 2008 - 02:17 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP