Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Command Service, Possibly Targetsaver.


  • This topic is locked This topic is locked
17 replies to this topic

#1 ThaWhiteboy1691

ThaWhiteboy1691

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 03 August 2008 - 06:36 PM

I have run several cleaners and fixers in the recent past, such as CCleaner [to make things easier, I guess], Spybot Search & Destroy, and HijackThis. It appears that two malwares persist. Virtumonde and Command Service. I was infected with Targetsaver as well. I haven't seen it in awhile, but I don't believe it as ever entirely taken care of. I have frequent random popups for various things including Universities, system scan/cleaners, and porn. Additionally, I recently became unable to login to myspace, facebook, my email, or other things that require a login. I'm grateful I was actually able to login here, I have no clue why I actually could. I believe this all runs underneath what I'm able to actually see, as nothing particularly suspicious appears on my Task Manager. I performed the DSS scan and included the two logs requested and I hope to hear from sombody soon. Thanks for your time. -Derek


Deckard's System Scanner v20071014.68
Run by JJK on 2008-08-03 17:57:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-08-03 22:57:58 UTC - RP741 - Deckard's System Scanner Restore Point
80: 2008-08-03 06:42:18 UTC - RP740 - System Checkpoint
79: 2008-08-02 05:33:22 UTC - RP739 - System Checkpoint
78: 2008-08-01 02:38:24 UTC - RP738 - System Checkpoint
77: 2008-07-31 02:30:44 UTC - RP737 - System Checkpoint


-- First Restore Point --
1: 2008-07-05 17:41:50 UTC - RP661 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as JJK.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:16 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\command.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\JJK\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JJK.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {09F29470-4EB3-42D6-843D-1813FB43F739} - C:\WINDOWS\system32\mlJdaXqP.dll
O2 - BHO: (no name) - {15fa1327-95fe-457e-a32e-b0fad01845ad} - (no file)
O2 - BHO: (no name) - {30d50996-8181-4c07-b97a-2ecd08bc58fc} - (no file)
O2 - BHO: (no name) - {324F91A1-A4C7-4B67-AF00-661B88924BF5} - C:\WINDOWS\system32\pmnmkjhF.dll (file missing)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E4DAA69-9D23-455C-A733-CFA6CDC0CAB6} - (no file)
O2 - BHO: (no name) - {8509581a-e9a5-4c1b-adf9-03444729c23b} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92FECC1C-5C09-4828-A5E8-10EFC629B8EB} - (no file)
O2 - BHO: (no name) - {a3905697-7ff4-400c-ac2a-1f4c8c82c19b} - (no file)
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: (no name) - {BCC43BC6-AE88-4232-8DB7-DA317F2E3748} - (no file)
O2 - BHO: (no name) - {C6EAE9D4-5BAB-4310-B8B9-855CFE1FFFBD} - C:\WINDOWS\system32\pmnljHwt.dll
O2 - BHO: (no name) - {D548F9CD-4297-47CA-8AC7-B77172AD8B9D} - (no file)
O2 - BHO: {82a30dcb-39b1-f378-0384-bcbe91622dee} - {eed22619-ebcb-4830-873f-1b93bcd03a28} - C:\WINDOWS\system32\bqwzhj.dll
O2 - BHO: (no name) - {F0A6E186-0760-4B75-8AE1-4750ACC11CBB} - C:\WINDOWS\system32\qoMebaAp.dll (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMa357b5a2] Rundll32.exe "C:\WINDOWS\system32\ceahfrlk.dll",s
O4 - HKLM\..\Run: [a064863e] rundll32.exe "C:\WINDOWS\system32\ffhejyam.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: jovahe.dll kazctr.dll bqwzhj.dll
O20 - Winlogon Notify: pmnljHwt - C:\WINDOWS\SYSTEM32\pmnljHwt.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Si5KLiBLbmVjaHRlbA\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsybypru.html

--
End of file - 9509 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080723-222623-217 O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
backup-20080723-222623-227 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
backup-20080723-222623-306 O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
backup-20080723-222623-372 O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
backup-20080723-222623-389 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20080723-222623-402 O4 - HKLM\..\Run: [hory] C:\Program Files\WindowsUpdate\hory77798.exe
backup-20080723-222623-553 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Si5KLiBLbmVjaHRlbA\command.exe
backup-20080723-222623-574 O4 - Startup: PowerReg SchedulerV2.exe
backup-20080723-222623-580 O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
backup-20080723-222623-797 O8 - Extra context menu item: &Search - ?p=ZCxdm492YYUS
backup-20080723-222623-912 O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
backup-20080723-222623-940 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
backup-20080803-140330-343 O4 - HKLM\..\Run: [a064863e] rundll32.exe "C:\WINDOWS\system32\qmbqpwmc.dll",b
backup-20080803-140330-413 O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
backup-20080803-140330-447 O4 - HKLM\..\Run: [BMa357b5a2] Rundll32.exe "C:\WINDOWS\system32\ktwfgpdg.dll",s
backup-20080803-140330-623 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
backup-20080803-140330-809 O4 - HKCU\..\Run: [rufi] C:\PROGRA~1\COMMON~1\rufi\rufim.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 USBCM (Netgear CG814 USB Cable Modem NDIS Driver) - c:\windows\system32\drivers\cg814.sys <Not Verified; ; USB Cable Modem Driver 1.9>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 cmdService (Command Service) - c:\windows\si5kliblbmvjahrlba\command.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>

S2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
S2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 15:10:30 83456 --a------ C:\WINDOWS\system32\ffhejyam.dll
2008-08-03 15:07:32 114176 --a------ C:\WINDOWS\system32\bqwzhj.dll
2008-08-03 15:07:30 114176 --a------ C:\WINDOWS\system32\qrmqykjj.dll
2008-08-03 15:05:15 91648 --a------ C:\WINDOWS\system32\ceahfrlk.dll
2008-08-03 15:04:29 731901 --ahs---- C:\WINDOWS\system32\PqXadJlm.ini2
2008-08-03 15:04:20 314880 --a------ C:\WINDOWS\system32\mlJdaXqP.dll
2008-08-03 01:26:25 83456 --a------ C:\WINDOWS\system32\wfscoeqm.dll
2008-08-02 20:41:50 114176 --a------ C:\WINDOWS\system32\kazctr.dll
2008-08-02 20:41:49 114176 --a------ C:\WINDOWS\system32\uduwgvuo.dll
2008-08-01 22:04:16 0 dr-h----- C:\Documents and Settings\JJK\Recent
2008-08-01 19:59:20 114176 --a------ C:\WINDOWS\system32\jovahe.dll
2008-08-01 19:59:18 114176 --a------ C:\WINDOWS\system32\vmqloavq.dll
2008-08-01 19:56:18 83456 --a------ C:\WINDOWS\system32\tcuuhufq.dll
2008-08-01 19:53:18 91648 --a------ C:\WINDOWS\system32\jbsbnufh.dll
2008-07-31 19:55:51 105472 --a------ C:\WINDOWS\system32\leclno.dll
2008-07-31 19:55:50 105472 --a------ C:\WINDOWS\system32\tyoefbjd.dll
2008-07-31 19:52:50 83456 --a------ C:\WINDOWS\system32\wopqcwxt.dll
2008-07-31 19:50:54 91648 --a------ C:\WINDOWS\system32\fbnfmisg.dll
2008-07-31 10:29:16 83456 --a------ C:\WINDOWS\system32\dlwxfsrq.dll
2008-07-31 10:26:17 105472 --a------ C:\WINDOWS\system32\cqxowu.dll
2008-07-31 10:26:16 105472 --a------ C:\WINDOWS\system32\siqqvory.dll
2008-07-31 10:23:37 91648 --a------ C:\WINDOWS\system32\pkdmlkmb.dll
2008-07-30 10:28:37 83456 --a------ C:\WINDOWS\system32\pvauluqa.dll
2008-07-30 10:25:39 105472 --a------ C:\WINDOWS\system32\lubosm.dll
2008-07-30 10:25:37 105472 --a------ C:\WINDOWS\system32\diwxchhb.dll
2008-07-30 10:22:38 91648 --a------ C:\WINDOWS\system32\ewijseox.dll
2008-07-29 10:29:28 83456 --a------ C:\WINDOWS\system32\qmbqpwmc.dll
2008-07-29 10:27:08 105472 --a------ C:\WINDOWS\system32\qurxqy.dll
2008-07-29 10:27:04 105472 --a------ C:\WINDOWS\system32\gswbrqfy.dll
2008-07-29 10:23:28 91648 --a------ C:\WINDOWS\system32\yceaburo.dll
2008-07-28 10:28:01 83456 --a------ C:\WINDOWS\system32\orobndxb.dll
2008-07-28 10:25:02 105472 --a------ C:\WINDOWS\system32\nnpdyn.dll
2008-07-28 10:25:01 105472 --a------ C:\WINDOWS\system32\jcmldtrw.dll
2008-07-28 10:22:01 91648 --a------ C:\WINDOWS\system32\xfskyqab.dll
2008-07-27 10:27:35 105472 --a------ C:\WINDOWS\system32\ymvyqa.dll
2008-07-27 10:27:34 105472 --a------ C:\WINDOWS\system32\utexaajs.dll
2008-07-27 10:24:34 83456 --a------ C:\WINDOWS\system32\rnqdvvoo.dll
2008-07-27 10:21:34 91648 --a------ C:\WINDOWS\system32\ysfbfrin.dll
2008-07-26 10:26:17 105472 --a------ C:\WINDOWS\system32\bychpl.dll
2008-07-26 10:26:15 105472 --a------ C:\WINDOWS\system32\bsbxevud.dll
2008-07-26 10:20:16 91648 --a------ C:\WINDOWS\system32\uervifyv.dll
2008-07-25 10:18:23 105472 --a------ C:\WINDOWS\system32\mgdstd.dll
2008-07-25 10:18:20 105472 --a------ C:\WINDOWS\system32\ryemkswc.dll
2008-07-25 10:18:12 91648 --a------ C:\WINDOWS\system32\curgkfmd.dll
2008-07-25 09:28:55 105472 --a------ C:\WINDOWS\system32\fixhkf.dll
2008-07-25 09:28:53 105472 --a------ C:\WINDOWS\system32\pdgmwmtu.dll
2008-07-25 09:26:58 83456 --a------ C:\WINDOWS\system32\dcbvyoqo.dll
2008-07-25 09:26:49 91648 --a------ C:\WINDOWS\system32\wqbscncv.dll
2008-07-24 23:04:21 105472 --a------ C:\WINDOWS\system32\bbrokz.dll
2008-07-24 23:04:19 105472 --a------ C:\WINDOWS\system32\xdahmoeq.dll
2008-07-24 23:01:25 83456 --a------ C:\WINDOWS\system32\ooohmmfy.dll
2008-07-24 23:01:16 91648 --a------ C:\WINDOWS\system32\cmrnsaix.dll
2008-07-23 23:00:52 83232 --a------ C:\WINDOWS\system32\levsfdkw.dll
2008-07-23 22:58:49 105312 --a------ C:\WINDOWS\system32\mqmsbr.dll
2008-07-23 22:58:47 105312 --a------ C:\WINDOWS\system32\fqiwvrfe.dll
2008-07-23 22:58:36 91456 --a------ C:\WINDOWS\system32\bsgxwdkf.dll
2008-07-23 22:57:52 748336 --ahs---- C:\WINDOWS\system32\Fhjkmnmp.ini2
2008-07-23 21:46:38 5637 --a------ C:\WINDOWS\system32\pmnoPfFU.dll
2008-07-23 20:46:43 5637 --a------ C:\WINDOWS\system32\fccdbCtq.dll
2008-07-23 19:02:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 18:46:47 0 d-------- C:\Program Files\CCleaner
2008-07-23 13:03:03 105312 --a------ C:\WINDOWS\system32\wetfuv.dll
2008-07-23 13:03:02 105312 --a------ C:\WINDOWS\system32\drrmqjow.dll
2008-07-22 13:02:56 105328 --a------ C:\WINDOWS\system32\oazgkh.dll
2008-07-22 13:02:54 105328 --a------ C:\WINDOWS\system32\txkbwcwx.dll
2008-07-22 12:59:54 83328 --a------ C:\WINDOWS\system32\odunlsin.dll
2008-07-22 12:56:55 91488 --a------ C:\WINDOWS\system32\fnupjcwk.dll
2008-07-21 13:00:41 81184 --a------ C:\WINDOWS\system32\gedlckrq.dll
2008-07-21 12:58:00 105280 --a------ C:\WINDOWS\system32\aqfamn.dll
2008-07-21 12:57:58 105280 --a------ C:\WINDOWS\system32\eqdaceoe.dll
2008-07-21 12:57:39 91440 --a------ C:\WINDOWS\system32\vcixauue.dll
2008-07-20 13:00:38 81216 --a------ C:\WINDOWS\system32\ywaccehv.dll
2008-07-20 12:57:40 105248 --a------ C:\WINDOWS\system32\cpuqlk.dll
2008-07-20 12:57:38 105248 --a------ C:\WINDOWS\system32\bidjwypl.dll
2008-07-20 12:54:46 91520 --a------ C:\WINDOWS\system32\ojtphhum.dll
2008-07-19 13:02:18 81264 --a------ C:\WINDOWS\system32\qqnpmtwl.dll
2008-07-19 12:59:19 105296 --a------ C:\WINDOWS\system32\vuopqd.dll
2008-07-19 12:59:18 105296 --a------ C:\WINDOWS\system32\uikdbiuv.dll
2008-07-19 12:56:18 91456 --a------ C:\WINDOWS\system32\eykotpxe.dll
2008-07-18 12:59:56 105328 --a------ C:\WINDOWS\system32\rssmep.dll
2008-07-18 12:59:54 105328 --a------ C:\WINDOWS\system32\awgfyqpv.dll
2008-07-18 12:54:11 81296 --a------ C:\WINDOWS\system32\mhslqjvy.dll
2008-07-18 12:53:59 91520 --a------ C:\WINDOWS\system32\tohuxjit.dll
2008-07-17 12:55:04 81216 --a------ C:\WINDOWS\system32\phlhgncs.dll
2008-07-17 12:53:32 105200 --a------ C:\WINDOWS\system32\ibhxqz.dll
2008-07-17 12:53:29 105200 --a------ C:\WINDOWS\system32\wxijaign.dll
2008-07-17 12:53:18 91440 --a------ C:\WINDOWS\system32\eyidxhrp.dll
2008-07-17 01:55:33 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-17 01:08:23 0 d-------- C:\Program Files\Bonjour
2008-07-17 00:38:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-16 13:00:06 105264 --a------ C:\WINDOWS\system32\vgqzzn.dll
2008-07-16 13:00:05 105264 --a------ C:\WINDOWS\system32\nfpxjsbv.dll
2008-07-16 12:57:05 81328 --a------ C:\WINDOWS\system32\ifdhkkgc.dll
2008-07-16 12:54:05 91440 --a------ C:\WINDOWS\system32\nsbommjq.dll
2008-07-15 12:56:00 105232 --a------ C:\WINDOWS\system32\kufpqy.dll
2008-07-15 12:55:58 105232 --a------ C:\WINDOWS\system32\ojysgjqe.dll
2008-07-15 12:52:58 91440 --a------ C:\WINDOWS\system32\dxlctetc.dll
2008-07-14 12:56:49 81168 --a------ C:\WINDOWS\system32\ixyjllhv.dll
2008-07-14 12:53:51 105264 --a------ C:\WINDOWS\system32\cttiza.dll
2008-07-14 12:53:49 105264 --a------ C:\WINDOWS\system32\uqgnjjce.dll
2008-07-14 12:50:51 90944 --a------ C:\WINDOWS\system32\iokfduny.dll
2008-07-13 12:58:16 105296 --a------ C:\WINDOWS\system32\bkoyxd.dll
2008-07-13 12:58:15 105296 --a------ C:\WINDOWS\system32\lpsekhjo.dll
2008-07-13 12:55:14 81152 --a------ C:\WINDOWS\system32\icgwerac.dll
2008-07-13 12:52:15 90928 --a------ C:\WINDOWS\system32\klkhuuli.dll
2008-07-12 12:52:38 105248 --a------ C:\WINDOWS\system32\ywuolh.dll
2008-07-12 12:52:36 105248 --a------ C:\WINDOWS\system32\jpbaswmw.dll
2008-07-12 12:49:54 81152 --a------ C:\WINDOWS\system32\volyslyu.dll
2008-07-12 12:49:37 90992 --a------ C:\WINDOWS\system32\mmfcckyi.dll
2008-07-11 12:55:38 105248 --a------ C:\WINDOWS\system32\bwznww.dll
2008-07-11 12:55:36 105248 --a------ C:\WINDOWS\system32\hbtbrphd.dll
2008-07-11 12:49:36 90928 --a------ C:\WINDOWS\system32\rfmmdvcp.dll
2008-07-10 12:52:15 105232 --a------ C:\WINDOWS\system32\jxmmgc.dll
2008-07-10 12:52:12 105232 --a------ C:\WINDOWS\system32\rjamjswh.dll
2008-07-10 12:49:12 90912 --a------ C:\WINDOWS\system32\ankncniv.dll
2008-07-09 12:52:13 105152 --a------ C:\WINDOWS\system32\vfkass.dll
2008-07-09 12:52:12 105152 --a------ C:\WINDOWS\system32\ugbkoidr.dll
2008-07-09 12:49:12 90816 --a------ C:\WINDOWS\system32\ylxpgqtg.dll
2008-07-08 21:37:08 105296 --a------ C:\WINDOWS\system32\gcocza.dll
2008-07-08 21:37:06 105296 --a------ C:\WINDOWS\system32\glkiuiqf.dll
2008-07-08 21:31:10 90880 --a------ C:\WINDOWS\system32\pcnujxbf.dll
2008-07-05 12:41:40 755826 --ahs---- C:\WINDOWS\system32\pAabeMoq.ini2
2008-07-05 12:36:26 25936 --a------ C:\WINDOWS\system32\pmnljHwt.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-23 22:15:50 0 d-------- C:\Program Files\Trend Micro
2008-07-23 20:33:59 0 d-------- C:\Program Files\Common Files
2008-07-20 20:54:00 0 d-------- C:\Documents and Settings\JJK\Application Data\Adobe
2008-07-17 01:08:18 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09F29470-4EB3-42D6-843D-1813FB43F739}]
08/03/2008 03:04 PM 314880 --a------ C:\WINDOWS\system32\mlJdaXqP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15fa1327-95fe-457e-a32e-b0fad01845ad}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30d50996-8181-4c07-b97a-2ecd08bc58fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{324F91A1-A4C7-4B67-AF00-661B88924BF5}]
C:\WINDOWS\system32\pmnmkjhF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E4DAA69-9D23-455C-A733-CFA6CDC0CAB6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8509581a-e9a5-4c1b-adf9-03444729c23b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92FECC1C-5C09-4828-A5E8-10EFC629B8EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a3905697-7ff4-400c-ac2a-1f4c8c82c19b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC43BC6-AE88-4232-8DB7-DA317F2E3748}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6EAE9D4-5BAB-4310-B8B9-855CFE1FFFBD}]
07/05/2008 12:36 PM 25936 --a------ C:\WINDOWS\system32\pmnljHwt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D548F9CD-4297-47CA-8AC7-B77172AD8B9D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eed22619-ebcb-4830-873f-1b93bcd03a28}]
08/03/2008 03:07 PM 114176 --a------ C:\WINDOWS\system32\bqwzhj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0A6E186-0760-4B75-8AE1-4750ACC11CBB}]
C:\WINDOWS\system32\qoMebaAp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/29/2005 06:47 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [09/28/2005 08:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [05/03/2005 09:35 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [11/10/2003 05:06 PM]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"BMa357b5a2"="C:\WINDOWS\system32\ceahfrlk.dll" [08/03/2008 03:05 PM]
"a064863e"="C:\WINDOWS\system32\ffhejyam.dll" [08/03/2008 03:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"kernel"="C:\Program Files\kernel\kernel.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/29/2005 8:10:09 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 6:06:54 PM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsybypru.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C6EAE9D4-5BAB-4310-B8B9-855CFE1FFFBD}"= C:\WINDOWS\system32\pmnljHwt.dll [07/05/2008 12:36 PM 25936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt]
pmnljHwt.dll 07/05/2008 12:36 PM 25936 C:\WINDOWS\system32\pmnljHwt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=jovahe.dll kazctr.dll bqwzhj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJdaXqP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-03 18:07:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 255.3 MiB / 66.79 MiB
Pagefile Memory (total/avail): 618.16 MiB / 284.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.62 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 57.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380013A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Trend Micro PC-cillin Internet Security (Firewall) v14 (Trend Micro, Inc.) Disabled
AV: Trend Micro PC-cillin Internet Security 2006 v14.00.1341 (Trend Micro, Inc.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Documents and Settings\\JJK\\Desktop\\MySpace Mp3 Gopher.exe"="C:\\Documents and Settings\\JJK\\Desktop\\MySpace Mp3 Gopher.exe:*:Enabled:MySpace Mp3 Gopher Application"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\JJK\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=J-IX2CPTR5WWOES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\JJK
LOGONSERVER=\\J-IX2CPTR5WWOES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JJK\LOCALS~1\Temp
TMP=C:\DOCUME~1\JJK\LOCALS~1\Temp
USERDOMAIN=J-IX2CPTR5WWOES
USERNAME=JJK
USERPROFILE=C:\Documents and Settings\JJK
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

JJK (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Backup Dell-Installed Programs --> MsiExec.exe /X{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}
Canon Camera Access Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B147DC1B-49B3-4368-8A01-5AD9992CD58D}
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E) --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\CPV\CPV8.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\CPV\"" /f
CPV --> cmd /C regsvr32 /u /s "C:\Program Files\Spcron\Spcron.dll" & reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron" /f & REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelOldFile /d "cmd.exe /C del /Q \"C:\Program Files\Spcron\"" /f
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Film Factory Lite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Game Maker 7.0 --> C:\Documents and Settings\JJK\Desktop\Uninstal.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Insider --> C:\Program Files\Insider\UnInstall.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
JavaCore --> C:\Program Files\JavaCore\UnInstall.exe
Magic Workstation 0.94f --> "C:\Program Files\Magic Workstation\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MTG GamePack for Magic Workstation --> "C:\Program Files\Magic Workstation\unins001.exe"
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NoDNS --> C:\Program Files\\NoDNS\\UnInstall.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL
PSP Max Media Manager --> "C:\Program Files\Datel\PSP Max Media Manager\unins000.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CD6580D1-7324-4EC3-88C0-3E509163FBD3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Svconr --> "C:\Program Files\Svconr\Svconr.exe" -uninstall
Trend Micro PC-cillin Internet Security 2006 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar --> C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Words --> C:\Program Files\Words\UnInstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type12233 / Error
Event Submitted/Written: 08/03/2008 05:57:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 8.5.1302.1018, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12232 / Error
Event Submitted/Written: 08/03/2008 03:41:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type12222 / Success
Event Submitted/Written: 08/03/2008 03:04:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12212 / Success
Event Submitted/Written: 08/03/2008 01:37:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12176 / Success
Event Submitted/Written: 08/02/2008 08:42:12 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15188 / Error
Event Submitted/Written: 08/03/2008 03:35:18 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type15179 / Error
Event Submitted/Written: 08/03/2008 03:03:11 PM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0013F72C6F35. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type15152 / Error
Event Submitted/Written: 08/03/2008 00:58:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type15114 / Error
Event Submitted/Written: 08/03/2008 00:44:50 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type15091 / Error
Event Submitted/Written: 08/03/2008 01:27:03 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-08-03 18:07:26 ------------

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 03 August 2008 - 07:16 PM

Hello ThaWhiteboy1691

Welcome to BleepingComputer :thumbsup:
========================
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

(Note:If the Recovery Console fails to install then do not proceed rather alert me and post back here we will continue)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 03 August 2008 - 08:59 PM

I got Combofix, got the Windows Recovery, rand it all according to instruction, and here is the Combofix log along with a new updated HijackThis log. I'm still having trouble getting my internet to actually come up, a problem that's been persisting quite awhile. I can get it to run properly by cancelling my explorer process [my explorer is down right now, even]. In order to get on the internet I often either have to do it with the explorer off or I must at least exit and rerun it. I haven't tried logging in to anything else yet, so I'm not sure if that problem persists or not. I still have popups as well. I await further instruction. Again, thanks for the help.

ComboFix 08-08-03.02 - JJK 2008-08-03 20:05:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.86 [GMT -5:00]
Running from: C:\Documents and Settings\JJK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JJK\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aolconnfix.exe
C:\aolconnfix.txt
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\JJK\Application Data\WinTouch
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.025c5c8c02bd703d185eeeee45d2e603
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.118bebec7c02460ece0cec722c9321e9
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.19d186d3748949f76bff77bf23029d75
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.4c0d3011ccd012945c51581a4d915a72
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.83623e9041a2709fac036520eb537389
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.a376f353bfda000231206a5ebc9bcf9e
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.d5c318832ed43c579c5d2d957f38cb71
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.d61369a1c10b3075eea44fba278eb928
C:\Documents and Settings\JJK\Application Data\WinTouch\config.cfg.e7f92c8cd079e107da5861ac4093b179
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\asembl~1
C:\Program Files\CPV
C:\Program Files\CPV\CPV8.dll.lzma
C:\Program Files\fnts~1
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Internet Explorer\profsybypru.html
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\NoDNS
C:\Program Files\NoDNS\NoDNS.exe
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\QdrDrive
C:\Program Files\Spcron
C:\Program Files\Spcron\Spcron.dll
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Temporary
C:\Program Files\Twain\Twain.exe
C:\Program Files\Windows NT\hokeso24418.dll
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b999.exe
C:\WINDOWS\BMa357b5a2.txt
C:\WINDOWS\BMa357b5a2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\pskt.ini
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\\asappsrv.dll
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\\command.exe
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\\m2c4M21MvAp3uJl5vE.vbs
C:\WINDOWS\Si5KLiBLbmVjaHRlbA\command.exe
C:\WINDOWS\system32\adnnwbdc.ini
C:\WINDOWS\system32\ankncniv.dll
C:\WINDOWS\system32\aqfamn.dll
C:\WINDOWS\system32\aquluavp.ini
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\awgfyqpv.dll
C:\WINDOWS\system32\bidjwypl.dll
C:\WINDOWS\system32\biektkjk.ini
C:\WINDOWS\system32\bkoyxd.dll
C:\WINDOWS\system32\bsgxwdkf.dll
C:\WINDOWS\system32\bwznww.dll
C:\WINDOWS\system32\bxdnboro.ini
C:\WINDOWS\system32\carewgci.ini
C:\WINDOWS\system32\cgkkhdfi.ini
C:\WINDOWS\system32\cmwpqbmq.ini
C:\WINDOWS\system32\cpuqlk.dll
C:\WINDOWS\system32\cttiza.dll
C:\WINDOWS\system32\drrmqjow.dll
C:\WINDOWS\system32\dxlctetc.dll
C:\WINDOWS\system32\earaaokg.ini
C:\WINDOWS\system32\eqdaceoe.dll
C:\WINDOWS\system32\eyidxhrp.dll
C:\WINDOWS\system32\eykotpxe.dll
C:\WINDOWS\system32\Fhjkmnmp.ini
C:\WINDOWS\system32\Fhjkmnmp.ini2
C:\WINDOWS\system32\fnupjcwk.dll
C:\WINDOWS\system32\fqiwvrfe.dll
C:\WINDOWS\system32\gcocza.dll
C:\WINDOWS\system32\gedlckrq.dll
C:\WINDOWS\system32\glkiuiqf.dll
C:\WINDOWS\system32\hbtbrphd.dll
C:\WINDOWS\system32\hmjqcejq.ini
C:\WINDOWS\system32\ibhxqz.dll
C:\WINDOWS\system32\icgwerac.dll
C:\WINDOWS\system32\ifdhkkgc.dll
C:\WINDOWS\system32\iokfduny.dll
C:\WINDOWS\system32\ixyjllhv.dll
C:\WINDOWS\system32\jpbaswmw.dll
C:\WINDOWS\system32\jxmmgc.dll
C:\WINDOWS\system32\klkhuuli.dll
C:\WINDOWS\system32\kufpqy.dll
C:\WINDOWS\system32\levsfdkw.dll
C:\WINDOWS\system32\lpsekhjo.dll
C:\WINDOWS\system32\lwtmpnqq.ini
C:\WINDOWS\system32\mayjehff.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhslqjvy.dll
C:\WINDOWS\system32\mlJdaXqP.dll
C:\WINDOWS\system32\mmfcckyi.dll
C:\WINDOWS\system32\mqeocsfw.ini
C:\WINDOWS\system32\mqmsbr.dll
C:\WINDOWS\system32\ndyxdgxe.ini
C:\WINDOWS\system32\nfpxjsbv.dll
C:\WINDOWS\system32\nislnudo.ini
C:\WINDOWS\system32\nsbommjq.dll
C:\WINDOWS\system32\oazgkh.dll
C:\WINDOWS\system32\odunlsin.dll
C:\WINDOWS\system32\ojtphhum.dll
C:\WINDOWS\system32\ojysgjqe.dll
C:\WINDOWS\system32\oovvdqnr.ini
C:\WINDOWS\system32\oqoyvbcd.ini
C:\WINDOWS\system32\pAabeMoq.ini
C:\WINDOWS\system32\pAabeMoq.ini2
C:\WINDOWS\system32\pcnujxbf.dll
C:\WINDOWS\system32\phlhgncs.dll
C:\WINDOWS\system32\pmnljHwt.dll
C:\WINDOWS\system32\PqXadJlm.ini
C:\WINDOWS\system32\PqXadJlm.ini2
C:\WINDOWS\system32\qfuhuuct.ini
C:\WINDOWS\system32\qqnpmtwl.dll
C:\WINDOWS\system32\qrkcldeg.ini
C:\WINDOWS\system32\qrsfxwld.ini
C:\WINDOWS\system32\rfmmdvcp.dll
C:\WINDOWS\system32\rjamjswh.dll
C:\WINDOWS\system32\rssmep.dll
C:\WINDOWS\system32\scnghlhp.ini
C:\WINDOWS\system32\ssbupvni.ini
C:\WINDOWS\system32\tohuxjit.dll
C:\WINDOWS\system32\txkbwcwx.dll
C:\WINDOWS\system32\txwcqpow.ini
C:\WINDOWS\system32\ugbkoidr.dll
C:\WINDOWS\system32\uikdbiuv.dll
C:\WINDOWS\system32\umeyhxvw.ini
C:\WINDOWS\system32\uqgnjjce.dll
C:\WINDOWS\system32\uylsylov.ini
C:\WINDOWS\system32\vcixauue.dll
C:\WINDOWS\system32\vfkass.dll
C:\WINDOWS\system32\vgqzzn.dll
C:\WINDOWS\system32\vheccawy.ini
C:\WINDOWS\system32\vhlljyxi.ini
C:\WINDOWS\system32\volyslyu.dll
C:\WINDOWS\system32\vuopqd.dll
C:\WINDOWS\system32\wetfuv.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wkdfsvel.ini
C:\WINDOWS\system32\wxijaign.dll
C:\WINDOWS\system32\yfmmhooo.ini
C:\WINDOWS\system32\ylxpgqtg.dll
C:\WINDOWS\system32\yvjqlshm.ini
C:\WINDOWS\system32\ywaccehv.dll
C:\WINDOWS\system32\ywuolh.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\tk68.exe
C:\WINDOWS\tsitra11.exe
C:\WINDOWS\ymbols~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService


((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 17:56 . 2008-08-03 17:56 <DIR> d-------- C:\Deckard
2008-08-03 15:10 . 2008-08-03 15:10 83,456 --a------ C:\WINDOWS\system32\ffhejyam.dll
2008-08-03 15:07 . 2008-08-03 15:07 114,176 --a------ C:\WINDOWS\system32\qrmqykjj.dll
2008-08-03 15:07 . 2008-08-03 15:07 114,176 --a------ C:\WINDOWS\system32\bqwzhj.dll
2008-08-03 15:05 . 2008-08-03 15:05 91,648 --a------ C:\WINDOWS\system32\ceahfrlk.dll
2008-08-03 01:26 . 2008-08-03 01:26 83,456 --a------ C:\WINDOWS\system32\wfscoeqm.dll
2008-08-02 20:41 . 2008-08-02 20:41 114,176 --a------ C:\WINDOWS\system32\uduwgvuo.dll
2008-08-02 20:41 . 2008-08-02 20:41 114,176 --a------ C:\WINDOWS\system32\kazctr.dll
2008-08-01 19:59 . 2008-08-01 19:59 114,176 --a------ C:\WINDOWS\system32\vmqloavq.dll
2008-08-01 19:59 . 2008-08-01 19:59 114,176 --a------ C:\WINDOWS\system32\jovahe.dll
2008-08-01 19:56 . 2008-08-01 19:56 83,456 --a------ C:\WINDOWS\system32\tcuuhufq.dll
2008-08-01 19:53 . 2008-08-01 19:53 91,648 --a------ C:\WINDOWS\system32\jbsbnufh.dll
2008-07-31 19:55 . 2008-07-31 19:55 105,472 --a------ C:\WINDOWS\system32\tyoefbjd.dll
2008-07-31 19:55 . 2008-07-31 19:55 105,472 --a------ C:\WINDOWS\system32\leclno.dll
2008-07-31 19:52 . 2008-07-31 19:52 83,456 --a------ C:\WINDOWS\system32\wopqcwxt.dll
2008-07-31 19:50 . 2008-07-31 19:50 91,648 --a------ C:\WINDOWS\system32\fbnfmisg.dll
2008-07-31 10:29 . 2008-07-31 10:29 83,456 --a------ C:\WINDOWS\system32\dlwxfsrq.dll
2008-07-31 10:26 . 2008-07-31 10:26 105,472 --a------ C:\WINDOWS\system32\siqqvory.dll
2008-07-31 10:26 . 2008-07-31 10:26 105,472 --a------ C:\WINDOWS\system32\cqxowu.dll
2008-07-31 10:23 . 2008-07-31 10:23 91,648 --a------ C:\WINDOWS\system32\pkdmlkmb.dll
2008-07-30 10:28 . 2008-07-30 10:28 83,456 --a------ C:\WINDOWS\system32\pvauluqa.dll
2008-07-30 10:25 . 2008-07-30 10:25 105,472 --a------ C:\WINDOWS\system32\lubosm.dll
2008-07-30 10:25 . 2008-07-30 10:25 105,472 --a------ C:\WINDOWS\system32\diwxchhb.dll
2008-07-30 10:22 . 2008-07-30 10:22 91,648 --a------ C:\WINDOWS\system32\ewijseox.dll
2008-07-29 10:29 . 2008-07-29 10:29 83,456 --a------ C:\WINDOWS\system32\qmbqpwmc.dll
2008-07-29 10:27 . 2008-07-29 10:27 105,472 --a------ C:\WINDOWS\system32\qurxqy.dll
2008-07-29 10:27 . 2008-07-29 10:27 105,472 --a------ C:\WINDOWS\system32\gswbrqfy.dll
2008-07-29 10:23 . 2008-07-29 10:23 91,648 --a------ C:\WINDOWS\system32\yceaburo.dll
2008-07-28 10:28 . 2008-07-28 10:28 83,456 --a------ C:\WINDOWS\system32\orobndxb.dll
2008-07-28 10:25 . 2008-07-28 10:25 105,472 --a------ C:\WINDOWS\system32\nnpdyn.dll
2008-07-28 10:25 . 2008-07-28 10:25 105,472 --a------ C:\WINDOWS\system32\jcmldtrw.dll
2008-07-28 10:22 . 2008-07-28 10:22 91,648 --a------ C:\WINDOWS\system32\xfskyqab.dll
2008-07-27 10:27 . 2008-07-27 10:27 105,472 --a------ C:\WINDOWS\system32\ymvyqa.dll
2008-07-27 10:27 . 2008-07-27 10:27 105,472 --a------ C:\WINDOWS\system32\utexaajs.dll
2008-07-27 10:24 . 2008-07-27 10:24 1,637,890 --ahs---- C:\WINDOWS\system32\biektkjk.tmp
2008-07-27 10:24 . 2008-07-27 10:24 83,456 --a------ C:\WINDOWS\system32\rnqdvvoo.dll
2008-07-27 10:21 . 2008-07-27 10:21 91,648 --a------ C:\WINDOWS\system32\ysfbfrin.dll
2008-07-26 10:26 . 2008-07-26 10:26 105,472 --a------ C:\WINDOWS\system32\bychpl.dll
2008-07-26 10:26 . 2008-07-26 10:26 105,472 --a------ C:\WINDOWS\system32\bsbxevud.dll
2008-07-26 10:20 . 2008-07-26 10:20 91,648 --a------ C:\WINDOWS\system32\uervifyv.dll
2008-07-25 10:18 . 2008-07-25 10:18 105,472 --a------ C:\WINDOWS\system32\ryemkswc.dll
2008-07-25 10:18 . 2008-07-25 10:18 105,472 --a------ C:\WINDOWS\system32\mgdstd.dll
2008-07-25 10:18 . 2008-07-25 10:18 91,648 --a------ C:\WINDOWS\system32\curgkfmd.dll
2008-07-25 09:28 . 2008-07-25 09:28 105,472 --a------ C:\WINDOWS\system32\pdgmwmtu.dll
2008-07-25 09:28 . 2008-07-25 09:28 105,472 --a------ C:\WINDOWS\system32\fixhkf.dll
2008-07-25 09:26 . 2008-07-25 09:26 91,648 --a------ C:\WINDOWS\system32\wqbscncv.dll
2008-07-25 09:26 . 2008-07-25 09:26 83,456 --a------ C:\WINDOWS\system32\dcbvyoqo.dll
2008-07-24 23:04 . 2008-07-24 23:04 105,472 --a------ C:\WINDOWS\system32\xdahmoeq.dll
2008-07-24 23:04 . 2008-07-24 23:04 105,472 --a------ C:\WINDOWS\system32\bbrokz.dll
2008-07-24 23:01 . 2008-07-24 23:01 91,648 --a------ C:\WINDOWS\system32\cmrnsaix.dll
2008-07-24 23:01 . 2008-07-24 23:01 83,456 --a------ C:\WINDOWS\system32\ooohmmfy.dll
2008-07-23 21:46 . 2008-07-23 21:46 5,637 --a------ C:\WINDOWS\system32\pmnoPfFU.dll
2008-07-23 20:46 . 2008-07-23 20:46 5,637 --a------ C:\WINDOWS\system32\fccdbCtq.dll
2008-07-23 20:34 . 2008-08-03 14:46 260 --a------ C:\WINDOWS\wininit.ini
2008-07-23 19:02 . 2008-07-23 19:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 19:02 . 2008-08-01 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 18:46 . 2008-07-23 18:46 <DIR> d-------- C:\Program Files\CCleaner
2008-07-23 13:00 . 2008-07-23 22:39 1,050 --ahs---- C:\WINDOWS\system32\wtwrreww.ini
2008-07-17 01:55 . 2008-07-17 01:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-17 01:08 . 2008-07-17 01:08 <DIR> d-------- C:\Program Files\Bonjour
2008-07-17 00:38 . 2008-07-17 00:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-16 13:53 . 2008-07-16 13:53 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-07-16 13:53 . 2008-07-16 13:53 0 --ah----- C:\WINDOWS\SwSys1.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 01:06 --------- d-----w C:\Program Files\Twain
2008-07-24 03:15 --------- d-----w C:\Program Files\Trend Micro
2008-07-19 18:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
2008-07-17 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2006-11-04 03:05 28,040 ----a-w C:\Documents and Settings\JJK\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eed22619-ebcb-4830-873f-1b93bcd03a28}]
2008-08-03 15:07 114176 --a------ C:\WINDOWS\system32\bqwzhj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-29 18:47 26112]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-09-28 08:07 897086]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"a064863e"="C:\WINDOWS\system32\ffhejyam.dll" [2008-08-03 15:10 83456]
"BMa357b5a2"="C:\WINDOWS\system32\ceahfrlk.dll" [2008-08-03 15:05 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-08-29 20:10:09 127488]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=jovahe.dll kazctr.dll bqwzhj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Documents and Settings\\JJK\\Desktop\\MySpace Mp3 Gopher.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:29]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{15fa1327-95fe-457e-a32e-b0fad01845ad} - (no file)
BHO-{30d50996-8181-4c07-b97a-2ecd08bc58fc} - (no file)
BHO-{324F91A1-A4C7-4B67-AF00-661B88924BF5} - C:\WINDOWS\system32\pmnmkjhF.dll
BHO-{7E4DAA69-9D23-455C-A733-CFA6CDC0CAB6} - (no file)
BHO-{8509581a-e9a5-4c1b-adf9-03444729c23b} - (no file)
BHO-{92FECC1C-5C09-4828-A5E8-10EFC629B8EB} - (no file)
BHO-{a3905697-7ff4-400c-ac2a-1f4c8c82c19b} - (no file)
BHO-{BCC43BC6-AE88-4232-8DB7-DA317F2E3748} - (no file)
BHO-{C6EAE9D4-5BAB-4310-B8B9-855CFE1FFFBD} - (no file)
BHO-{c8aa8da6-04b9-4200-a002-6dc5e847b3da} - (no file)
BHO-{D548F9CD-4297-47CA-8AC7-B77172AD8B9D} - (no file)
BHO-{F0A6E186-0760-4B75-8AE1-4750ACC11CBB} - C:\WINDOWS\system32\qoMebaAp.dll
HKCU-Run-kernel - C:\Program Files\kernel\kernel.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-PRISMSVR.EXE - C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g
HKLM-Run-PCLEUSBTip - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
HKU-Default-RunOnce-FlashPlayerUpdate - C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
Notify-pmnljHwt - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.myspace.com/
R0 -: HKLM-Main,Start Page = hxxp://www.comcast.net
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Search

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

- C:\WINDOWS\Downloaded Program Files\RhapX.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 20:29:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\BMa357b5a2.txt 73 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ffhejyam.dll
-> C:\WINDOWS\system32\ceahfrlk.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\c286b650f35378bdc0c45de56f787772\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-03 20:39:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 01:38:08

Pre-Run: 61,519,753,216 bytes free
Post-Run: 61,399,920,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

390 --- E O F --- 2008-05-16 21:17:24


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:59 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {82a30dcb-39b1-f378-0384-bcbe91622dee} - {eed22619-ebcb-4830-873f-1b93bcd03a28} - C:\WINDOWS\system32\bqwzhj.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a064863e] rundll32.exe "C:\WINDOWS\system32\ffhejyam.dll",b
O4 - HKLM\..\Run: [BMa357b5a2] Rundll32.exe "C:\WINDOWS\system32\ceahfrlk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: jovahe.dll kazctr.dll bqwzhj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7172 bytes

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 04 August 2008 - 02:42 AM

You have a very bad Vundo infection that actually targets WIndows Explorer and Internet Explorer so see if it helps to bring things back up to speed after doing the following:
=================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\WINDOWS\system32\ffhejyam.dll
C:\WINDOWS\system32\qrmqykjj.dll
C:\WINDOWS\system32\bqwzhj.dll
C:\WINDOWS\system32\ceahfrlk.dll
C:\WINDOWS\system32\wfscoeqm.dll
C:\WINDOWS\system32\uduwgvuo.dll
C:\WINDOWS\system32\kazctr.dll
C:\WINDOWS\system32\vmqloavq.dll
C:\WINDOWS\system32\jovahe.dll
C:\WINDOWS\system32\tcuuhufq.dll
C:\WINDOWS\system32\jbsbnufh.dll
C:\WINDOWS\system32\tyoefbjd.dll
C:\WINDOWS\system32\leclno.dll
C:\WINDOWS\system32\wopqcwxt.dll
C:\WINDOWS\system32\fbnfmisg.dll
C:\WINDOWS\system32\dlwxfsrq.dll
C:\WINDOWS\system32\siqqvory.dll
C:\WINDOWS\system32\cqxowu.dll
C:\WINDOWS\system32\pkdmlkmb.dll
C:\WINDOWS\system32\pvauluqa.dll
C:\WINDOWS\system32\lubosm.dll
C:\WINDOWS\system32\diwxchhb.dll
C:\WINDOWS\system32\ewijseox.dll
C:\WINDOWS\system32\qmbqpwmc.dll
C:\WINDOWS\system32\qurxqy.dll
C:\WINDOWS\system32\gswbrqfy.dll
C:\WINDOWS\system32\yceaburo.dll
C:\WINDOWS\system32\orobndxb.dll
C:\WINDOWS\system32\nnpdyn.dll
C:\WINDOWS\system32\jcmldtrw.dll
C:\WINDOWS\system32\xfskyqab.dll
C:\WINDOWS\system32\ymvyqa.dll
C:\WINDOWS\system32\utexaajs.dll
C:\WINDOWS\system32\biektkjk.tmp
C:\WINDOWS\system32\rnqdvvoo.dll
C:\WINDOWS\system32\ysfbfrin.dll
C:\WINDOWS\system32\bychpl.dll
C:\WINDOWS\system32\bsbxevud.dll
C:\WINDOWS\system32\uervifyv.dll
C:\WINDOWS\system32\ryemkswc.dll
C:\WINDOWS\system32\mgdstd.dll
C:\WINDOWS\system32\curgkfmd.dll
C:\WINDOWS\system32\pdgmwmtu.dll
C:\WINDOWS\system32\fixhkf.dll
C:\WINDOWS\system32\wqbscncv.dll
C:\WINDOWS\system32\dcbvyoqo.dll
C:\WINDOWS\system32\xdahmoeq.dll
C:\WINDOWS\system32\bbrokz.dll
C:\WINDOWS\system32\cmrnsaix.dll
C:\WINDOWS\system32\ooohmmfy.dll
C:\WINDOWS\system32\pmnoPfFU.dll
C:\WINDOWS\system32\fccdbCtq.dll
C:\WINDOWS\system32\wtwrreww.ini
C:\WINDOWS\SwSys2.bmp
C:\WINDOWS\SwSys1.bmp
C:\WINDOWS\system32\ffhejyam.dll
C:\WINDOWS\system32\ceahfrlk.dll
Rootkit::
C:\WINDOWS\BMa357b5a2.txt
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eed22619-ebcb-4830-873f-1b93bcd03a28}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"a064863e"=-
"BMa357b5a2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
Folder::
C:\Program Files\Viewpoint
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 August 2008 - 06:57 AM

Problems logging into sites no longer persist, the computer now runs overall 100% better, but I'm not knowledgeable enough to know if that indicates a real problem solved or anything, so here are the results of another Combofix run and HijackThis scan.


ComboFix 08-08-03.02 - JJK 2008-08-04 6:32:31.2 - NTFSx86
Running from: C:\Documents and Settings\JJK\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JJK\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa357b5a2.txt
C:\WINDOWS\BMa357b5a2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mayjehff.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-03 20:41 . 2008-08-03 20:48 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-03 17:56 . 2008-08-03 17:56 <DIR> d-------- C:\Deckard
2008-08-03 15:10 . 2008-08-03 15:10 83,456 --a------ C:\WINDOWS\system32\ffhejyam.dll
2008-08-03 15:07 . 2008-08-03 15:07 114,176 --a------ C:\WINDOWS\system32\qrmqykjj.dll
2008-08-03 15:07 . 2008-08-03 15:07 114,176 --a------ C:\WINDOWS\system32\bqwzhj.dll
2008-08-03 15:05 . 2008-08-03 15:05 91,648 --a------ C:\WINDOWS\system32\ceahfrlk.dll
2008-08-03 01:26 . 2008-08-03 01:26 83,456 --a------ C:\WINDOWS\system32\wfscoeqm.dll
2008-08-02 20:41 . 2008-08-02 20:41 114,176 --a------ C:\WINDOWS\system32\uduwgvuo.dll
2008-08-02 20:41 . 2008-08-02 20:41 114,176 --a------ C:\WINDOWS\system32\kazctr.dll
2008-08-01 19:59 . 2008-08-01 19:59 114,176 --a------ C:\WINDOWS\system32\vmqloavq.dll
2008-08-01 19:59 . 2008-08-01 19:59 114,176 --a------ C:\WINDOWS\system32\jovahe.dll
2008-08-01 19:56 . 2008-08-01 19:56 83,456 --a------ C:\WINDOWS\system32\tcuuhufq.dll
2008-08-01 19:53 . 2008-08-01 19:53 91,648 --a------ C:\WINDOWS\system32\jbsbnufh.dll
2008-07-31 19:55 . 2008-07-31 19:55 105,472 --a------ C:\WINDOWS\system32\tyoefbjd.dll
2008-07-31 19:55 . 2008-07-31 19:55 105,472 --a------ C:\WINDOWS\system32\leclno.dll
2008-07-31 19:52 . 2008-07-31 19:52 83,456 --a------ C:\WINDOWS\system32\wopqcwxt.dll
2008-07-31 19:50 . 2008-07-31 19:50 91,648 --a------ C:\WINDOWS\system32\fbnfmisg.dll
2008-07-31 10:29 . 2008-07-31 10:29 83,456 --a------ C:\WINDOWS\system32\dlwxfsrq.dll
2008-07-31 10:26 . 2008-07-31 10:26 105,472 --a------ C:\WINDOWS\system32\siqqvory.dll
2008-07-31 10:26 . 2008-07-31 10:26 105,472 --a------ C:\WINDOWS\system32\cqxowu.dll
2008-07-31 10:23 . 2008-07-31 10:23 91,648 --a------ C:\WINDOWS\system32\pkdmlkmb.dll
2008-07-30 10:28 . 2008-07-30 10:28 83,456 --a------ C:\WINDOWS\system32\pvauluqa.dll
2008-07-30 10:25 . 2008-07-30 10:25 105,472 --a------ C:\WINDOWS\system32\lubosm.dll
2008-07-30 10:25 . 2008-07-30 10:25 105,472 --a------ C:\WINDOWS\system32\diwxchhb.dll
2008-07-30 10:22 . 2008-07-30 10:22 91,648 --a------ C:\WINDOWS\system32\ewijseox.dll
2008-07-29 10:29 . 2008-07-29 10:29 83,456 --a------ C:\WINDOWS\system32\qmbqpwmc.dll
2008-07-29 10:27 . 2008-07-29 10:27 105,472 --a------ C:\WINDOWS\system32\qurxqy.dll
2008-07-29 10:27 . 2008-07-29 10:27 105,472 --a------ C:\WINDOWS\system32\gswbrqfy.dll
2008-07-29 10:23 . 2008-07-29 10:23 91,648 --a------ C:\WINDOWS\system32\yceaburo.dll
2008-07-28 10:28 . 2008-07-28 10:28 83,456 --a------ C:\WINDOWS\system32\orobndxb.dll
2008-07-28 10:25 . 2008-07-28 10:25 105,472 --a------ C:\WINDOWS\system32\nnpdyn.dll
2008-07-28 10:25 . 2008-07-28 10:25 105,472 --a------ C:\WINDOWS\system32\jcmldtrw.dll
2008-07-28 10:22 . 2008-07-28 10:22 91,648 --a------ C:\WINDOWS\system32\xfskyqab.dll
2008-07-27 10:27 . 2008-07-27 10:27 105,472 --a------ C:\WINDOWS\system32\ymvyqa.dll
2008-07-27 10:27 . 2008-07-27 10:27 105,472 --a------ C:\WINDOWS\system32\utexaajs.dll
2008-07-27 10:24 . 2008-07-27 10:24 1,637,890 --ahs---- C:\WINDOWS\system32\biektkjk.tmp
2008-07-27 10:24 . 2008-07-27 10:24 83,456 --a------ C:\WINDOWS\system32\rnqdvvoo.dll
2008-07-27 10:21 . 2008-07-27 10:21 91,648 --a------ C:\WINDOWS\system32\ysfbfrin.dll
2008-07-26 10:26 . 2008-07-26 10:26 105,472 --a------ C:\WINDOWS\system32\bychpl.dll
2008-07-26 10:26 . 2008-07-26 10:26 105,472 --a------ C:\WINDOWS\system32\bsbxevud.dll
2008-07-26 10:20 . 2008-07-26 10:20 91,648 --a------ C:\WINDOWS\system32\uervifyv.dll
2008-07-25 10:18 . 2008-07-25 10:18 105,472 --a------ C:\WINDOWS\system32\ryemkswc.dll
2008-07-25 10:18 . 2008-07-25 10:18 105,472 --a------ C:\WINDOWS\system32\mgdstd.dll
2008-07-25 10:18 . 2008-07-25 10:18 91,648 --a------ C:\WINDOWS\system32\curgkfmd.dll
2008-07-25 09:28 . 2008-07-25 09:28 105,472 --a------ C:\WINDOWS\system32\pdgmwmtu.dll
2008-07-25 09:28 . 2008-07-25 09:28 105,472 --a------ C:\WINDOWS\system32\fixhkf.dll
2008-07-25 09:26 . 2008-07-25 09:26 91,648 --a------ C:\WINDOWS\system32\wqbscncv.dll
2008-07-25 09:26 . 2008-07-25 09:26 83,456 --a------ C:\WINDOWS\system32\dcbvyoqo.dll
2008-07-24 23:04 . 2008-07-24 23:04 105,472 --a------ C:\WINDOWS\system32\xdahmoeq.dll
2008-07-24 23:04 . 2008-07-24 23:04 105,472 --a------ C:\WINDOWS\system32\bbrokz.dll
2008-07-24 23:01 . 2008-07-24 23:01 91,648 --a------ C:\WINDOWS\system32\cmrnsaix.dll
2008-07-24 23:01 . 2008-07-24 23:01 83,456 --a------ C:\WINDOWS\system32\ooohmmfy.dll
2008-07-23 21:46 . 2008-07-23 21:46 5,637 --a------ C:\WINDOWS\system32\pmnoPfFU.dll
2008-07-23 20:46 . 2008-07-23 20:46 5,637 --a------ C:\WINDOWS\system32\fccdbCtq.dll
2008-07-23 20:34 . 2008-08-03 14:46 260 --a------ C:\WINDOWS\wininit.ini
2008-07-23 19:02 . 2008-07-23 19:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 19:02 . 2008-08-01 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 18:46 . 2008-07-23 18:46 <DIR> d-------- C:\Program Files\CCleaner
2008-07-23 13:00 . 2008-07-23 22:39 1,050 --ahs---- C:\WINDOWS\system32\wtwrreww.ini
2008-07-17 01:55 . 2008-07-17 01:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-17 01:08 . 2008-07-17 01:08 <DIR> d-------- C:\Program Files\Bonjour
2008-07-17 00:38 . 2008-07-17 00:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-16 13:53 . 2008-07-16 13:53 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-07-16 13:53 . 2008-07-16 13:53 0 --ah----- C:\WINDOWS\SwSys1.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 01:06 --------- d-----w C:\Program Files\Twain
2008-07-24 03:15 --------- d-----w C:\Program Files\Trend Micro
2008-07-19 18:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\COMCASTTOOLBAR
2008-07-17 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2006-11-04 03:05 28,040 ----a-w C:\Documents and Settings\JJK\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-08-03_20.36.57.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2008-03-25 00:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 23:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-13 13:10:50 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-26 11:59:50 294,912 -c----w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-07-16 01:09:59 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-08-04 02:43:38 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 23:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-09-25 23:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-08-29 18:47 26112]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34 24576]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52 331830]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-09-28 08:07 897086]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 02:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-08-29 20:10:09 127488]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Documents and Settings\\JJK\\Desktop\\MySpace Mp3 Gopher.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:29]
R3 SMC2862W;SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter Driver;C:\WINDOWS\system32\DRIVERS\2862WICB.sys [2005-11-15 22:16]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{15fa1327-95fe-457e-a32e-b0fad01845ad} - (no file)
BHO-{30d50996-8181-4c07-b97a-2ecd08bc58fc} - (no file)
BHO-{324F91A1-A4C7-4B67-AF00-661B88924BF5} - (no file)
BHO-{7E4DAA69-9D23-455C-A733-CFA6CDC0CAB6} - (no file)
BHO-{8509581a-e9a5-4c1b-adf9-03444729c23b} - (no file)
BHO-{92FECC1C-5C09-4828-A5E8-10EFC629B8EB} - (no file)
BHO-{a3905697-7ff4-400c-ac2a-1f4c8c82c19b} - (no file)
BHO-{BCC43BC6-AE88-4232-8DB7-DA317F2E3748} - (no file)
BHO-{C6EAE9D4-5BAB-4310-B8B9-855CFE1FFFBD} - (no file)
BHO-{c8aa8da6-04b9-4200-a002-6dc5e847b3da} - (no file)
BHO-{D548F9CD-4297-47CA-8AC7-B77172AD8B9D} - (no file)
BHO-{eed22619-ebcb-4830-873f-1b93bcd03a28} - (no file)
BHO-{F0A6E186-0760-4B75-8AE1-4750ACC11CBB} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 06:38:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-04 6:45:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 11:44:54
ComboFix2.txt 2008-08-04 01:39:11

Pre-Run: 61,279,887,360 bytes free
Post-Run: 61,274,128,384 bytes free

378 --- E O F --- 2008-08-04 01:48:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:46 AM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: pmnljHwt - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6579 bytes

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 04 August 2008 - 06:19 PM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ffhejyam.dll
    C:\WINDOWS\system32\qrmqykjj.dll
    C:\WINDOWS\system32\bqwzhj.dll
    C:\WINDOWS\system32\ceahfrlk.dll
    C:\WINDOWS\system32\wfscoeqm.dll
    C:\WINDOWS\system32\uduwgvuo.dll
    C:\WINDOWS\system32\kazctr.dll
    C:\WINDOWS\system32\vmqloavq.dll
    C:\WINDOWS\system32\jovahe.dll
    C:\WINDOWS\system32\tcuuhufq.dll
    C:\WINDOWS\system32\jbsbnufh.dll
    C:\WINDOWS\system32\tyoefbjd.dll
    C:\WINDOWS\system32\leclno.dll
    C:\WINDOWS\system32\wopqcwxt.dll
    C:\WINDOWS\system32\fbnfmisg.dll
    C:\WINDOWS\system32\dlwxfsrq.dll
    C:\WINDOWS\system32\siqqvory.dll
    C:\WINDOWS\system32\cqxowu.dll
    C:\WINDOWS\system32\pkdmlkmb.dll
    C:\WINDOWS\system32\pvauluqa.dll
    C:\WINDOWS\system32\lubosm.dll
    C:\WINDOWS\system32\diwxchhb.dll
    C:\WINDOWS\system32\ewijseox.dll
    C:\WINDOWS\system32\qmbqpwmc.dll
    C:\WINDOWS\system32\qurxqy.dll
    C:\WINDOWS\system32\gswbrqfy.dll
    C:\WINDOWS\system32\yceaburo.dll
    C:\WINDOWS\system32\orobndxb.dll
    C:\WINDOWS\system32\nnpdyn.dll
    C:\WINDOWS\system32\jcmldtrw.dll
    C:\WINDOWS\system32\xfskyqab.dll
    C:\WINDOWS\system32\ymvyqa.dll
    C:\WINDOWS\system32\utexaajs.dll
    C:\WINDOWS\system32\biektkjk.tmp
    C:\WINDOWS\system32\rnqdvvoo.dll
    C:\WINDOWS\system32\ysfbfrin.dll
    C:\WINDOWS\system32\bychpl.dll
    C:\WINDOWS\system32\bsbxevud.dll
    C:\WINDOWS\system32\uervifyv.dll
    C:\WINDOWS\system32\ryemkswc.dll
    C:\WINDOWS\system32\mgdstd.dll
    C:\WINDOWS\system32\curgkfmd.dll
    C:\WINDOWS\system32\pdgmwmtu.dll
    C:\WINDOWS\system32\fixhkf.dll
    C:\WINDOWS\system32\wqbscncv.dll
    C:\WINDOWS\system32\dcbvyoqo.dll
    C:\WINDOWS\system32\xdahmoeq.dll
    C:\WINDOWS\system32\bbrokz.dll
    C:\WINDOWS\system32\cmrnsaix.dll
    C:\WINDOWS\system32\ooohmmfy.dll
    C:\WINDOWS\system32\pmnoPfFU.dll
    C:\WINDOWS\system32\fccdbCtq.dll
    C:\WINDOWS\system32\wtwrreww.ini
    C:\WINDOWS\SwSys2.bmp
    C:\WINDOWS\SwSys1.bmp
    C:\WINDOWS\system32\ffhejyam.dll
    C:\WINDOWS\system32\ceahfrlk.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===================================================
Please post these logs in your next reply:
Ot Move it log
Mbam log
New dss log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 August 2008 - 09:11 PM

Downloaded and ran everything according to instruction. Here are the requested logs in order: OTMoveIt!, MBAM, DSS.


DllUnregisterServer procedure not found in C:\WINDOWS\system32\ffhejyam.dll
C:\WINDOWS\system32\ffhejyam.dll NOT unregistered.
C:\WINDOWS\system32\ffhejyam.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qrmqykjj.dll
C:\WINDOWS\system32\qrmqykjj.dll NOT unregistered.
C:\WINDOWS\system32\qrmqykjj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bqwzhj.dll
C:\WINDOWS\system32\bqwzhj.dll NOT unregistered.
C:\WINDOWS\system32\bqwzhj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ceahfrlk.dll
C:\WINDOWS\system32\ceahfrlk.dll NOT unregistered.
C:\WINDOWS\system32\ceahfrlk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wfscoeqm.dll
C:\WINDOWS\system32\wfscoeqm.dll NOT unregistered.
C:\WINDOWS\system32\wfscoeqm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uduwgvuo.dll
C:\WINDOWS\system32\uduwgvuo.dll NOT unregistered.
C:\WINDOWS\system32\uduwgvuo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kazctr.dll
C:\WINDOWS\system32\kazctr.dll NOT unregistered.
C:\WINDOWS\system32\kazctr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vmqloavq.dll
C:\WINDOWS\system32\vmqloavq.dll NOT unregistered.
C:\WINDOWS\system32\vmqloavq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jovahe.dll
C:\WINDOWS\system32\jovahe.dll NOT unregistered.
C:\WINDOWS\system32\jovahe.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tcuuhufq.dll
C:\WINDOWS\system32\tcuuhufq.dll NOT unregistered.
C:\WINDOWS\system32\tcuuhufq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jbsbnufh.dll
C:\WINDOWS\system32\jbsbnufh.dll NOT unregistered.
C:\WINDOWS\system32\jbsbnufh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tyoefbjd.dll
C:\WINDOWS\system32\tyoefbjd.dll NOT unregistered.
C:\WINDOWS\system32\tyoefbjd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\leclno.dll
C:\WINDOWS\system32\leclno.dll NOT unregistered.
C:\WINDOWS\system32\leclno.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wopqcwxt.dll
C:\WINDOWS\system32\wopqcwxt.dll NOT unregistered.
C:\WINDOWS\system32\wopqcwxt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fbnfmisg.dll
C:\WINDOWS\system32\fbnfmisg.dll NOT unregistered.
C:\WINDOWS\system32\fbnfmisg.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dlwxfsrq.dll
C:\WINDOWS\system32\dlwxfsrq.dll NOT unregistered.
C:\WINDOWS\system32\dlwxfsrq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\siqqvory.dll
C:\WINDOWS\system32\siqqvory.dll NOT unregistered.
C:\WINDOWS\system32\siqqvory.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cqxowu.dll
C:\WINDOWS\system32\cqxowu.dll NOT unregistered.
C:\WINDOWS\system32\cqxowu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pkdmlkmb.dll
C:\WINDOWS\system32\pkdmlkmb.dll NOT unregistered.
C:\WINDOWS\system32\pkdmlkmb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pvauluqa.dll
C:\WINDOWS\system32\pvauluqa.dll NOT unregistered.
C:\WINDOWS\system32\pvauluqa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lubosm.dll
C:\WINDOWS\system32\lubosm.dll NOT unregistered.
C:\WINDOWS\system32\lubosm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\diwxchhb.dll
C:\WINDOWS\system32\diwxchhb.dll NOT unregistered.
C:\WINDOWS\system32\diwxchhb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ewijseox.dll
C:\WINDOWS\system32\ewijseox.dll NOT unregistered.
C:\WINDOWS\system32\ewijseox.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qmbqpwmc.dll
C:\WINDOWS\system32\qmbqpwmc.dll NOT unregistered.
C:\WINDOWS\system32\qmbqpwmc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qurxqy.dll
C:\WINDOWS\system32\qurxqy.dll NOT unregistered.
C:\WINDOWS\system32\qurxqy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gswbrqfy.dll
C:\WINDOWS\system32\gswbrqfy.dll NOT unregistered.
C:\WINDOWS\system32\gswbrqfy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yceaburo.dll
C:\WINDOWS\system32\yceaburo.dll NOT unregistered.
C:\WINDOWS\system32\yceaburo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\orobndxb.dll
C:\WINDOWS\system32\orobndxb.dll NOT unregistered.
C:\WINDOWS\system32\orobndxb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnpdyn.dll
C:\WINDOWS\system32\nnpdyn.dll NOT unregistered.
C:\WINDOWS\system32\nnpdyn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jcmldtrw.dll
C:\WINDOWS\system32\jcmldtrw.dll NOT unregistered.
C:\WINDOWS\system32\jcmldtrw.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xfskyqab.dll
C:\WINDOWS\system32\xfskyqab.dll NOT unregistered.
C:\WINDOWS\system32\xfskyqab.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ymvyqa.dll
C:\WINDOWS\system32\ymvyqa.dll NOT unregistered.
C:\WINDOWS\system32\ymvyqa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\utexaajs.dll
C:\WINDOWS\system32\utexaajs.dll NOT unregistered.
C:\WINDOWS\system32\utexaajs.dll moved successfully.
C:\WINDOWS\system32\biektkjk.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rnqdvvoo.dll
C:\WINDOWS\system32\rnqdvvoo.dll NOT unregistered.
C:\WINDOWS\system32\rnqdvvoo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ysfbfrin.dll
C:\WINDOWS\system32\ysfbfrin.dll NOT unregistered.
C:\WINDOWS\system32\ysfbfrin.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bychpl.dll
C:\WINDOWS\system32\bychpl.dll NOT unregistered.
C:\WINDOWS\system32\bychpl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bsbxevud.dll
C:\WINDOWS\system32\bsbxevud.dll NOT unregistered.
C:\WINDOWS\system32\bsbxevud.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uervifyv.dll
C:\WINDOWS\system32\uervifyv.dll NOT unregistered.
C:\WINDOWS\system32\uervifyv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ryemkswc.dll
C:\WINDOWS\system32\ryemkswc.dll NOT unregistered.
C:\WINDOWS\system32\ryemkswc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mgdstd.dll
C:\WINDOWS\system32\mgdstd.dll NOT unregistered.
C:\WINDOWS\system32\mgdstd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\curgkfmd.dll
C:\WINDOWS\system32\curgkfmd.dll NOT unregistered.
C:\WINDOWS\system32\curgkfmd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pdgmwmtu.dll
C:\WINDOWS\system32\pdgmwmtu.dll NOT unregistered.
C:\WINDOWS\system32\pdgmwmtu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fixhkf.dll
C:\WINDOWS\system32\fixhkf.dll NOT unregistered.
C:\WINDOWS\system32\fixhkf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wqbscncv.dll
C:\WINDOWS\system32\wqbscncv.dll NOT unregistered.
C:\WINDOWS\system32\wqbscncv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dcbvyoqo.dll
C:\WINDOWS\system32\dcbvyoqo.dll NOT unregistered.
C:\WINDOWS\system32\dcbvyoqo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xdahmoeq.dll
C:\WINDOWS\system32\xdahmoeq.dll NOT unregistered.
C:\WINDOWS\system32\xdahmoeq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bbrokz.dll
C:\WINDOWS\system32\bbrokz.dll NOT unregistered.
C:\WINDOWS\system32\bbrokz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cmrnsaix.dll
C:\WINDOWS\system32\cmrnsaix.dll NOT unregistered.
C:\WINDOWS\system32\cmrnsaix.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ooohmmfy.dll
C:\WINDOWS\system32\ooohmmfy.dll NOT unregistered.
C:\WINDOWS\system32\ooohmmfy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\pmnoPfFU.dll
C:\WINDOWS\system32\pmnoPfFU.dll NOT unregistered.
C:\WINDOWS\system32\pmnoPfFU.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\fccdbCtq.dll
C:\WINDOWS\system32\fccdbCtq.dll NOT unregistered.
C:\WINDOWS\system32\fccdbCtq.dll moved successfully.
C:\WINDOWS\system32\wtwrreww.ini moved successfully.
C:\WINDOWS\SwSys2.bmp moved successfully.
C:\WINDOWS\SwSys1.bmp moved successfully.
File/Folder C:\WINDOWS\system32\ffhejyam.dll not found.
File/Folder C:\WINDOWS\system32\ceahfrlk.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08042008_205342


Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

9:05:35 PM 8/4/2008
mbam-log-8-4-2008 (21-05-35).txt

Scan type: Quick Scan
Objects scanned: 40672
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\POTA777444.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu11.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\tsitra72.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\16A.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\356.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\357.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\358.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\A0.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\BE.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\BF.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\C0.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave151.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave243.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave265.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave763.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave77.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\lavumave999.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\JJK\Application Data\Microsoft\Windows\rayiou.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\A1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\A3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\A7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.


Deckard's System Scanner v20071014.68
Run by JJK on 2008-08-04 21:07:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as JJK.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:56 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\JJK\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JJK.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6648 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 20:57:14 0 d-------- C:\Documents and Settings\JJK\Application Data\Malwarebytes
2008-08-04 20:57:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 20:57:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 07:10:59 0 d-------- C:\Documents and Settings\JJK\Application Data\Mozilla
2008-08-03 20:04:39 0 d-------- C:\cmdcons
2008-08-03 19:55:57 68096 --a------ C:\WINDOWS\zip.exe
2008-08-03 19:55:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-03 19:55:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-03 19:55:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-03 19:55:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-03 19:55:57 98816 --a------ C:\WINDOWS\sed.exe
2008-08-03 19:55:57 80412 --a------ C:\WINDOWS\grep.exe
2008-08-03 19:55:57 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 22:04:16 0 dr-h----- C:\Documents and Settings\JJK\Recent
2008-07-23 19:02:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 18:46:47 0 d-------- C:\Program Files\CCleaner
2008-07-17 01:55:33 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-17 01:08:23 0 d-------- C:\Program Files\Bonjour
2008-07-17 00:38:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-08-04 06:34:51 0 d-------- C:\Program Files\Common Files
2008-08-03 20:20:09 0 d-------- C:\Program Files\Windows NT
2008-07-23 22:15:50 0 d-------- C:\Program Files\Trend Micro
2008-07-20 20:54:00 0 d-------- C:\Documents and Settings\JJK\Application Data\Adobe
2008-07-17 01:08:18 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/29/2005 06:47 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [09/28/2005 08:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [11/10/2003 05:06 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/29/2005 8:10:09 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 6:06:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-08-04 21:08:27 ------------

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 04 August 2008 - 09:24 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 05 August 2008 - 05:00 PM

I picked up and ran the ATF Cleaner, but the link you provided to download the Kaspersky Scanner is not working for some reason. Is there another way I could access/download it?

Edited by ThaWhiteboy1691, 05 August 2008 - 05:00 PM.


#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 05 August 2008 - 06:33 PM

Seems to be working fro me see if you can try it again and let me know if that does not work.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 06 August 2008 - 01:12 AM

I tried once more on my Firefox broswer and then again on my Internet Explorer. Firefox times out after attempting to load the page, and Internet Explorer says that the Webpage cannot be displayed.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 06 August 2008 - 03:24 AM

Ok do the following then:

Please click here to download AVRT by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

[1.] System Memory
[2.] Startup Objects
[3.] Disk Boot Sectors.
[4.] My Computer.
[5.] Also any other drives (Removable that you may have)

  • Then click on Scan ath the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left unneutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 06 August 2008 - 11:25 PM

Alright, done. Here is the "Detected" section of the requested log.


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Small.gvr File: C:\16B.tmp
deleted: Trojan program Trojan-Downloader.Win32.Small.gll File: C:\170.tmp//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Small.gks File: C:\A2.tmp//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.TSUpdate.l File: C:\Program Files\Common Files\rufi\rufia.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.TSUpdate.r File: C:\Program Files\Common Files\rufi\rufil.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.TSUpdate.n File: C:\Program Files\Common Files\rufi\rufim.exe//UPX
deleted: Trojan program Trojan-Downloader.Win32.TSUpdate.f File: C:\Program Files\Common Files\rufi\rufip.exe//UPX
deleted: adware not-a-virus:AdWare.Win32.TTC.e File: C:\Program Files\Online Services\mypoxyza777444.dll
deleted: adware not-a-virus:AdWare.Win32.TTC.d File: C:\Program Files\Online Services\mypoxyza821058.dll
deleted: adware not-a-virus:AdWare.Win32.TTC.c File: C:\Program Files\WindowsUpdate\hory77798.exe
deleted: adware not-a-virus:AdWare.Win32.Insider.b File: C:\QooBox\Quarantine\C\Program Files\JavaCore\JavaCore.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Delf.gda File: C:\QooBox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir
deleted: adware not-a-virus:AdWare.Win32.Rond.f File: C:\QooBox\Quarantine\C\Program Files\Svconr\Svconr.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Agent.nft File: C:\QooBox\Quarantine\C\Program Files\Twain\Twain.exe.vir
deleted: adware not-a-virus:AdWare.Win32.TTC.a File: C:\QooBox\Quarantine\C\Program Files\Windows NT\hokeso24418.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Agent.aaq File: C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir
deleted: adware not-a-virus:AdWare.Win32.Agent.tj File: C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Small.buy File: C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir//stream//data0002//UPX
deleted: adware not-a-virus:AdWare.Win32.Mostofate.u File: C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir//stream//data0004
deleted: Trojan program Trojan-Downloader.Win32.Agent.ofz File: C:\QooBox\Quarantine\C\WINDOWS\b999.exe.vir
deleted: Trojan program Trojan.Win32.BHO.ab File: C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir
deleted: Trojan program Trojan.Win32.BHO.ab File: C:\QooBox\Quarantine\C\WINDOWS\tk68.exe.vir
deleted: Trojan program Trojan-Downloader.Win32.Agent.enr File: C:\QooBox\Quarantine\C\WINDOWS\tsitra11.exe.vir//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\QooBox\Quarantine\C\WINDOWS\Si5KLiBLbmVjaHRlbA\asappsrv.dll.vir//UPX
deleted: adware not-a-virus:AdWare.Win32.CommAd.a File: C:\QooBox\Quarantine\C\WINDOWS\Si5KLiBLbmVjaHRlbA\command.exe.vir//UPX
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yyr File: C:\QooBox\Quarantine\C\WINDOWS\system32\ankncniv.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxq File: C:\QooBox\Quarantine\C\WINDOWS\system32\bidjwypl.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cff File: C:\QooBox\Quarantine\C\WINDOWS\system32\bkoyxd.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqh File: C:\QooBox\Quarantine\C\WINDOWS\system32\bwznww.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxq File: C:\QooBox\Quarantine\C\WINDOWS\system32\cpuqlk.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxk File: C:\QooBox\Quarantine\C\WINDOWS\system32\cttiza.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxl File: C:\QooBox\Quarantine\C\WINDOWS\system32\drrmqjow.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxl File: C:\QooBox\Quarantine\C\WINDOWS\system32\fqiwvrfe.dll.vir
deleted: Trojan program Trojan.Win32.Agent.udn File: C:\QooBox\Quarantine\C\WINDOWS\system32\gcocza.dll.vir
deleted: Trojan program Trojan.Win32.Monder.blz File: C:\QooBox\Quarantine\C\WINDOWS\system32\gedlckrq.dll.vir
deleted: Trojan program Trojan.Win32.Agent.udn File: C:\QooBox\Quarantine\C\WINDOWS\system32\glkiuiqf.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqh File: C:\QooBox\Quarantine\C\WINDOWS\system32\hbtbrphd.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.adnp File: C:\QooBox\Quarantine\C\WINDOWS\system32\ifdhkkgc.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aekx File: C:\QooBox\Quarantine\C\WINDOWS\system32\iokfduny.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqi File: C:\QooBox\Quarantine\C\WINDOWS\system32\jpbaswmw.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqf File: C:\QooBox\Quarantine\C\WINDOWS\system32\jxmmgc.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.abmp File: C:\QooBox\Quarantine\C\WINDOWS\system32\klkhuuli.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cff File: C:\QooBox\Quarantine\C\WINDOWS\system32\lpsekhjo.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqm File: C:\QooBox\Quarantine\C\WINDOWS\system32\mmfcckyi.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxl File: C:\QooBox\Quarantine\C\WINDOWS\system32\mqmsbr.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aawg File: C:\QooBox\Quarantine\C\WINDOWS\system32\nsbommjq.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aama File: C:\QooBox\Quarantine\C\WINDOWS\system32\pcnujxbf.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bql File: C:\QooBox\Quarantine\C\WINDOWS\system32\rfmmdvcp.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqf File: C:\QooBox\Quarantine\C\WINDOWS\system32\rjamjswh.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqg File: C:\QooBox\Quarantine\C\WINDOWS\system32\ugbkoidr.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxk File: C:\QooBox\Quarantine\C\WINDOWS\system32\uqgnjjce.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqg File: C:\QooBox\Quarantine\C\WINDOWS\system32\vfkass.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bxl File: C:\QooBox\Quarantine\C\WINDOWS\system32\wetfuv.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Mirar.r File: C:\QooBox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqj File: C:\QooBox\Quarantine\C\WINDOWS\system32\ylxpgqtg.dll.vir
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.abet File: C:\QooBox\Quarantine\C\WINDOWS\system32\ywaccehv.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bqi File: C:\QooBox\Quarantine\C\WINDOWS\system32\ywuolh.dll.vir
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bwg File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\bbrokz.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cap File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\bqwzhj.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.yys File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\cmrnsaix.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.byt File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\cqxowu.dll
deleted: Trojan program Trojan.Win32.Monder.bss File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\dcbvyoqo.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bwd File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\diwxchhb.dll
deleted: Trojan program Trojan.Win32.Monder.brq File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\dlwxfsrq.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aejo File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\ewijseox.dll
deleted: Trojan program Trojan.Win32.Monder.cev File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\ffhejyam.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bty File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\fixhkf.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.buv File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\gswbrqfy.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bzs File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\jovahe.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cap File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\kazctr.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.byt File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\leclno.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bwd File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\lubosm.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bty File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\mgdstd.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bty File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\pdgmwmtu.dll
deleted: Trojan program Trojan.Win32.Monder.bho File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\pvauluqa.dll
deleted: Trojan program Trojan.Win32.Monder.bdp File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\qmbqpwmc.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cap File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\qrmqykjj.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.buv File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\qurxqy.dll
deleted: Trojan program Trojan.Win32.Monder.bvd File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\rnqdvvoo.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bty File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\ryemkswc.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.byt File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\siqqvory.dll
deleted: Trojan program Trojan.Win32.Monder.byj File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\tcuuhufq.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.byt File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\tyoefbjd.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.cap File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\uduwgvuo.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bzj File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\utexaajs.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bzs File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\vmqloavq.dll
deleted: Trojan program Trojan.Win32.Monder.cev File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\wfscoeqm.dll
deleted: Trojan program Trojan.Win32.Monder.brq File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\wopqcwxt.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bwg File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\xdahmoeq.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aejn File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\yceaburo.dll
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.bzj File: C:\_OTMoveIt\MovedFiles\08042008_205342\WINDOWS\system32\ymvyqa.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.aerg

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:31 PM

Posted 07 August 2008 - 04:51 AM

You can open the Kaspersky folder on your desktop and choose the uninstall file double click it and it will remove it.

Then can you post a new Dss log?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 ThaWhiteboy1691

ThaWhiteboy1691
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 08 August 2008 - 12:51 AM

The requested DSS log.


Deckard's System Scanner v20071014.68
Run by JJK on 2008-08-08 00:36:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as JJK.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:04 AM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\JJK\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JJK.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: pmnljHwt - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 6771 bytes

-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-04 20:57:14 0 d-------- C:\Documents and Settings\JJK\Application Data\Malwarebytes
2008-08-04 20:57:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 20:57:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 07:10:59 0 d-------- C:\Documents and Settings\JJK\Application Data\Mozilla
2008-08-03 20:04:39 0 d-------- C:\cmdcons
2008-08-03 19:55:57 68096 --a------ C:\WINDOWS\zip.exe
2008-08-03 19:55:57 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-03 19:55:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-03 19:55:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-03 19:55:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-03 19:55:57 98816 --a------ C:\WINDOWS\sed.exe
2008-08-03 19:55:57 80412 --a------ C:\WINDOWS\grep.exe
2008-08-03 19:55:57 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 22:04:16 0 dr-h----- C:\Documents and Settings\JJK\Recent
2008-07-23 19:02:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 18:46:47 0 d-------- C:\Program Files\CCleaner
2008-07-17 01:55:33 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-17 01:08:23 0 d-------- C:\Program Files\Bonjour
2008-07-17 00:38:58 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-08-06 22:49:06 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-06 22:49:05 0 d-------- C:\Program Files\Online Services
2008-08-06 22:49:00 0 d-------- C:\Program Files\Common Files\rufi
2008-08-04 06:34:51 0 d-------- C:\Program Files\Common Files
2008-08-03 20:20:09 0 d-------- C:\Program Files\Windows NT
2008-07-23 22:15:50 0 d-------- C:\Program Files\Trend Micro
2008-07-20 20:54:00 0 d-------- C:\Documents and Settings\JJK\Application Data\Adobe
2008-07-17 01:08:18 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/29/2005 06:47 PM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [09/28/2005 08:07 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [11/10/2003 05:06 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [8/29/2005 8:10:09 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 6:06:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljHwt]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnkCommon Startup




-- End of Deckard's System Scanner: finished at 2008-08-08 00:37:39 ------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users