Hello.
Thank you for taking the time to help me. Here is the Combofix log and Hijack this log
ComboFix 08-08-11.01 - David 2008-08-12 22:27:38.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.778 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\David\Application Data\Adobe\Manager.exe
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\interclick.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\interclick.com\ud.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\AL849KSK\www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\David\Application Data\rhcnuoj0ep6t
C:\Windows\BM3b6fdceb.txt
C:\Windows\BM3b6fdceb.xml
C:\Windows\pskt.ini
C:\Windows\system32\4.tmp
C:\Windows\system32\5.tmp
C:\Windows\system32\6.tmp
C:\Windows\system32\7.tmp
C:\Windows\system32\8.tmp
C:\Windows\system32\9.tmp
C:\Windows\system32\blphcjuoj0ep6t.scr
C:\Windows\system32\cmohjglu.dll
C:\Windows\system32\hmiutufk.dll
C:\WINDOWS\system32\IRsvFfhk.ini
C:\WINDOWS\system32\IRsvFfhk.ini2
C:\WINDOWS\system32\jlthvyav.ini
C:\Windows\system32\lphcjuoj0ep6t.exe
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mctijube.dll
C:\Windows\system32\mqhwvonp.ini
C:\Windows\system32\myokzk.dll
C:\Windows\system32\pbravlym.dll
C:\Windows\system32\phcjuoj0ep6t.bmp
C:\Windows\system32\poflgx.dll
C:\Windows\system32\pphcjuoj0ep6t.exe
C:\Windows\system32\rgblwpkq.dll
C:\Windows\system32\syisrlnu.dll
C:\Windows\system32\tdssadw.dll
C:\Windows\system32\tdssinit.dll
C:\Windows\system32\tdssl.dll
C:\Windows\system32\tdsslog.dll
C:\Windows\system32\tdssmain.dll
C:\Windows\system32\tdssservers.dat
C:\Windows\system32\unlrsiys.ini
C:\Windows\system32\uvyxerjl.dll
C:\Windows\system32\vayvhtlj.dll
----- BITS: Possible infected sites -----
http://hqvideoporn.com.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.
2008-08-12 22:08 . 2008-08-12 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-12 22:08 . 2008-08-12 22:01 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-12 22:01 . 2008-08-12 22:08 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-11 01:41 . 2008-08-11 02:04 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-11 01:34 . 2008-08-12 21:28 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-11 01:34 . 2008-08-11 01:34 <DIR> d-------- C:\Program Files\AVG
2008-08-11 01:34 . 2008-08-11 01:34 <DIR> d-------- C:\Documents and Settings\David\Application Data\AVGTOOLBAR
2008-08-11 01:34 . 2008-08-11 01:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-11 01:34 . 2008-08-11 01:34 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-11 01:34 . 2008-08-11 01:34 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-10 23:11 . 2008-08-12 22:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 23:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-10 23:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-10 23:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-10 23:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-10 14:54 . 2008-08-10 14:54 2,048 --a------ C:\WINDOWS\system32\kyiqhjid.exe
2008-08-09 15:24 . 2008-08-11 07:24 <DIR> d-------- C:\Program Files\RegCure
2008-08-09 15:15 . 2006-01-30 22:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-08-09 15:15 . 2008-08-11 01:34 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-09 14:46 . 2008-08-09 14:46 2,048 --a------ C:\WINDOWS\system32\ihcaesxj.exe
2008-08-07 12:30 . 2008-08-09 10:48 <DIR> d-------- C:\Downloads
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\Program Files\Software Informer
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\Program Files\Free Download Manager
2008-08-07 12:27 . 2008-08-07 12:29 <DIR> d-------- C:\Documents and Settings\David\Application Data\Software Informer
2008-08-07 12:27 . 2008-08-11 20:13 <DIR> d-------- C:\Documents and Settings\David\Application Data\Free Download Manager
2008-08-07 12:27 . 2008-08-07 12:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-07-28 09:38 . 2008-07-28 09:38 <DIR> d-------- C:\Program Files\Atomic RAR Password Recovery
2008-07-23 10:38 . 2008-07-23 10:38 <DIR> d-------- C:\Program Files\DNA
2008-07-23 10:38 . 2008-08-11 20:13 <DIR> d-------- C:\Documents and Settings\David\Application Data\DNA
2008-07-21 16:54 . 2008-07-21 16:54 <DIR> d-------- C:\Program Files\Slot Machine 98
2008-07-21 16:54 . 2008-07-21 16:54 724,992 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 03:25 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-11 14:03 --------- d-----w C:\Program Files\Trend Micro
2008-08-11 07:38 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2008-08-11 04:23 96,256 ----a-w C:\Windows\system32\drivers\sptd7725.sys
2008-08-10 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 21:29 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-10 21:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 21:00 --------- d-----w C:\Program Files\Symantec
2008-08-09 13:33 --------- d-----w C:\Documents and Settings\David\Application Data\BitTorrent
2008-07-31 02:20 0 ----a-w C:\$RJ$.DAT
2008-07-30 00:53 43,520 ----a-w C:\Windows\system32\CmdLineExt03.dll
2008-07-30 00:53 --------- d-----w C:\Program Files\Diablo II
2008-07-28 02:52 --------- d-----w C:\Program Files\Cisco CCNA Network Simulator
2008-07-23 15:38 --------- d-----w C:\Program Files\BitTorrent
2008-07-05 17:42 --------- d-----w C:\Program Files\Acon Digital Media
2008-07-05 17:00 --------- d-----w C:\Program Files\FlashGet
2008-06-25 18:36 --------- d-----w C:\Program Files\Winamp
2008-06-24 20:02 --------- d-----w C:\Program Files\Nstorm
2007-05-03 06:28 92,064 ----a-w C:\Documents and Settings\David\mqdmmdm.sys
2007-05-03 06:28 9,232 ----a-w C:\Documents and Settings\David\mqdmmdfl.sys
2007-05-03 06:28 79,328 ----a-w C:\Documents and Settings\David\mqdmserd.sys
2007-05-03 06:28 66,656 ----a-w C:\Documents and Settings\David\mqdmbus.sys
2007-05-03 06:28 6,208 ----a-w C:\Documents and Settings\David\mqdmcmnt.sys
2007-05-03 06:28 5,936 ----a-w C:\Documents and Settings\David\mqdmwhnt.sys
2007-05-03 06:28 4,048 ----a-w C:\Documents and Settings\David\mqdmcr.sys
2007-05-03 06:28 25,600 ----a-w C:\Documents and Settings\David\usbsermptxp.sys
2007-05-03 06:28 22,768 ----a-w C:\Documents and Settings\David\usbsermpt.sys
2006-12-15 05:29 25,104 ----a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2006-01-08 06:57 56 --sh--r C:\Windows\system32\5B77058413.sys
2006-01-08 06:57 2,516 --sha-w C:\Windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
md5deep: C:\Windows\system32\svchost.exe: Permission denied
md5deep: C:\Windows\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\Windows\explorer.exe: Permission denied
md5deep: C:\Windows\system32\services.exe: error at offset 0: Permission denied
md5deep: C:\Windows\system32\lsass.exe: error at offset 0: Permission denied
2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\Windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
md5deep: C:\Windows\system32\spoolsv.exe: Permission denied
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCYCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 13:38 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"QUgWtXhphoOc"= {385CEFD9-92F6-4573-6042-720265C47ABE} - C:\Windows\system32\gdi.dll [2006-07-05 05:55 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"vidc.xvid"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\Windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\Windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcnuoj0ep6t
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-23 00:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-08-11 01:34 1232152 C:\PROGRA~1\AVG\AVG8\avgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-12-16 12:57 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-07-23 10:38 341824 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2006-02-07 00:10 98304 C:\Program Files\Lexmark 3400 Series\ezprint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-05-20 17:27 2474031 C:\Program Files\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-07-19 11:06 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-07-19 11:10 114688 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-07-19 11:09 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
--a------ 2006-01-25 11:02 286720 C:\Program Files\Lexmark 3400 Series\lxcymon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 21:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 04:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-06-24 07:36 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 05:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SxgTkBar]
--a------ 2002-07-22 17:03 53248 C:\WINDOWS\system32\Sxgtkbar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Team17\\Worms Armageddon\\WA.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-11 01:34]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-12 22:01]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-11 01:34]
R3 SOFTXG;YAMAHA XG SoftSynthesizer;C:\Windows\system32\drivers\sxgxgwdm.sys [2002-05-22 09:34]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2005-08-02 16:10]
S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;C:\Windows\system32\Drivers\usbbc2.sys [2003-05-07 16:54]
S3 samhid;samhid;C:\Windows\system32\drivers\samhid.sys []
S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\Windows\system32\DRIVERS\tap0801co.sys [2004-07-10 09:54]
S3 XLPINIT;XLPINIT;C:\Windows\system32\Drivers\xromlp.sys [2003-12-06 07:44]
S3 XLPWRITER;XLPWRITER;C:\Windows\system32\drivers\xromio.sys [2001-01-28 11:07]
S4 lxcy_device;lxcy_device;C:\Windows\system32\lxcycoms.exe [2006-02-20 14:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-bestreak - (no file)
Notify-wvUonMDU - wvUonMDU.dll
MSConfigStartUp-385cef77 - C:\Windows\system32\vayvhtlj.dll
MSConfigStartUp-BM3b6fdceb - C:\Windows\system32\hmiutufk.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-lphcjuoj0ep6t - C:\Windows\system32\lphcjuoj0ep6t.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-MSKDetectorExe - C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-Run - C:\Documents and Settings\David\Application Data\Adobe\Manager.exe
MSConfigStartUp-VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\upqcf6hy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47, on 2008-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O8 - Extra context menu item: &Search -
http://edits.mywebse...arch.jhtml?p=ZUO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...01/mcinsctl.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: wvUonMDU - wvUonMDU.dll (file missing)
O21 - SSODL: QUgWtXhphoOc - {385CEFD9-92F6-4573-6042-720265C47ABE} - C:\Windows\system32\gdi.dll
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\wltrysvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 7783 bytes