Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This Is My Hijackthis And Main.txt


  • Please log in to reply
1 reply to this topic

#1 kaiouji

kaiouji

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 18 December 2007 - 01:26 AM

Hello, I have gotten a variety of spyware and viruses and I do not know how to get rid of them.

Here is my Hijackthis and Dss log

Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 10:22:09 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\Program Files\WinPerformance\WinPerformance.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kai\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Kai.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1960A5BA-ED4D-4460-A8FC-B201951615BC} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: {29550450-c1b6-0919-ca44-ae4df64a12f1} - {1f21a46f-d4ea-44ac-9190-6b1c05405592} - C:\WINDOWS\system32\eetwotos.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5c4012b4-1dd2-11b2-97c9-cebb45ac242a} - C:\WINDOWS\gdopilcj.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {B3886011-B52C-4C83-B075-0A668AF23E07} - C:\WINDOWS\system32\ahmbrngf.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [441367fe] rundll32.exe "C:\WINDOWS\system32\gghuvgnk.dll",b
O4 - HKLM\..\Run: [rktolczk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rktolczk.dll"
O4 - HKLM\..\Run: [ChkDsk32] C:\DOCUME~1\Kai\LOCALS~1\Temp\njdsk.exe
O4 - HKLM\..\Run: [WinPerformance] C:\Program Files\WinPerformance\WinPerformance.lnk
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunOnce: [SpybotDeletingA3232] command /c del "C:\WINDOWS\pbsysie.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3641] cmd /c del "C:\WINDOWS\pbsysie.dll"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Rax] "C:\Documents and Settings\Kai\My Documents\??crosoft\d?dplay.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Kai\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: wvutuut - wvutuut.dll (file missing)
O21 - SSODL: ffdshow - {76852120-11D5-949C-00AE-A17643DA53A5} - c:\program files\ffdshow\wlltchb32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe








and this one is the dss main.txt log


Deckard's System Scanner v20071014.68
Run by Kai on 2007-12-17 22:21:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Kai.exe) -------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-17 22:22:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lpcywinp.exe
C:\Program Files\WinPerformance\WinPerformance.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kai\Desktop\dss.exe
C:\Program Files\HijackThis\Kai.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1960A5BA-ED4D-4460-A8FC-B201951615BC} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: {29550450-c1b6-0919-ca44-ae4df64a12f1} - {1f21a46f-d4ea-44ac-9190-6b1c05405592} - C:\WINDOWS\system32\eetwotos.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5c4012b4-1dd2-11b2-97c9-cebb45ac242a} - C:\WINDOWS\gdopilcj.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {B3886011-B52C-4C83-B075-0A668AF23E07} - C:\WINDOWS\system32\ahmbrngf.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\Run: [441367fe] rundll32.exe "C:\WINDOWS\system32\gghuvgnk.dll",b
O4 - HKLM\..\Run: [rktolczk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rktolczk.dll"
O4 - HKLM\..\Run: [ChkDsk32] C:\DOCUME~1\Kai\LOCALS~1\Temp\njdsk.exe
O4 - HKLM\..\Run: [WinPerformance] C:\Program Files\WinPerformance\WinPerformance.lnk
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunOnce: [SpybotDeletingA3232] command /c del "C:\WINDOWS\pbsysie.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3641] cmd /c del "C:\WINDOWS\pbsysie.dll"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Rax] "C:\Documents and Settings\Kai\My Documents\??crosoft\d?dplay.exe"
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Kai\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: wvutuut - C:\WINDOWS\system32\wvutuut.dll (file missing)
O21 - SSODL: ffdshow - {76852120-11D5-949C-00AE-A17643DA53A5} - C:\Program Files\ffdshow\wlltchb32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\acveqbvk.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft windows FTPd - Unknown owner - C:\WINDOWS\system32\dllcache\updtftpini.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\system32\VundoFixSVC.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\system32\VundoFixSVC.exe


--
End of file - 14707 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-17 22:01:18 27648 --a------ C:\WINDOWS\pbsysie.dll
2007-12-17 21:57:05 461000 ---hs---- C:\WINDOWS\system32\nqtwa.ini2
2007-12-17 21:51:51 0 d-------- C:\Program Files\XoftSpySE
2007-12-17 15:00:28 0 d-------- C:\Program Files\WinPerformance
2007-12-17 08:55:16 14592 --a------ C:\WINDOWS\kvnab.dll
2007-12-17 08:45:32 18432 --a------ C:\WINDOWS\kvnab.exe
2007-12-17 08:45:31 16896 --a------ C:\WINDOWS\settn.dll
2007-12-17 08:45:31 24320 --a------ C:\WINDOWS\kvnab$.exe
2007-12-17 08:45:31 22528 --a------ C:\WINDOWS\hcwprn.exe
2007-12-17 08:45:30 10752 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-17 08:45:30 29696 --a------ C:\WINDOWS\wbeCheck.exe
2007-12-17 08:45:28 0 d-------- C:\Program Files\Accoona
2007-12-17 08:45:27 26624 --a------ C:\WINDOWS\7search.dll
2007-12-17 07:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 07:40:06 20736 --a------ C:\WINDOWS\liqui.dll
2007-12-17 07:40:05 8704 --a------ C:\WINDOWS\xadbrk.dll
2007-12-17 07:40:05 13568 --a------ C:\WINDOWS\liqad.dll
2007-12-17 07:40:05 27392 --a------ C:\WINDOWS\kkcomp.dll
2007-12-17 07:39:55 0 d-------- C:\Program Files\3721
2007-12-17 07:28:40 80448 --a------ C:\WINDOWS\system32\eetwotos.dll
2007-12-17 07:25:45 85568 --a------ C:\WINDOWS\system32\gghuvgnk.dll
2007-12-17 07:21:32 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2007-12-17 07:19:46 18176 --a------ C:\WINDOWS\system32\drivers\mep.sys
2007-12-17 07:19:39 74304 --a------ C:\WINDOWS\system32\ikiapiaq.exe <Not Verified; ; DDC>
2007-12-17 07:19:20 0 d-------- C:\WINDOWS\PerfInfo
2007-12-17 07:19:20 0 d-------- C:\WINDOWS\hbnjgrij
2007-12-17 07:19:13 0 d-------- C:\WINDOWS\KBOpt
2007-12-17 07:19:08 61952 --a------ C:\Documents and Settings\All Users\Application Data\rktolczk.dll
2007-12-17 07:19:03 61952 --a------ C:\WINDOWS\gdopilcj.dll
2007-12-17 07:18:21 3638 --a------ C:\wineekh.exe
2007-12-17 06:59:03 85568 -----n--- C:\WINDOWS\system32\cevfrdrh.dll
2007-12-17 06:53:16 80448 --a------ C:\WINDOWS\system32\maxyvqtl.dll
2007-12-17 06:49:47 74304 --a------ C:\WINDOWS\system32\dykgtdsd.exe <Not Verified; ; DDC>
2007-12-17 06:49:37 440076 ---hs---- C:\WINDOWS\system32\nqtwa.bak2
2007-12-16 06:55:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-12-16 02:54:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-12-16 02:34:09 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-16 01:31:07 18432 --a------ C:\WINDOWS\fkwggshm.exe <Not Verified; Microsoft Corp.; Project1>
2007-12-16 01:07:22 17664 --a------ C:\WINDOWS\eventlowg.dll
2007-12-16 01:07:22 10240 --a------ C:\WINDOWS\daxtime.dll
2007-12-16 01:07:20 16384 --a------ C:\WINDOWS\system32\msole32.exe
2007-12-16 01:07:20 13312 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-12-16 01:07:20 23808 --a------ C:\WINDOWS\liqui.exe
2007-12-16 01:07:20 14080 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-12-16 01:07:20 9728 --a------ C:\WINDOWS\fhfmm.exe
2007-12-16 01:07:19 22016 --a------ C:\WINDOWS\xadbrk_.exe
2007-12-16 01:07:19 21504 --a------ C:\WINDOWS\xadbrk.exe
2007-12-16 01:07:18 23296 --a------ C:\WINDOWS\kkcomp.exe
2007-12-16 01:07:18 29184 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-16 01:07:17 17408 --a------ C:\WINDOWS\liqad.exe
2007-12-16 01:07:17 31232 --a------ C:\WINDOWS\liqad$.exe
2007-12-16 01:07:14 28416 --a------ C:\WINDOWS\cbinst$.exe
2007-12-16 01:07:12 14592 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-16 01:07:11 17664 --a------ C:\WINDOWS\adbar.dll
2007-12-16 01:07:10 15616 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-12-16 01:07:10 13312 --a------ C:\WINDOWS\spredirect.dll
2007-12-16 01:07:10 9216 --a------ C:\WINDOWS\jd2002.dll
2007-12-16 01:07:10 0 d-------- C:\Program Files\e-zshopper
2007-12-16 01:07:06 0 d-------- C:\Program Files\amsys
2007-12-16 01:07:04 24576 --a------ C:\WINDOWS\ie_32.exe
2007-12-16 01:07:04 23296 --a------ C:\WINDOWS\aconti.exe
2007-12-16 01:07:03 15360 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-16 01:07:03 0 d-------- C:\WINDOWS\system32\acespy
2007-12-16 01:07:03 23296 --a------ C:\WINDOWS\system32\ace16win.dll
2007-12-16 01:07:03 21504 --a------ C:\WINDOWS\ngd.dll
2007-12-16 01:07:02 26368 --a------ C:\WINDOWS\hotporn.exe
2007-12-16 01:07:02 17408 --a------ C:\WINDOWS\dp0.dll
2007-12-16 01:07:01 0 d-------- C:\Program Files\p2pnetworks
2007-12-16 01:06:59 14080 --a------ C:\WINDOWS\vxddsk.exe
2007-12-16 01:06:59 31744 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-16 01:06:59 0 d-------- C:\Program Files\akl
2007-12-16 01:06:58 14080 --a------ C:\WINDOWS\wml.exe
2007-12-16 01:06:58 29952 --a------ C:\WINDOWS\system32\wml.exe
2007-12-16 01:06:56 24576 --a------ C:\WINDOWS\flt.dll
2007-12-16 01:06:56 20480 --a------ C:\WINDOWS\764.exe
2007-12-16 01:06:55 19968 --a------ C:\WINDOWS\pbar.dll
2007-12-16 00:54:18 85568 -----n--- C:\WINDOWS\system32\duaiaegn.dll
2007-12-16 00:52:41 121920 --a------ C:\WINDOWS\system32\ahmbrngf.dll
2007-12-16 00:52:16 80448 --a------ C:\WINDOWS\system32\uawgfsoy.dll
2007-12-16 00:51:41 74304 --a------ C:\WINDOWS\system32\acveqbvk.exe <Not Verified; ; DDC>
2007-12-16 00:51:36 436516 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2007-12-16 00:50:49 36864 --a------ C:\WINDOWS\system32\explorer.exe <Not Verified; Microsoft; sdfghuyuyrtfderrtyjfbergvshjjuiueretwwer>
2007-12-16 00:47:04 40960 --a------ C:\WINDOWS\system32\mp43.exe <Not Verified; Microsoft; dfutuiytiouyur564dfcxbcnmsgertw465ughdfg>
2007-12-16 00:47:04 40960 --a------ C:\WINDOWS\NOTEDAD.EXE <Not Verified; Microsoft; dfutuiytiouyur564dfcxbcnmsgertw465ughdfg>
2007-12-16 00:46:39 20480 --a------ C:\WINDOWS\quit.exe <Not Verified; Microsoft; sdrtewrygjghlurgsdfvgsrwe5ghjmgkghihldfg>
2007-12-16 00:46:05 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-16 00:45:37 8711 --a------ C:\wingzhc.exe <Not Verified; Microsoft; rundll32>
2007-12-16 00:45:37 108551 --a------ C:\WINDOWS\system32\lpcywinp.exe <Not Verified; Microsoft; _>
2007-12-16 00:45:36 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer>
2007-12-16 00:45:25 8711 --a------ C:\windeun.exe <Not Verified; Microsoft; rundll32>
2007-12-16 00:42:03 316512 -----n--- C:\WINDOWS\system32\awtqn.dll
2007-12-16 00:40:16 0 d-------- C:\Program Files\WinAble
2007-12-16 00:40:16 0 d-------- C:\Program Files\Temporary
2007-12-16 00:37:22 2 --a------ C:\WINDOWS\system32\wcpicom32.exe
2007-12-16 00:37:19 0 d-------- C:\Program Files\Outerinfo
2007-12-16 00:36:55 0 d-------- C:\Program Files\QdrModule
2007-12-16 00:36:54 39936 --a------ C:\WINDOWS\mrofinu72.exe
2007-12-16 00:36:54 0 d-------- C:\Program Files\QdrDrive
2007-12-16 00:36:53 0 d-------- C:\Program Files\ISM
2007-12-16 00:36:39 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-12-16 00:36:38 0 d-------- C:\Program Files\?dobe
2007-12-16 00:35:13 3098 --a------ C:\info.exe
2007-12-13 15:36:12 0 d-------- C:\Documents and Settings\Kai\Application Data\CiscoCAA
2007-12-13 15:35:53 0 d-------- C:\Program Files\Cisco Systems
2007-11-27 00:14:45 0 d-------- C:\Program Files\Gravity
2007-11-25 19:21:14 0 d-------- C:\Program Files\DIFX
2007-11-25 13:01:52 0 d-------- C:\Program Files\VDMSound


-- Find3M Report ---------------------------------------------------------------

2007-12-17 07:19:30 0 d-------- C:\Program Files\ffdshow
2007-12-16 00:36:39 0 d-------- C:\Program Files\Common Files
2007-12-16 00:36:38 0 d-------- C:\Program Files\?dobe
2007-11-27 13:05:35 2548 --a------ C:\WINDOWS\mozver.dat
2007-11-24 01:41:19 0 d-------- C:\Program Files\DOSBox-0.70
2007-11-20 10:49:27 0 d-------- C:\Program Files\AIM6
2007-11-20 10:48:22 0 d-------- C:\Program Files\Viewpoint
2007-11-11 10:09:34 0 d-------- C:\Documents and Settings\Kai\Application Data\Thunderbird
2007-11-11 10:09:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-06 16:06:05 0 d-------- C:\Program Files\Real
2007-11-06 16:03:06 0 d-------- C:\Documents and Settings\Kai\Application Data\SUPERAntiSpyware.com
2007-11-06 16:03:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 16:02:59 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-02 09:35:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-02 09:34:14 0 d-------- C:\Program Files\Veoh Networks
2007-10-22 09:26:04 0 d-------- C:\Documents and Settings\Kai\Application Data\Wizards of the Coast
2007-10-22 09:01:52 0 d-------- C:\Program Files\Wizards of the Coast
2007-10-22 09:01:33 0 d-------- C:\Documents and Settings\Kai\Application Data\InstallShield
2007-09-17 15:16:03 502 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1960A5BA-ED4D-4460-A8FC-B201951615BC}]
12/16/2007 12:42 AM 316512 --------- C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f21a46f-d4ea-44ac-9190-6b1c05405592}]
12/17/2007 07:28 AM 80448 --a------ C:\WINDOWS\system32\eetwotos.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]
12/16/2007 12:46 AM 21504 --a------ C:\WINDOWS\system32\egmulhxk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5c4012b4-1dd2-11b2-97c9-cebb45ac242a}]
12/17/2007 07:19 AM 61952 --a------ C:\WINDOWS\gdopilcj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
10/27/2007 11:37 AM 192512 --a------ C:\Program Files\QdrDrive\QdrDrive8.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3886011-B52C-4C83-B075-0A668AF23E07}]
12/16/2007 12:52 AM 121920 --a------ C:\WINDOWS\system32\ahmbrngf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 04:21 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/25/2004 08:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 01:41 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/2007 02:22 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [05/17/2007 09:52 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [05/17/2007 09:53 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"441367fe"="C:\WINDOWS\system32\gghuvgnk.dll" [12/17/2007 07:25 AM]
"rktolczk"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\rktolczk.dll" []
"ChkDsk32"="C:\DOCUME~1\Kai\LOCALS~1\Temp\njdsk.exe" []
"WinPerformance"="C:\Program Files\WinPerformance\WinPerformance.lnk" [12/17/2007 03:00 PM]
"IESet"="IExplorer.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 07:20 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 02:56 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [11/13/2007 03:48 PM]
"@"="" []
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" [11/30/2007 04:33 AM]
"Rax"="C:\Documents and Settings\Kai\My Documents\??crosoft\d?dplay.exe" [11/01/2007 05:45 AM]
"Firewall auto setup"="C:\DOCUME~1\Kai\LOCALS~1\Temp\winlogon.exe" [12/16/2007 12:49 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"IESet"="IExplorer.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA3232"=command /c del "C:\WINDOWS\pbsysie.dll"
"SpybotDeletingC3641"=cmd /c del "C:\WINDOWS\pbsysie.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"=IExplorer.dll .dbt

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"IESet"=IExplorer.dll .dbt

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [9/17/2007 3:48:50 PM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 6:56:20 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ffdshow"= {76852120-11D5-949C-00AE-A17643DA53A5} - c:\program files\ffdshow\wlltchb32.dll [12/12/2007 07:19 AM 100295]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutuut]
wvutuut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtqn

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"

*Newly Created Service* - AFW



-- End of Deckard's System Scanner: finished at 2007-12-17 22:23:18 ------------






Thank you

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:21 AM

Posted 31 December 2007 - 11:56 AM

Hi kaiouji, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks for your patience! :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users