Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure What Im Infected With But Need Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 dillonrsh

dillonrsh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 27 May 2008 - 11:34 PM

lately my computer has been messing up
now and than i cant run taskmanager or regedit, ill fix them but later they wont work again
or folder options will just dissapear and firefox and opera occasionaly wont work even though internet explorer does

i ran netstat in the command prompt and now and than itll show 007guard.com which im pretty sure isnt good



i downloaded and ran deckard system scan and this is what i got


this is the main log file



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-27 22:28:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2008-05-28 03:28:36 UTC - RP62 - Deckard's System Scanner Restore Point
61: 2008-05-28 03:24:51 UTC - RP61 - Removed The Witcher Demo
60: 2008-05-27 03:49:07 UTC - RP60 - Installed Opera 9.27
59: 2008-05-26 12:41:49 UTC - RP59 - RegRun Virus Scan
58: 2008-05-26 01:20:26 UTC - RP58 - RegRun Virus Scan


-- First Restore Point --
1: 2008-05-19 03:44:28 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 446 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:56 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\982442052\ee\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\TDDownload\Software\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
O2 - BHO: (no name) - {15366a39-4595-443f-ba3c-b7499c52bd04} - C:\WINDOWS\system32\yayyXNfe.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: atfxqogp - {AC9264CC-124E-43B6-9144-8664D704A0BC} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKLM\..\Run: [AntiSpye] C:\Program Files\AntiSpye\antispye.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM77d61f15] Rundll32.exe "C:\WINDOWS\system32\bfqtlsbi.dll",s
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL 9.0\aol.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [explorer] C:\WINDOWS\explorer.exe
O4 - HKCU\..\Run: [Firefoortable] "C:\Program Files\firefoxportable\Firefoortable.exe"
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{75B35241-55BF-4075-9263-73D2BFDF9BCD}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA82D2CD-9BF6-4AF0-9C94-E668CBC85ADB}: NameServer = 85.255.116.53,85.255.112.7
O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.7
O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.7
O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.7
O17 - HKLM\System\CS16\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.7
O20 - Winlogon Notify: ssqQjGwU - ssqQjGwU.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7352 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
R0 partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
R3 regguard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 MovRVDrv32 - c:\windows\system32\drivers\movrvdrv32.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 service.sys - c:\windows\system32\service.sys
S3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys (file missing)
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows ® 2000/XP; Windows ® 2000/XP Driver>
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-27 21:51:49 95808 --a------ C:\WINDOWS\system32\waeelunn.dll
2008-05-27 21:48:46 2624 --a------ C:\WINDOWS\system32\rifacxbg.exe
2008-05-27 21:43:39 102976 --a------ C:\WINDOWS\system32\shxkkrkg.dll
2008-05-26 22:49:11 0 d-------- C:\Program Files\Opera
2008-05-26 21:59:37 104000 --a------ C:\WINDOWS\system32\cxupykgw.dll
2008-05-26 00:17:33 163840 --a------ C:\WINDOWS\xmpstean.exe
2008-05-26 00:17:33 327680 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-26 00:17:33 368640 --a------ C:\WINDOWS\vltdfabw.dll
2008-05-26 00:17:33 159744 --a------ C:\WINDOWS\etkq.exe
2008-05-26 00:17:33 200704 --a------ C:\WINDOWS\atfxqogp.dll
2008-05-26 00:17:32 274432 --a------ C:\WINDOWS\boqnrwdmvdr.dll
2008-05-25 23:14:33 0 d-------- C:\Program Files\Swift
2008-05-25 21:47:40 2624 --a------ C:\WINDOWS\system32\tjcoltjg.exe
2008-05-25 21:44:40 105024 --a------ C:\WINDOWS\system32\ruynhfid.dll
2008-05-25 21:41:40 94272 --a------ C:\WINDOWS\system32\gdchhskw.dll
2008-05-25 21:38:14 102976 --a------ C:\WINDOWS\system32\umditweo.dll
2008-05-25 21:35:39 833086 --ahs---- C:\WINDOWS\system32\efNXyyay.ini2
2008-05-25 21:34:27 279552 --a------ C:\WINDOWS\system32\yayyXNfe.dll
2008-05-25 20:29:22 36352 --a------ C:\WINDOWS\system32\vtUKbyww.dll
2008-05-25 20:19:30 13312 --a------ C:\Documents and Settings\Administrator\cftmon.exe
2008-05-25 20:08:22 53 --a------ C:\smp.bat
2008-05-25 18:12:50 13312 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-05-24 11:57:51 396288 --a------ C:\HijackThis.exe <HIJACK~1.EXE> <Not Verified; Trend Micro Inc.; HijackThis>
2008-05-23 19:07:31 0 d-------- C:\Program Files\Trend Micro
2008-05-23 15:24:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2008-05-23 15:23:38 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-23 15:20:47 197120 --a------ C:\WINDOWS\patchw32.dll
2008-05-23 15:20:47 0 d-------- C:\Program Files\Common Files\PocketSoft
2008-05-23 15:16:28 0 d-------- C:\Program Files\Atari
2008-05-23 14:41:41 0 d-------- C:\Program Files\America's Army Server Manager
2008-05-23 14:39:13 0 d-------- C:\Program Files\America's Army
2008-05-21 20:23:08 2624 --a------ C:\WINDOWS\system32\wnayyntk.exe
2008-05-21 20:17:42 104512 --a------ C:\WINDOWS\system32\shpblvdv.dll
2008-05-21 20:14:28 93248 --a------ C:\WINDOWS\system32\fspjndmc.dll
2008-05-21 20:13:08 105024 --a------ C:\WINDOWS\system32\dgyrlisi.dll
2008-05-20 10:05:47 29824 --a------ C:\WINDOWS\system32\efcaYPFW.dll
2008-05-20 10:03:59 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-20 10:03:10 217088 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-20 10:03:10 217088 --a------ C:\WINDOWS\nldfmtapxvt.dll
2008-05-20 10:03:10 81920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-20 10:03:10 196608 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-20 10:03:10 94208 --a------ C:\WINDOWS\exbk.exe
2008-05-20 09:59:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-19 21:28:27 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-19 21:12:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-19 21:03:33 10752 --a------ C:\exefix_xp.com <Not Verified; ; ExeFix for Windows® XP>
2008-05-19 20:12:50 2624 --a------ C:\WINDOWS\system32\lqwuupcj.exe
2008-05-19 20:11:44 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-19 20:10:55 25088 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite, UnHackMe>
2008-05-19 20:10:55 30946 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-19 20:10:28 16384 --a------ C:\WINDOWS\WinBait.exe
2008-05-19 20:10:25 0 d-------- C:\Program Files\Greatis
2008-05-19 20:09:53 100928 --a------ C:\WINDOWS\system32\bbpsjauk.dll
2008-05-19 20:06:57 98880 --a------ C:\WINDOWS\system32\bfqtlsbi.dll
2008-05-19 19:17:10 0 d-------- C:\Program Files\RogueRemover FREE
2008-05-19 19:01:06 13312 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-05-18 23:07:36 346112 --a------ C:\WINDOWS\system32\fcccbbx.dll
2008-05-18 22:44:17 922480 --ahs---- C:\WINDOWS\system32\jkUtDfhk.ini2
2008-05-18 22:41:37 37376 --a------ C:\WINDOWS\system32\khfCvUlm.dll
2008-05-18 22:40:49 18368 --a------ C:\WINDOWS\system32\service.sys
2008-05-18 22:40:46 0 d-------- C:\Program Files\Helper
2008-05-18 22:40:42 37376 --a------ C:\WINDOWS\system32\pmnkJbYP.dll
2008-05-18 22:39:56 201216 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-05-18 22:39:54 71680 --a------ C:\WINDOWS\system32\ntpl.bin
2008-05-18 22:33:22 0 d-------- C:\Program Files\Smart Projects
2008-05-18 22:16:43 0 d-------- C:\Program Files\Undisker
2008-05-18 19:45:55 232077 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_5609.exe <Not Verified; Burn4Free; Burn4Free CD and DVD>
2008-05-18 19:45:54 0 d-------- C:\Program Files\Burn4Free Toolbar
2008-05-18 19:45:38 0 d-------- C:\Program Files\Burn4Free
2008-05-17 17:59:30 0 d-------- C:\Program Files\ZeroOnline
2008-05-17 16:31:49 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-17 15:54:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-05-17 15:54:16 0 d-------- C:\Documents and Settings\Administrator\Saved Games
2008-05-17 15:54:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
2008-05-17 15:53:51 0 d-------- C:\Program Files\Telltale Games
2008-05-17 15:53:34 0 d-------- C:\Program Files\Agatha Christie Peril At End House
2008-05-17 15:49:51 0 d-------- C:\Program Files\Space Strike
2008-05-17 15:49:48 0 d-------- C:\Program Files\Depths Of Peril
2008-05-17 15:28:40 0 d-------- C:\Program Files\Eudemons Online
2008-05-17 15:28:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-17 15:27:40 0 d-------- C:\Program Files\Svetlograd
2008-05-17 15:20:13 0 d-------- C:\Program Files\PCPitstop
2008-05-17 14:35:30 0 d-------- C:\Program Files\The Witcher Demo
2008-05-15 17:34:08 0 d--h----- C:\WINDOWS\PIF
2008-05-15 15:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-13 21:13:48 0 d-------- C:\Program Files\ophcrack
2008-05-10 22:03:46 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-05-09 22:33:25 0 d-------- C:\Program Files\RegScrubXP
2008-05-08 21:19:56 0 d-------- C:\Program Files\Capture-A-ScreenShot
2008-05-08 20:54:12 0 d-------- C:\Program Files\Zeallsoft
2008-05-08 20:20:38 0 d-------- C:\TDDownload
2008-05-08 18:01:34 0 d-------- C:\Documents and Settings\Administrator\FSL
2008-05-08 18:00:03 0 d-------- C:\Program Files\FSL
2008-05-08 17:56:34 0 d-------- C:\Program Files\FDF
2008-05-08 17:55:10 86016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll <Not Verified; Giganology Inc.; GigagetBHO Module>
2008-05-08 17:55:06 0 d-------- C:\Program Files\Giganology
2008-05-07 15:52:46 0 d-------- C:\ec8e3dd416daf45018adaca1df
2008-05-06 22:58:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Conceptworld
2008-05-06 22:58:24 0 d-------- C:\Program Files\Conceptworld
2008-05-05 20:11:43 0 d-------- C:\Python25
2008-05-03 21:49:19 0 d-------- C:\Program Files\Universal Extractor
2008-05-03 19:22:19 528384 --a------ C:\WINDOWS\system32\Astro Gemini Screensaver Manager.scr <Not Verified; Astro Gemini Software; Astro Gemini Screensaver Manager>
2008-05-03 19:22:16 10301440 --a------ C:\WINDOWS\system32\Winter 3D Screensaver.scr
2008-05-03 19:22:16 0 d-------- C:\Program Files\Astro Gemini Software
2008-05-03 19:07:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vista Start Menu
2008-05-03 19:07:16 0 d-------- C:\Program Files\Vista Start Menu
2008-05-01 22:16:22 0 d-------- C:\Program Files\Dark Basic Software
2008-04-30 21:29:43 0 d-------- C:\Program Files\Armada Tanks
2008-04-30 21:29:32 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-30 19:37:03 0 d-------- C:\Program Files\EndlessOnline
2008-04-30 15:51:30 0 d-------- C:\Program Files\OpenAL
2008-04-30 15:51:29 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-30 15:51:29 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-04-30 15:47:57 0 d-------- C:\Program Files\Warzone 2100
2008-04-30 06:30:31 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-30 06:29:30 0 d-------- C:\Program Files\SoftwareClub.ws
2008-04-29 14:06:56 0 d-------- C:\Program Files\MediaMonkey
2008-04-29 14:04:07 0 d-------- C:\Program Files\Winamp
2008-04-29 14:04:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-04-28 23:35:44 0 d-------- C:\Program Files\PhotoZoom Pro 2
2008-04-27 11:55:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller


-- Find3M Report ---------------------------------------------------------------

2008-05-27 22:40:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\.purple
2008-05-27 22:26:32 0 d-------- C:\Program Files\Common Files
2008-05-27 22:25:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 14:01:41 0 d-------- C:\Program Files\EMPIRE EARTH
2008-05-26 22:55:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\dvdcss
2008-05-26 22:04:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\foobar2000
2008-05-26 20:30:12 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-26 07:45:47 0 d-------- C:\Program Files\firefoxportable
2008-05-26 07:45:28 0 d-------- C:\Program Files\AOL 9.0
2008-05-25 18:13:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-18 22:39:56 577024 --a------ C:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-15 22:37:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-05-15 15:56:29 0 d-------- C:\Program Files\Yahoo!
2008-05-11 22:57:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-08 15:57:11 0 d-------- C:\Program Files\Zune
2008-05-05 18:51:52 5632 --ahs---- C:\Program Files\Thumbs.db
2008-04-27 12:01:11 0 d-------- C:\Program Files\Windows NT
2008-04-27 11:57:26 0 d-------- C:\Program Files\YPOPs
2008-04-27 11:56:48 0 d-------- C:\Program Files\Oberon Media
2008-04-27 11:55:43 0 d-------- C:\Program Files\Trillian
2008-04-25 23:27:27 0 d-------- C:\Program Files\AlbumArtDownloader
2008-04-24 15:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-21 10:30:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2008-04-20 18:26:52 0 d-------- C:\Program Files\FocusGenie
2008-04-20 18:26:36 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-20 10:52:06 0 d-------- C:\Program Files\Alcohol Soft
2008-04-17 20:48:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-17 20:23:59 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-17 20:20:57 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-17 19:09:43 0 d-------- C:\Program Files\Absolute Poker
2008-04-16 12:30:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-15 22:33:49 0 d-------- C:\Program Files\Zune Explorer Enabler
2008-04-14 20:05:17 0 d-------- C:\Program Files\cladDVD .NET 3.5.6
2008-04-12 23:21:32 0 d-------- C:\Program Files\_uninstallation_info
2008-04-08 00:07:56 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-07 02:02:16 0 d-------- C:\Program Files\MySpace
2008-04-04 01:05:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-04-02 06:13:59 0 d-------- C:\Program Files\Project64 1.6
2008-03-31 19:03:45 0 d-------- C:\Program Files\uTorrent
2008-03-29 21:49:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\QuickNES
2008-02-28 23:14:04 223744 --a------ C:\WINDOWS\system32\b4fm.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15366a39-4595-443f-ba3c-b7499c52bd04}]
05/25/2008 09:35 PM 279552 --a------ C:\WINDOWS\system32\yayyXNfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"runner1"="C:\WINDOWS\mrofinu1535.exe" []
"autoload"="C:\Documents and Settings\Administrator\cftmon.exe" [05/18/2008 10:36 PM]
"AntiSpye"="C:\Program Files\AntiSpye\antispye.exe" []
"RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
"@RegRunOnSecure"="C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/20/2008 10:27 PM]
"BM77d61f15"="C:\WINDOWS\system32\bfqtlsbi.dll" [05/19/2008 08:09 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [05/18/2008 10:36 PM]
"FixPolicies"="" []
"aol"="C:\Program Files\AOL 9.0\aol.exe" [04/18/2007 01:48 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"autoload"="C:\Documents and Settings\Administrator\cftmon.exe" [05/18/2008 10:36 PM]
"Jnskdfmf9eldfd"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe" []
"AOL Fast Start"="C:\Program Files\AOL 9.0a\AOL.exe" [04/18/2007 01:48 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [02/14/2008 10:07 AM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [05/18/2008 10:36 PM]
"explorer"="C:\WINDOWS\explorer.exe" [08/10/2004 06:00 AM]
"Firefoortable"="C:\Program Files\firefoxportable\Firefoortable.exe" [12/05/2007 11:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"= C:\WINDOWS\system32\ssqQjGwU.dll [ ]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\vtUKbyww.dll [05/25/2008 08:29 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdqmc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjGwU]
ssqQjGwU.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\adam.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AgentSvr.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AppSvc32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AST.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvastU3.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccSvcHst.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FileDsty.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FTCleanerShell.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FYFireWall.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ghost.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iparmo.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\irsetup.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\isPwdSvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kabaload.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KaScrScn.SCR]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPF.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSetup.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KISLnchr.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMailMon.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KMFilter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRepair.com]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KsLoader.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVCenter.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvDetect.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvfwMcl.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP_1.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvolself.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvReport.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVScan.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVStub.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvupload.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kvwsc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP_1.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32kui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPFMntor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQKav.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQSC.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.EXE]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\upiea.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\USBCleaner.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zjb.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\mxttklc.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayyXNfe

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^administrator^start menu^programs^startup^fsl launcher.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FSL Launcher.lnk
backup=C:\WINDOWS\pss\FSL Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^administrator^start menu^programs^startup^rollercoaster tycoon 3 registration.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]
"C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antispye]
C:\Program Files\AntiSpye\antispye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aol fast start]
"C:\Program Files\AOL 9.0a\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\Administrator\cftmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bm77d61f15]
Rundll32.exe "C:\WINDOWS\system32\bfqtlsbi.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnskdfmf9eldfd]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
C:\WINDOWS\system32\drivers\spools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
C:\Program Files\Tunebite\tunebite.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"PCToolsFirewallPlus"=2 (0x2)
"iPod Service"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ef36ad4-04a1-11d5-b045-00038a000015}]
AutoRun\command- I:\vfpkkbq.exe
explore\Command- I:\vfpkkbq.exe
open\Command- I:\vfpkkbq.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8378 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-27 22:42:04 ------------

and it told me to add an extra logfile as attachment so i did

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:45 PM

Posted 11 June 2008 - 12:28 AM

Hello dillonrsh,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

**************************


Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.exe

then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.

Also post a fresh Hijackthis log.

Edited by SifuMike, 11 June 2008 - 12:39 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:45 PM

Posted 16 June 2008 - 01:45 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users