Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maybe Constructor.win32.binder But Not Sure


  • This topic is locked This topic is locked
2 replies to this topic

#1 stingdx

stingdx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 12 May 2008 - 09:27 PM

I was lucky enough to to get this Friday: it made my desktop red with yellow text warning me I had an infection, I got immitations of window warning about slow speed and infection warnings, and popups from various 'adware programs' and AntiSpySpider. All weekend I've been doing what I can to clean this out - I have Kapersky, AVG, Spybot SnD. I've also run SDFix, VundoFix, and SmitfraudFix. I'm at the point now where they all find nothing but I still have something screwing with my dll at start up and spybot is just going crazy with registry changes denied but not telling me what they are. My only clue is that Kapersky found Constructor.Win32.Binder and Trojan-Spy.HTML but also says it has deleted them. I hope that helps to give some background.

Here's my DSS/HJT txt file:

Deckard's System Scanner v20071014.68
Run by Joshua Jericho on 2008-05-12 19:45:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Joshua Jericho.exe) --------------------------------------

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 19:15:52 882 --ahs---- C:\WINDOWS\System32\eLnVDcfe.ini2
2008-05-12 19:15:49 314480 --a------ C:\WINDOWS\System32\efcDVnLe.dll
2008-05-12 18:58:11 0 d-------- C:\VundoFix Backups
2008-05-12 18:57:38 0 d-------- C:\kav
2008-05-12 18:52:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-12 18:52:05 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-12 18:52:04 4 --a------ C:\WINDOWS\System32\winfrun32.bin
2008-05-12 18:50:26 0 d-------- C:\Program Files\webHancer
2008-05-12 18:50:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-12 18:50:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-12 18:50:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-12 18:49:13 0 d-------- C:\Program Files\QdrPack
2008-05-12 18:49:13 0 d-------- C:\Program Files\QdrModule
2008-05-12 18:47:04 9875456 --a------ C:\Documents and Settings\Joshua Jericho\ntuser.dat
2008-05-12 15:52:02 4778 --a------ C:\WINDOWS\System32\tmp.reg
2008-05-12 15:50:57 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-12 15:50:56 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-05-12 15:50:56 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-12 15:50:55 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-12 15:50:55 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-05-12 15:50:53 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-12 15:33:04 1089 --ahs---- C:\WINDOWS\System32\SYGjTvut.ini2
2008-05-12 15:33:02 314480 --a------ C:\WINDOWS\System32\tuvTjGYS.dll
2008-05-12 09:46:06 90240 --a------ C:\WINDOWS\System32\lnjkyxbx.dll
2008-05-12 09:45:14 347 --ahs---- C:\WINDOWS\System32\MprqBcfe.ini2
2008-05-12 09:45:12 314496 --a------ C:\WINDOWS\System32\efcBqrpM.dll
2008-05-12 02:22:42 0 d-------- C:\WINDOWS\ERUNT
2008-05-12 01:34:27 0 d-------- C:\Program Files\Trend Micro
2008-05-12 01:22:55 2048 --a------ C:\WINDOWS\System32\rbdlbuwu.exe
2008-05-12 01:19:36 83024 --a------ C:\WINDOWS\System32\nbnxmuol.dll
2008-05-12 01:16:40 98912 --a------ C:\WINDOWS\System32\jhpkaxji.dll
2008-05-12 01:16:20 90208 --a------ C:\WINDOWS\System32\yaebhyou.dll
2008-05-12 01:15:28 1039849 --ahs---- C:\WINDOWS\System32\fOpsDcdd.ini2
2008-05-12 01:15:25 316464 --a------ C:\WINDOWS\System32\ddcDspOf.dll
2008-05-11 15:42:06 83024 --a------ C:\WINDOWS\System32\ajsjfvjt.dll
2008-05-11 15:41:49 98912 --a------ C:\WINDOWS\System32\ibsoysih.dll
2008-05-11 15:33:59 2048 --a------ C:\WINDOWS\System32\owhygeeo.exe
2008-05-11 15:33:47 90208 --a------ C:\WINDOWS\System32\ckkusvfd.dll
2008-05-11 15:33:03 1042397 --ahs---- C:\WINDOWS\System32\jjPsAJlm.ini2
2008-05-11 00:09:55 96645 --a------ C:\WINDOWS\System32\drivers\klin.dat
2008-05-11 00:09:55 87941 --a------ C:\WINDOWS\System32\drivers\klick.dat
2008-05-11 00:08:54 43040 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-05-11 00:08:54 7899168 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-05-11 00:08:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-11 00:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 00:02:54 98896 --a------ C:\WINDOWS\System32\plikssnu.dll
2008-05-11 00:02:13 90304 --a------ C:\WINDOWS\System32\ydgivwil.dll
2008-05-11 00:01:48 345 --ahs---- C:\WINDOWS\System32\gMSrYcdd.ini2
2008-05-10 23:14:33 98896 --a------ C:\WINDOWS\System32\tmldlgsw.dll
2008-05-10 23:11:04 90304 --a------ C:\WINDOWS\System32\cannqkgw.dll
2008-05-10 23:10:21 1037871 --ahs---- C:\WINDOWS\System32\RuvCdMoq.ini2
2008-05-10 21:30:35 98896 --a------ C:\WINDOWS\System32\xofherck.dll
2008-05-10 21:30:29 83040 --a------ C:\WINDOWS\System32\pykvhafj.dll
2008-05-10 21:30:18 90304 --a------ C:\WINDOWS\System32\xscromrp.dll
2008-05-10 21:27:58 0 d-------- C:\Program Files\Enigma Software Group
2008-05-10 17:04:54 98896 --a------ C:\WINDOWS\System32\xhhrhwjh.dll
2008-05-10 17:03:20 83040 --a------ C:\WINDOWS\System32\uobhmopy.dll
2008-05-10 16:59:38 90304 --a------ C:\WINDOWS\System32\tohqnicg.dll
2008-05-10 16:58:54 1037413 --ahs---- C:\WINDOWS\System32\tENXayay.ini2
2008-05-10 14:27:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-10 04:31:25 1040092 --ahs---- C:\WINDOWS\System32\WaIjTvut.ini2
2008-05-10 04:26:09 25728 --a------ C:\WINDOWS\System32\ssqRLFuv.dll
2008-05-03 15:33:23 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\Media Player Classic
2008-04-19 21:39:32 0 d-------- C:\Program Files\TalkShoe


-- Find3M Report ---------------------------------------------------------------

2008-05-12 18:54:53 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\skypePM
2008-05-12 18:54:00 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\Skype
2008-05-10 17:23:06 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\AVG7
2008-05-08 22:12:18 21840 --a-----t C:\WINDOWS\System32\SIntfNT.dll
2008-05-08 22:12:18 17212 --a-----t C:\WINDOWS\System32\SIntf32.dll
2008-05-08 22:12:17 12067 --a-----t C:\WINDOWS\System32\SIntf16.dll
2008-05-01 18:38:44 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA}
2008-04-20 12:14:29 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
2008-04-19 17:05:30 0 d-------- C:\Program Files\KeyNote
2008-04-18 19:41:54 0 d-------- C:\Program Files\World of Warcraft
2008-04-13 17:42:10 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\ATI
2008-04-13 17:31:33 0 d-------- C:\Program Files\ATI Technologies
2008-04-10 18:19:34 0 d-------- C:\Program Files\CDisplay
2008-04-05 17:05:57 0 d-------- C:\Program Files\DC++
2008-04-05 16:04:39 0 d-------- C:\Program Files\eMule
2008-03-26 13:54:44 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\AdobeUM
2008-03-23 19:39:15 0 d-------- C:\Program Files\SmartFTP Client
2008-03-23 19:37:47 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-21 20:13:19 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\EPSON
2008-03-21 19:41:06 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\ArcSoft
2008-03-21 19:37:48 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-03-21 19:28:12 0 d-------- C:\Program Files\epson
2008-03-21 19:27:21 0 d-------- C:\Program Files\ArcSoft
2008-03-21 19:27:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 19:26:31 0 d-a------ C:\Program Files\Common Files
2008-03-21 19:26:31 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-03-18 15:47:04 0 d-------- C:\Program Files\OGPlanet
2008-03-17 13:31:10 0 d-------- C:\Program Files\Google
2008-03-15 15:38:04 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BEB7046-228F-4BF2-9DF2-59F7C38478A1}]
05/12/2008 01:15 AM 316464 --a------ C:\WINDOWS\System32\ddcDspOf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{229AD937-70D5-466A-9F9D-D827C6BB724F}]
05/12/2008 09:45 AM 314496 --a------ C:\WINDOWS\System32\efcBqrpM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/10/2008 04:26 AM 25728 --a------ C:\WINDOWS\System32\ssqRLFuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F4D689-3940-470A-9442-CB311ACA337C}]
05/12/2008 03:33 PM 314480 --a------ C:\WINDOWS\System32\tuvTjGYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2CAFC69-6D8A-438F-ADAC-F5E0C69EA273}]
05/12/2008 07:15 PM 314480 --a------ C:\WINDOWS\System32\efcDVnLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [01/29/2006 04:57 PM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [08/18/2003 06:46 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04/11/2003 04:25 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [07/28/2003 09:43 AM]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 07:37 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/28/2005 09:05 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 11:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 07:50 AM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [04/11/2005 10:36 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/04/2005 11:32 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/14/2006 09:22 PM]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [12/09/2004 03:51 AM]
"UniUploader"="C:\Program Files\UniUploader\UniUploader.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1113190159\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" []
"Cleanup"="C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\200671515436_mcappins.exe" []
"Tarantula"="C:\Program Files\Razer\Tarantula\razerhid.exe" [09/30/2006 04:48 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"f027ecc6"="rundll32.exe" [08/23/2001 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/29/2002 05:41 AM]
"BMf314df5a"="C:\WINDOWS\System32\ckkusvfd.dll" [05/11/2008 03:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [11/15/2004 02:45 PM]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [01/20/2003 10:53 PM]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe" [10/22/2002 10:55 AM]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [01/20/2003 10:57 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2007 09:18 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/17/2008 07:10 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/26/2003 5:53:27 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 11:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\System32\ssqRLFuv.dll [05/10/2008 04:26 AM 25728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRLFuv]
ssqRLFuv.dll 05/10/2008 04:26 AM 25728 C:\WINDOWS\system32\ssqRLFuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\efcDVnLe
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-12 19:53:20 ------------


----

Deckard's System Scanner v20071014.68
Run by Joshua Jericho on 2008-05-12 19:49:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Joshua Jericho.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:26 PM, on 5/12/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Common Files\AOL\1113190159\ee\AOLSoftware.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Razer\Tarantula\razertra.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Joshua Jericho\Desktop\dss.exe
C:\Documents and Settings\Joshua Jericho\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOSHUA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://animesuki.com/
O2 - BHO: (no name) - {0BEB7046-228F-4BF2-9DF2-59F7C38478A1} - C:\WINDOWS\System32\ddcDspOf.dll
O2 - BHO: (no name) - {229AD937-70D5-466A-9F9D-D827C6BB724F} - C:\WINDOWS\System32\efcBqrpM.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} - C:\WINDOWS\System32\ssqRLFuv.dll
O2 - BHO: (no name) - {D3F4D689-3940-470A-9442-CB311ACA337C} - C:\WINDOWS\System32\tuvTjGYS.dll
O2 - BHO: (no name) - {F2CAFC69-6D8A-438F-ADAC-F5E0C69EA273} - C:\WINDOWS\System32\efcDVnLe.dll
O2 - BHO: (no name) - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MediaFace Integration] "C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files\Audio Deck\EnMixCPL.exe" 1
O4 - HKLM\..\Run: [UniUploader] "C:\Program Files\UniUploader\UniUploader.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113190159\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [Cleanup] "C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\200671515436_mcappins.exe" /v=3 /cleanup
O4 - HKLM\..\Run: [Tarantula] "C:\Program Files\Razer\Tarantula\razerhid.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [f027ecc6] "rundll32.exe" "C:\WINDOWS\System32\ihttibhi.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMf314df5a] Rundll32.exe "C:\WINDOWS\System32\ckkusvfd.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] "C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE"
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqRLFuv - C:\WINDOWS\SYSTEM32\ssqRLFuv.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10193 bytes

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 19:15:52 882 --ahs---- C:\WINDOWS\System32\eLnVDcfe.ini2
2008-05-12 19:15:49 314480 --a------ C:\WINDOWS\System32\efcDVnLe.dll
2008-05-12 18:58:11 0 d-------- C:\VundoFix Backups
2008-05-12 18:57:38 0 d-------- C:\kav
2008-05-12 18:52:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-12 18:52:05 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-12 18:52:04 4 --a------ C:\WINDOWS\System32\winfrun32.bin
2008-05-12 18:50:26 0 d-------- C:\Program Files\webHancer
2008-05-12 18:50:21 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-12 18:50:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-12 18:50:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-12 18:49:13 0 d-------- C:\Program Files\QdrPack
2008-05-12 18:49:13 0 d-------- C:\Program Files\QdrModule
2008-05-12 18:47:04 9875456 --a------ C:\Documents and Settings\Joshua Jericho\ntuser.dat
2008-05-12 15:52:02 4778 --a------ C:\WINDOWS\System32\tmp.reg
2008-05-12 15:50:57 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-12 15:50:56 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-05-12 15:50:56 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-12 15:50:55 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-12 15:50:55 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-05-12 15:50:53 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-12 15:33:04 1089 --ahs---- C:\WINDOWS\System32\SYGjTvut.ini2
2008-05-12 15:33:02 314480 --a------ C:\WINDOWS\System32\tuvTjGYS.dll
2008-05-12 09:46:06 90240 --a------ C:\WINDOWS\System32\lnjkyxbx.dll
2008-05-12 09:45:14 347 --ahs---- C:\WINDOWS\System32\MprqBcfe.ini2
2008-05-12 09:45:12 314496 --a------ C:\WINDOWS\System32\efcBqrpM.dll
2008-05-12 02:22:42 0 d-------- C:\WINDOWS\ERUNT
2008-05-12 01:34:27 0 d-------- C:\Program Files\Trend Micro
2008-05-12 01:22:55 2048 --a------ C:\WINDOWS\System32\rbdlbuwu.exe
2008-05-12 01:19:36 83024 --a------ C:\WINDOWS\System32\nbnxmuol.dll
2008-05-12 01:16:40 98912 --a------ C:\WINDOWS\System32\jhpkaxji.dll
2008-05-12 01:16:20 90208 --a------ C:\WINDOWS\System32\yaebhyou.dll
2008-05-12 01:15:28 1039849 --ahs---- C:\WINDOWS\System32\fOpsDcdd.ini2
2008-05-12 01:15:25 316464 --a------ C:\WINDOWS\System32\ddcDspOf.dll
2008-05-11 15:42:06 83024 --a------ C:\WINDOWS\System32\ajsjfvjt.dll
2008-05-11 15:41:49 98912 --a------ C:\WINDOWS\System32\ibsoysih.dll
2008-05-11 15:33:59 2048 --a------ C:\WINDOWS\System32\owhygeeo.exe
2008-05-11 15:33:47 90208 --a------ C:\WINDOWS\System32\ckkusvfd.dll
2008-05-11 15:33:03 1042397 --ahs---- C:\WINDOWS\System32\jjPsAJlm.ini2
2008-05-11 00:09:55 96645 --a------ C:\WINDOWS\System32\drivers\klin.dat
2008-05-11 00:09:55 87941 --a------ C:\WINDOWS\System32\drivers\klick.dat
2008-05-11 00:08:54 43296 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-05-11 00:08:54 7900960 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-05-11 00:08:53 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-11 00:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-11 00:02:54 98896 --a------ C:\WINDOWS\System32\plikssnu.dll
2008-05-11 00:02:13 90304 --a------ C:\WINDOWS\System32\ydgivwil.dll
2008-05-11 00:01:48 345 --ahs---- C:\WINDOWS\System32\gMSrYcdd.ini2
2008-05-10 23:14:33 98896 --a------ C:\WINDOWS\System32\tmldlgsw.dll
2008-05-10 23:11:04 90304 --a------ C:\WINDOWS\System32\cannqkgw.dll
2008-05-10 23:10:21 1037871 --ahs---- C:\WINDOWS\System32\RuvCdMoq.ini2
2008-05-10 21:30:35 98896 --a------ C:\WINDOWS\System32\xofherck.dll
2008-05-10 21:30:29 83040 --a------ C:\WINDOWS\System32\pykvhafj.dll
2008-05-10 21:30:18 90304 --a------ C:\WINDOWS\System32\xscromrp.dll
2008-05-10 21:27:58 0 d-------- C:\Program Files\Enigma Software Group
2008-05-10 17:04:54 98896 --a------ C:\WINDOWS\System32\xhhrhwjh.dll
2008-05-10 17:03:20 83040 --a------ C:\WINDOWS\System32\uobhmopy.dll
2008-05-10 16:59:38 90304 --a------ C:\WINDOWS\System32\tohqnicg.dll
2008-05-10 16:58:54 1037413 --ahs---- C:\WINDOWS\System32\tENXayay.ini2
2008-05-10 14:27:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-10 04:31:25 1040092 --ahs---- C:\WINDOWS\System32\WaIjTvut.ini2
2008-05-10 04:26:09 25728 --a------ C:\WINDOWS\System32\ssqRLFuv.dll
2008-05-03 15:33:23 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\Media Player Classic
2008-04-19 21:39:32 0 d-------- C:\Program Files\TalkShoe


-- Find3M Report ---------------------------------------------------------------

2008-05-12 18:54:53 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\skypePM
2008-05-12 18:54:00 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\Skype
2008-05-10 17:23:06 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\AVG7
2008-05-08 22:12:18 21840 --a-----t C:\WINDOWS\System32\SIntfNT.dll
2008-05-08 22:12:18 17212 --a-----t C:\WINDOWS\System32\SIntf32.dll
2008-05-08 22:12:17 12067 --a-----t C:\WINDOWS\System32\SIntf16.dll
2008-05-01 18:38:44 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\{27ABEAD9-B7C4-4994-891F-48F5F48861FA}
2008-04-20 12:14:29 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
2008-04-19 17:05:30 0 d-------- C:\Program Files\KeyNote
2008-04-18 19:41:54 0 d-------- C:\Program Files\World of Warcraft
2008-04-13 17:42:10 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\ATI
2008-04-13 17:31:33 0 d-------- C:\Program Files\ATI Technologies
2008-04-10 18:19:34 0 d-------- C:\Program Files\CDisplay
2008-04-05 17:05:57 0 d-------- C:\Program Files\DC++
2008-04-05 16:04:39 0 d-------- C:\Program Files\eMule
2008-03-26 13:54:44 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\AdobeUM
2008-03-23 19:39:15 0 d-------- C:\Program Files\SmartFTP Client
2008-03-23 19:37:47 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-21 20:13:19 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\EPSON
2008-03-21 19:41:06 0 d-------- C:\Documents and Settings\Joshua Jericho\Application Data\ArcSoft
2008-03-21 19:37:48 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-03-21 19:28:12 0 d-------- C:\Program Files\epson
2008-03-21 19:27:21 0 d-------- C:\Program Files\ArcSoft
2008-03-21 19:27:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 19:26:31 0 d-a------ C:\Program Files\Common Files
2008-03-21 19:26:31 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-03-18 15:47:04 0 d-------- C:\Program Files\OGPlanet
2008-03-17 13:31:10 0 d-------- C:\Program Files\Google
2008-03-15 15:38:04 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BEB7046-228F-4BF2-9DF2-59F7C38478A1}]
05/12/2008 01:15 AM 316464 --a------ C:\WINDOWS\System32\ddcDspOf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{229AD937-70D5-466A-9F9D-D827C6BB724F}]
05/12/2008 09:45 AM 314496 --a------ C:\WINDOWS\System32\efcBqrpM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}]
05/10/2008 04:26 AM 25728 --a------ C:\WINDOWS\System32\ssqRLFuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3F4D689-3940-470A-9442-CB311ACA337C}]
05/12/2008 03:33 PM 314480 --a------ C:\WINDOWS\System32\tuvTjGYS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2CAFC69-6D8A-438F-ADAC-F5E0C69EA273}]
05/12/2008 07:15 PM 314480 --a------ C:\WINDOWS\System32\efcDVnLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [01/29/2006 04:57 PM]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [08/18/2003 06:46 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04/11/2003 04:25 PM]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [07/28/2003 09:43 AM]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [05/21/2003 07:37 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/28/2005 09:05 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 11:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/2006 07:50 AM]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [04/11/2005 10:36 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/04/2005 11:32 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/14/2006 09:22 PM]
"EnvyHFCPL"="C:\Program Files\Audio Deck\EnMixCPL.exe" [12/09/2004 03:51 AM]
"UniUploader"="C:\Program Files\UniUploader\UniUploader.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1113190159\ee\AOLSoftware.exe" [09/25/2006 07:52 PM]
"SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" []
"Cleanup"="C:\DOCUME~1\JOSHUA~1\LOCALS~1\Temp\200671515436_mcappins.exe" []
"Tarantula"="C:\Program Files\Razer\Tarantula\razerhid.exe" [09/30/2006 04:48 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 04:41 PM]
"f027ecc6"="rundll32.exe" [08/23/2001 07:00 AM C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/29/2002 05:41 AM]
"BMf314df5a"="C:\WINDOWS\System32\ckkusvfd.dll" [05/11/2008 03:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [11/15/2004 02:45 PM]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [01/20/2003 10:53 PM]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe" [10/22/2002 10:55 AM]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [01/20/2003 10:57 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2007 09:18 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/17/2008 07:10 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/26/2003 5:53:27 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 11:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8}"= C:\WINDOWS\System32\ssqRLFuv.dll [05/10/2008 04:26 AM 25728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRLFuv]
ssqRLFuv.dll 05/10/2008 04:26 AM 25728 C:\WINDOWS\system32\ssqRLFuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\efcDVnLe
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-12 19:54:37 ------------


Thank you in advance for any help!

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 22 May 2008 - 07:45 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

Sorry for the wait, more infected computers that we can handle on a timely basis. If you have not resolved your issue, review the instructions posted above and then post a new HijackThis log using Add Reply.
This can be a tough infection to remove so do not expect fast or easy.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 30 May 2008 - 07:54 AM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users