I'm in need of your help!
Three days ago I clicked setup file I shouldn't have (what was I thinking???) and have been
in fight ever since.
I think I installed some kind of back door hackware and I can't get rid of Trojans and
other stuff.
I have AVG 8.0 free and spybot S&D with teatimer updated and working on my laptop.
AVG recognized some of the malware and deleted it but they keep poping out every now and
then, and are blocked by AVG resident shield. (this morning AVG command line scan and
resident shield detection log enclosed)
My computer is working ''normaly'' and I don't have any trouble with performance, but I
think I have lost win auto update option and winamp player (I hope that's all I lost...)
Please help me get rid of this garbage for good, and for starters tell me how bad infection
is if you can?!
Thanks in advance
Marko
P.S. I'm still at work for the next couple hours, so I'll be on and off, and please have
patience with me
AVG 8.0 Anti-Virus command line scanner
Copyright © 1992 - 2008 AVG Technologies
Program version 8.0.134, engine 8.0.0
Virus Database: Version 270.4.7/1545 2008-07-10
C:\WINDOWS\system32\nnnliFxv.dll Trojan horse BHO.EQB Object was moved to Virus Vault.
C:\WINDOWS\system32\winlogon.exe (320) Trojan horse BHO.EQB Object was moved to Virus Vault.
C:\WINDOWS\system32\rqRhHaxX.dll Trojan horse Generic10.BBDU Object was moved to Virus Vault.
C:\WINDOWS\system32\lsass.exe (408) Trojan horse Generic10.BBDU Object was moved to Virus Vault.
C:\Documents and Settings\Administrator.MARKO01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator.MARKO01\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator.MARKO01\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator.MARKO01\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\00142569984c55d64abcbfb06e19968a_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e9aa08f7781f4ea52898a5dc0c2cca5_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d96f1d0d8aeaeea4c7448e57ac01e49_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2d140e4e7f64ae2b283c14090ccfcd0_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2b1b8fbf305780db8b3f81adaa3843f_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4c0e7c0618ed181d6757e3da51c8c69_7b242fd8-3d11-49dc-a2e1-9fea8fcb532c Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\dtscsi.sys Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd9597.sys Locked file. Not tested.
C:\WINDOWS\system32\nnnliFxv.dll Trojan horse BHO.EQB Object was moved to Virus Vault.
C:\WINDOWS\system32\rcvoxbmh.dll Trojan horse BHO.EQL Object was moved to Virus Vault.
C:\WINDOWS\system32\rqRhHaxX.dll Trojan horse Generic10.BBDU Object was moved to Virus Vault.
------------------------------------------------------------
Objects scanned : 594764
Found infections : 7
Found PUPs : 0
Healed infections : 7
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Potentially harmful program Crack.A;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP460\A0110094.exe";"Moved to Virus Vault";"2.6.2008, 14:12:36";"file";"C:\WINDOWS\System32\svchost.exe"
Virus found Win32/Heur;"C:\Documents and Settings\Administrator\Desktop\radno\WEB\downloads\Apollo_DVD_Copy_v4.8.21\Keygen\keygen.exe";"Moved to Virus Vault";"27.6.2008, 17:30:39";"file";"C:\WINDOWS\Explorer.EXE"
Trojan horse Generic_c.OYJ;"C:\WINDOWS\system32\phc7m9j0ejdr.bmp";"Moved to Virus Vault";"8.7.2008, 18:50:01";"file";"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vista_sp1.exe"
Trojan horse Downloader.Adload.NZ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\egxk.exe";"Infected";"8.7.2008, 18:50:34";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NI;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\gpefaowr.exe";"Infected";"8.7.2008, 18:50:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NK;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\wbxdpgfevkl.dll";"Infected";"8.7.2008, 18:50:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NT;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\fdxbameg.dll";"Infected";"8.7.2008, 18:50:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:50:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:50:36";"file";"C:\WINDOWS\system32\regsvr32.exe"
Trojan horse Downloader.Adload.NZ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\egxk.exe";"Infected";"8.7.2008, 18:51:37";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NI;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\gpefaowr.exe";"Infected";"8.7.2008, 18:51:38";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NK;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\wbxdpgfevkl.dll";"Infected";"8.7.2008, 18:51:38";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NT;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\fdxbameg.dll";"Infected";"8.7.2008, 18:51:38";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:51:38";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:51:38";"file";"C:\WINDOWS\system32\regsvr32.exe"
Potentially harmful program WinFixer.ATW;"C:\WINDOWS\system32\pphc7m9j0ejdr.exe";"Moved to Virus Vault";"8.7.2008, 18:52:56";"file";"C:\Program Files\rhc3m9j0ejdr\rhc3m9j0ejdr.exe"
Potentially harmful program WinFixer.ATY;"C:\Program Files\rhc3m9j0ejdr\rhc3m9j0ejdrSkin.Dll";"Moved to Virus Vault";"8.7.2008, 18:52:56";"file";"C:\Program Files\rhc3m9j0ejdr\rhc3m9j0ejdr.exe"
Potentially harmful program WinFixer.ATY;"C:\Program Files\rhc3m9j0ejdr\rhc3m9j0ejdrSkin.dll";"Deleted";"8.7.2008, 18:52:57";"file";"C:\Program Files\rhc3m9j0ejdr\rhc3m9j0ejdr.exe"
Trojan horse Downloader.Adload.NZ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\egxk.exe";"Infected";"8.7.2008, 18:53:01";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NI;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\gpefaowr.exe";"Infected";"8.7.2008, 18:53:02";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NK;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\wbxdpgfevkl.dll";"Infected";"8.7.2008, 18:53:02";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NT;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\fdxbameg.dll";"Infected";"8.7.2008, 18:53:02";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:53:02";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:53:02";"file";"C:\WINDOWS\system32\regsvr32.exe"
Trojan horse Downloader.Adload.NZ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\egxk.exe";"Infected";"8.7.2008, 18:54:18";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NI;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\gpefaowr.exe";"Infected";"8.7.2008, 18:54:19";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NK;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\wbxdpgfevkl.dll";"Infected";"8.7.2008, 18:54:19";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NT;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\fdxbameg.dll";"Infected";"8.7.2008, 18:54:19";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:54:20";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:54:20";"file";"C:\WINDOWS\system32\regsvr32.exe"
Trojan horse Downloader.Adload.NZ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\egxk.exe";"Infected";"8.7.2008, 18:55:34";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NI;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\gpefaowr.exe";"Infected";"8.7.2008, 18:55:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NK;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\wbxdpgfevkl.dll";"Infected";"8.7.2008, 18:55:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NT;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\fdxbameg.dll";"Infected";"8.7.2008, 18:55:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:55:35";"file";"C:\WINDOWS\system32\cmd.exe"
Trojan horse Downloader.Adload.NQ;"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ac8zt2\sqvgnrpx.dll";"Infected";"8.7.2008, 18:55:36";"file";"C:\WINDOWS\system32\regsvr32.exe"
Trojan horse FakeAlert.AC;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP2\A0000022.exe";"Moved to Virus Vault";"10.7.2008, 11:34:49";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Generic10.BAXT;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP2\A0000025.dll";"Moved to Virus Vault";"10.7.2008, 12:25:33";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Downloader.Adload.OI;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP2\A0000026.dll";"Moved to Virus Vault";"10.7.2008, 13:25:29";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Generic10.BBDU;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0J0M2PAK\css4[1]";"Moved to Virus Vault";"10.7.2008, 21:07:45";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Generic10.BBBB;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ION38PH1\kb456456[1]";"Moved to Virus Vault";"10.7.2008, 21:08:04";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse BHO.EQL;"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\TUY3221N\kb456456[1]";"Moved to Virus Vault";"10.7.2008, 21:08:07";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse FakeAlert.AC;"C:\RECYCLER\S-1-5-21-4084441048-2439024980-1437343140-1142\Dc3\rhc3m9j0ejdr.exe";"Moved to Virus Vault";"10.7.2008, 21:55:02";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse Generic10.BBBB;"C:\WINDOWS\system32\ghvvrwct.dll";"Moved to Virus Vault";"10.7.2008, 22:09:12";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus identified I-Worm/Nuwar.S;"C:\WINDOWS\system32\lphc7m9j0ejdr.exe";"Infected";"10.7.2008, 22:09:37";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Virus identified I-Worm/Nuwar.S;"C:\WINDOWS\system32\lphc7m9j0ejdr.exe";"Moved to Virus Vault";"10.7.2008, 22:22:00";"file";"C:\Program Files\Internet Explorer\iexplore.exe"
Trojan horse FakeAlert.AC;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP3\A0001137.exe";"Moved to Virus Vault";"11.7.2008, 11:53:14";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Generic10.BBBB;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP3\A0001138.dll";"Moved to Virus Vault";"11.7.2008, 12:54:17";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified I-Worm/Nuwar.S;"C:\System Volume Information\_restore{06CB2C72-5B60-4572-B9E4-34CEC66E6512}\RP3\A0001139.exe";"Moved to Virus Vault";"11.7.2008, 14:00:39";"file";"C:\WINDOWS\System32\svchost.exe"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:52, on 11.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73984FE0-9702-4C55-9C7B-9BA3C5861F25} - C:\WINDOWS\system32\nnnliFxv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BF716362-4EB3-4CEC-B720-2004AC3328E8} - C:\WINDOWS\system32\rqRhHaxX.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp3.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169039203860
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ptrans.local
O17 - HKLM\Software\..\Telephony: DomainName = ptrans.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{649F4359-73DF-422B-9792-2E11E7E739AB}: NameServer = 195.29.150.3,195.29.150.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ptrans.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ptrans.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnliFxv - nnnliFxv.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12874 bytes