Thanks for your help. Ran the programs you asked me to run here are the results
Logfile of HijackThis v1.99.1
Scan saved at 9:23:45 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Martin\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) -
http://dm.screensave.../sinstaller.cabO16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
http://static.zangoc...dd084361d36488eO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
http://static.zangoc...dd084361d36488eO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\alg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Martin - 06-09-26 21:18:45.48 Service Pack 2
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Martin\desktop"
Command switches used :: /v geede
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5955344E-2140-4198-9586-C00750362B36}\InprocServer32]
@="C:\\WINDOWS\\system32\\eU00bmsg.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D09C711-CA93-4F32-8759-693B907A59F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\LMCMGR10.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7C73A134-C837-4C65-BCB6-039BF549FB13}\InprocServer32]
@="C:\\WINDOWS\\system32\\MPFTEDIT.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{11CF33B5-7912-475F-8586-66B9D29AD974}\InprocServer32]
@="C:\\WINDOWS\\system32\\PQOTOWIZ.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{79B0585A-E824-45E2-BC1C-D2FDC1C5991C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{0B122B07-0563-41E6-AA6F-F921C82CFF78}\InprocServer32]
@="C:\\WINDOWS\\system32\\iPlmuFRA.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B4B846F9-A1B5-49E0-8323-D8217F5460FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\IGSECSNP.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7AFBE485-C6F6-49B3-B6A0-D22C72F34D8B}\InprocServer32]
@="C:\\WINDOWS\\system32\\MEHTMLER.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{6D46261C-7EC3-4EE7-B04A-D2F9A005BC9C}\InprocServer32]
@="C:\\WINDOWS\\system32\\HZCOIN.DLL"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E97E2622-78E7-4F5E-B8B8-761D2EC31A69}\InprocServer32]
@="C:\\WINDOWS\\system32\\hwsetup.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{53479663-5979-48E6-828C-78EDC31D409D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\SYSTEM32\aza0l1fm1.dll
C:\WINDOWS\SYSTEM32\c6002gdmg60a2.dll
C:\WINDOWS\SYSTEM32\dnj2011oe.dll
C:\WINDOWS\SYSTEM32\e4jm0e11eh.dll
C:\WINDOWS\SYSTEM32\eb.dll
C:\WINDOWS\SYSTEM32\en0sl1d71.dll
C:\WINDOWS\SYSTEM32\en20l1fm1.dll
C:\WINDOWS\SYSTEM32\en4ml1h11.dll
C:\WINDOWS\SYSTEM32\f82mlif1182.dll
C:\WINDOWS\SYSTEM32\fpp2037oe.dll
C:\WINDOWS\SYSTEM32\g0400ahmed4a0.dll
C:\WINDOWS\SYSTEM32\g2lm0c31ef.dll
C:\WINDOWS\SYSTEM32\gpp2l37o1.dll
C:\WINDOWS\SYSTEM32\hr2q05f5e.dll
C:\WINDOWS\SYSTEM32\hrl8053ue.dll
C:\WINDOWS\SYSTEM32\HZCOIN.DLL
C:\WINDOWS\SYSTEM32\i624lgfq162e.dll
C:\WINDOWS\SYSTEM32\IGSECSNP.DLL
C:\WINDOWS\SYSTEM32\iPlmuFRA.dll
C:\WINDOWS\SYSTEM32\j04olah31d4.dll
C:\WINDOWS\SYSTEM32\j60slgd7160.dll
C:\WINDOWS\SYSTEM32\jtju0719e.dll
C:\WINDOWS\SYSTEM32\jtp8077ue.dll
C:\WINDOWS\SYSTEM32\k0620ajoedoc0.dll
C:\WINDOWS\SYSTEM32\k226lcfs1f26.dll
C:\WINDOWS\SYSTEM32\k680lglm16qa.dll
C:\WINDOWS\SYSTEM32\kt46l7hs1.dll
C:\WINDOWS\SYSTEM32\ktp6l77s1.dll
C:\WINDOWS\SYSTEM32\l42s0ef7eh2.dll
C:\WINDOWS\SYSTEM32\ldwmf13n.dll
C:\WINDOWS\SYSTEM32\lvn6095se.dll
C:\WINDOWS\SYSTEM32\lvpq0975e.dll
C:\WINDOWS\SYSTEM32\LYCMGR10.DLL
C:\WINDOWS\SYSTEM32\m4820eloehqc0.dll
C:\WINDOWS\SYSTEM32\m8rmli9118.dll
C:\WINDOWS\SYSTEM32\MEHTMLER.DLL
C:\WINDOWS\SYSTEM32\MEWEBDVD.DLL
C:\WINDOWS\SYSTEM32\MPFTEDIT.DLL
C:\WINDOWS\SYSTEM32\mvn2l95o1.dll
C:\WINDOWS\SYSTEM32\n24s0ch7ef4.dll
C:\WINDOWS\SYSTEM32\n2r2lc9o1f.dll
C:\WINDOWS\SYSTEM32\n68olgl316q.dll
C:\WINDOWS\SYSTEM32\n6p40g7qe6.dll
C:\WINDOWS\SYSTEM32\o0840alqedqe0.dll
C:\WINDOWS\SYSTEM32\o2lu0c39ef.dll
C:\WINDOWS\SYSTEM32\o684lglq16qe.dll
C:\WINDOWS\SYSTEM32\o8ns0i57e8.dll
C:\WINDOWS\SYSTEM32\q0nula591d.dll
C:\WINDOWS\SYSTEM32\s288lclu1fq8.dll
C:\WINDOWS\SYSTEM32\t48ulel91hq.dll
C:\WINDOWS\SYSTEM32\TQPI.DLL
Granting sedebugprivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\geede.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\drivers\dp.sys
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\outlook
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?canregw.exe
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\winspool.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SMANTE~1\?canregw.exe
C:\QooBox\Purity\WINDOWS\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\MCROSO~1\winspool.exe
((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))
No new files created in this timespan
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-26 20:40 -------- d-------- C:\Program Files\BFG
2006-09-26 02:25 -------- d-------- C:\Program Files\Internet Explorer
2006-09-26 01:04 -------- d-------- C:\Program Files\Ares Music
2006-09-26 01:00 -------- d-------- C:\Documents and Settings\Martin\Application Data\TrojanHunter
2006-09-26 00:53 -------- d-------- C:\Program Files\Common Files
2006-09-26 00:39 -------- d-------- C:\Program Files\CleanUp!
2006-09-26 00:23 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-09-26 00:08 -------- d-------- C:\Program Files\ewido anti-malware
2006-09-25 22:58 -------- d-------- C:\Program Files\Lavasoft
2006-09-20 11:16 -------- d--h----- C:\Documents and Settings\Martin\Application Data\Identities
2006-08-20 15:17 0 --a------ C:\WINDOWS\SYSTEM32\ir4sl5h71.dll
2006-08-20 15:16 0 --a------ C:\WINDOWS\SYSTEM32\h02o0af3ed2.dll
2006-08-20 12:20 0 --a------ C:\WINDOWS\SYSTEM32\azaolgl316q.dll
2006-08-20 12:18 0 --a------ C:\WINDOWS\SYSTEM32\l68mlgl116q.dll
2006-08-20 11:54 0 --a------ C:\WINDOWS\SYSTEM32\n2n6lc5s1f.dll
2006-08-20 11:02 0 --a------ C:\WINDOWS\SYSTEM32\p2n80c5uef.dll
2006-08-20 10:26 0 --a------ C:\WINDOWS\SYSTEM32\azaslgd7160.dll
2006-08-20 10:25 0 --a------ C:\WINDOWS\SYSTEM32\n0n6la5s1d.dll
2006-08-20 10:22 0 --a------ C:\WINDOWS\SYSTEM32\OLUNINST.DLL
2006-08-20 10:20 0 --a------ C:\WINDOWS\SYSTEM32\n48o0el3ehq.dll
2006-08-20 10:19 0 -r--s---- C:\WINDOWS\SYSTEM32\hrps0577e.dll
2006-08-20 10:05 0 --a------ C:\WINDOWS\SYSTEM32\kt0ul7d91.dll
2006-08-20 10:03 0 --a------ C:\WINDOWS\SYSTEM32\dn4q01h5e.dll
2006-08-20 10:00 0 --a------ C:\WINDOWS\SYSTEM32\d6j0lg1m16.dll
2006-08-19 14:59 0 --a------ C:\WINDOWS\SYSTEM32\irn0l55m1.dll
2006-08-19 14:38 0 --a------ C:\WINDOWS\SYSTEM32\irp6l57s1.dll
2006-08-19 14:35 0 --a------ C:\WINDOWS\SYSTEM32\mxwt.dll
2006-08-19 14:31 0 --a------ C:\WINDOWS\SYSTEM32\r2p80c7uef.dll
2006-08-18 11:01 13844 --a------ C:\WINDOWS\SYSTEM32\uwimxyvy.exe
2006-08-18 11:00 0 --a------ C:\WINDOWS\SYSTEM32\o866lijs18o6.dll
2006-08-18 00:18 -------- d---s---- C:\Documents and Settings\Martin\Application Data\Microsoft
2006-08-16 00:16 12308 --a------ C:\WINDOWS\SYSTEM32\woyctyrq.exe
2006-08-15 13:15 12308 --a------ C:\WINDOWS\SYSTEM32\ismcolrs.exe
2006-08-14 16:23 12308 --a------ C:\WINDOWS\SYSTEM32\ndgdupsu.exe
2006-08-14 13:11 12308 --a------ C:\WINDOWS\SYSTEM32\puslpdus.exe
2006-08-12 00:25 0 --a------ C:\WINDOWS\SYSTEM32\m482lelo1hqc.dll
2006-08-10 20:18 -------- d-------- C:\Program Files\Windows Media Player
2006-08-08 18:22 85248 --ah----- C:\Documents and Settings\Martin\Application Data\GDIPFONTCACHEV1.DAT
2006-08-08 14:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-08 14:28 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-08 14:27 -------- d-------- C:\Program Files\Dell
2006-08-08 14:23 -------- d-------- C:\Program Files\Yahoo!
2006-08-08 14:17 -------- d-------- C:\Program Files\MUSICMATCH
2006-08-08 14:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-08 14:11 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-08-04 19:35 -------- d-------- C:\Program Files\HP
2006-08-04 11:39 -------- d-------- C:\Program Files\QuickTime
2006-07-31 14:03 -------- d--h----- C:\Documents and Settings\Martin\Application Data\Morpheus
2006-07-27 08:24 679424 --------- C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-25 20:21 65556 --a--c--- C:\WINDOWS\SYSTEM32\pgqviwwl.exe
2006-07-25 14:08 65556 --a--c--- C:\WINDOWS\SYSTEM32\jqnkthqf.exe
2006-07-24 23:34 24304 --a--c--- C:\WINDOWS\icont.exe
2006-07-24 15:08 17750 --a--c--- C:\WINDOWS\SYSTEM32\owculjyw.exe
2006-07-24 06:37 17750 --a--c--- C:\WINDOWS\SYSTEM32\chyvfdvj.exe
2006-07-23 21:57 17750 --a--c--- C:\WINDOWS\SYSTEM32\afopxgxn.exe
2006-07-23 21:03 17750 --a--c--- C:\WINDOWS\SYSTEM32\gxlgolgy.exe
2006-07-23 18:53 17750 --a--c--- C:\WINDOWS\SYSTEM32\nprwlnvr.exe
2006-07-23 16:33 17750 --a--c--- C:\WINDOWS\SYSTEM32\xtpsyobe.exe
2006-07-23 00:48 17750 --a--c--- C:\WINDOWS\SYSTEM32\uqjkovix.exe
2006-07-22 23:32 17750 --a--c--- C:\WINDOWS\SYSTEM32\vvmnkure.exe
2006-07-22 13:25 17750 --a--c--- C:\WINDOWS\SYSTEM32\bukxyjmv.exe
2006-07-22 11:47 17750 --a--c--- C:\WINDOWS\SYSTEM32\mitpmllc.exe
2006-07-22 11:30 17750 --a--c--- C:\WINDOWS\SYSTEM32\durrdmro.exe
2006-07-22 10:54 17750 --a--c--- C:\WINDOWS\SYSTEM32\odoacwba.exe
2006-07-22 05:39 17750 --a--c--- C:\WINDOWS\SYSTEM32\hqnqfgwh.exe
2006-07-21 22:40 17750 --a--c--- C:\WINDOWS\SYSTEM32\cmbkvxmt.exe
2006-07-21 21:00 17750 --a--c--- C:\WINDOWS\SYSTEM32\obqhdmrb.exe
2006-07-21 19:10 17750 --a--c--- C:\WINDOWS\SYSTEM32\rxitgobl.exe
2006-07-21 12:54 17750 --a--c--- C:\WINDOWS\SYSTEM32\fjheybal.exe
2006-07-21 03:24 72704 --------- C:\WINDOWS\SYSTEM32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"tbon"="C:\\Program Files\\TBONBin\\tbon.exe /r"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Titanium Antivirus 2005\\APVXDWIN.EXE\" /s"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\warnhp.html"
"SubscribedURL"=""
"FriendlyName"="Desktop Uninstall"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,02,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,04,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"StarwareUninstall"=""
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"StarwareUninstall"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LUCKYCOMPUTER-Martin).job
Completion time: Tue 09/26/2006 21:21:46.96
ComboFix.txt
ComboFix2.txt