Thread: Computer is slow, popups, the usual problems....
View Single Post
Old 01-15-2008, 08:42 PM   #1 (permalink)
jbjlabs
Registered User
 
Join Date: Jan 2008
Posts: 3
OS: Windows XP


Computer is slow, popups, the usual problems....
The computer is slow, i get popups, and i have trouble using IE....

My HijackThis Log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-15 18:48:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-01-16 02:49:36 UTC - RP676 - Deckard's System Scanner Restore Point
60: 2008-01-15 23:34:40 UTC - RP675 - Software Distribution Service 3.0
59: 2008-01-14 04:32:06 UTC - RP674 - Software Distribution Service 3.0
58: 2008-01-13 11:01:13 UTC - RP673 - Software Distribution Service 3.0
57: 2008-01-12 11:01:07 UTC - RP672 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-17 20:11:30 UTC - RP616 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:07 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MalwareCrush\MalwareCrush.exe
C:\Program Files\MalwareCrush\MalwareCrush.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.0.0.2 www.i-dress-up.com
O1 - Hosts: 127.0.0.3 www.myspace.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A378F3F-74AF-4498-BCC7-90BE524C91A4} - (no file)
O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - (no file)
O2 - BHO: (no name) - {0DAC115D-B330-40BF-BE99-23204F12AF6B} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1A6189CC-167A-4690-AAA8-A8B5873078BE} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - (no file)
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Cxwdtoel\jzjjzukd.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {30F2A7AF-C2A6-4EF1-8E05-493AFA54EB39} - (no file)
O2 - BHO: (no name) - {37B5E3EE-94D6-4856-9BDF-E7550CF68DFF} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {3858FD99-F346-485F-B43D-F1BB1D394899} - (no file)
O2 - BHO: (no name) - {3FD390E8-2B59-49AF-8E67-FAB7C66D6434} - (no file)
O2 - BHO: (no name) - {445F383E-9CA4-42B7-96C8-DA36229C6AED} - (no file)
O2 - BHO: (no name) - {483AD3A8-6658-4C6E-AD0E-AE9C56BA0A74} - (no file)
O2 - BHO: (no name) - {498811B9-1DEF-40CF-82D1-DE95EDD72613} - (no file)
O2 - BHO: (no name) - {4AA93B29-C17F-42B9-B02B-3EAC735A0A15} - (no file)
O2 - BHO: (no name) - {4C3256D7-26F9-4866-9B5C-38509E3453C2} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53400F30-2EB4-49F8-B5BC-32360B4188CC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {54DE180D-E453-42FD-B2B3-2308F0D140ED} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\efcbbaw.dll (file missing)
O2 - BHO: (no name) - {6904ECAF-CD52-4057-BAFF-50ACC943E62C} - (no file)
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\urqqrrp.dll (file missing)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {700D8A59-F3A5-4A6F-B970-CFAAE02784E1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\jkkkjgg.dll (file missing)
O2 - BHO: (no name) - {88778AF4-B8BE-4468-8297-D129CB780F73} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\scgjacba.dll (file missing)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: (no name) - {92F10A62-C829-4B59-B0F7-6E4F48E1B794} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A5D99987-5B79-4B11-A5D6-F7F46808711D} - (no file)
O2 - BHO: (no name) - {AFD0CBBF-B05F-4D11-A1D1-EB8E37F809A2} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {B6F05979-9DCB-4A61-AB9D-98D91D4C1E02} - (no file)
O2 - BHO: (no name) - {B8973C24-A494-FA17-B35D-8A8A41827EC0} - (no file)
O2 - BHO: (no name) - {C008E07F-37A4-45D8-A044-0BB64B960D89} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - (no file)
O2 - BHO: (no name) - {CAB39BFE-C31E-496C-AFBC-048D788938CB} - (no file)
O2 - BHO: (no name) - {CCC1AF4F-7D77-403A-AFF2-338A00662E27} - (no file)
O2 - BHO: (no name) - {CE7F98C3-2511-4B49-9730-4B9F260A81F1} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DA76427D-800E-42BB-B104-41694FE66434} - (no file)
O2 - BHO: (no name) - {DB652A31-2468-4DD7-AF9F-501376EE2CF3} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {DD257673-E03A-4210-9261-9FABA2EE630C} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {DE33D2B5-CA4D-4F33-BCC7-83C3C3AB248B} - (no file)
O2 - BHO: (no name) - {E245D31A-F1FF-4AF8-A1A7-68695C433BC3} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {E2CD2C26-731B-4F20-A93B-F365769F9307} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v6.dll (file missing)
O2 - BHO: (no name) - {F123C548-2D9D-4953-B09D-642EB6700CAF} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {F1973DC9-5B9F-4ACB-8D05-67B49184D0B5} - (no file)
O2 - BHO: (no name) - {F1A882CC-E18C-4FE1-94C3-CA713606DEBE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {F26D1B6C-0A7F-47E1-92FC-1F518171532D} - (no file)
O2 - BHO: (no name) - {F2C4BBAB-FD1A-49F9-AC86-7E227A24647C} - (no file)
O2 - BHO: (no name) - {F4FCCB75-A7AF-47AC-BF53-28FF135EE591} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {F750FBF8-AF96-42C7-A817-042E95264EAB} - (no file)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\rqrppqr.dll
O2 - BHO: (no name) - {FF8FB66C-94C1-4A32-B29D-A11F20832A48} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [whmlglkl] rundll32.exe "C:\Program Files\rczclens\twxidyfc.dll",Init
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\cwibesci.dll",sitypnow
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [yhihmhov] rundll32.exe "C:\Program Files\yhihmhov\ivubwtyj.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win198.tmp.exe
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlur.dll,startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srbhteoe] C:\WINDOWS\a?sembly\l?***.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games2.gamefools.com/onlinega...ylomplayer.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: nslookup.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: ddcyvsr - ddcyvsr.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\
O20 - Winlogon Notify: efcbbaw - efcbbaw.dll (file missing)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: jkkkjgg - jkkkjgg.dll (file missing)
O20 - Winlogon Notify: ljjjjge - ljjjjge.dll (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\
O20 - Winlogon Notify: opnkkli - opnkkli.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: rqrppqr - C:\WINDOWS\SYSTEM32\rqrppqr.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: tuvssst - tuvssst.dll (file missing)
O20 - Winlogon Notify: tuvstqo - tuvstqo.dll (file missing)
O20 - Winlogon Notify: urqqrrp - urqqrrp.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O20 - Winlogon Notify: vtutr - C:\WINDOWS\
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\
O20 - Winlogon Notify: winveg32 - winveg32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 17382 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 Secdfu (USB DFU Device) - c:\windows\system32\drivers\secdfu.sys <Not Verified; Apple Computer Inc; SECDFU>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 UMWdf (Windows User Mode Driver Framework) - c:\windows\system32\wdfmgr.exe (file missing)
S2 WANMiniportService (WAN Miniport (ATW) Service) - "c:\windows\wanmpsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 12:31:24 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-15 18:53:09 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:34:01 0 d-------- C:\ie-spyad_zo
2008-01-15 18:30:11 0 d-------- C:\Program Files\SpywareBlaster
2008-01-15 16:34:24 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-15 16:12:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 16:12:06 0 d-------- C:\WINDOWS\LastGood
2008-01-15 15:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-15 15:41:08 0 d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-14 22:24:52 328224 --a------ C:\WINDOWS\system32\gebyw.dll
2008-01-14 21:26:29 328224 --a------ C:\WINDOWS\system32\awvvt.dll
2008-01-14 20:25:04 328224 --a------ C:\WINDOWS\system32\ddabc.dll
2008-01-14 19:24:53 328224 --a------ C:\WINDOWS\system32\awtqp.dll
2008-01-14 18:24:14 328224 --a------ C:\WINDOWS\system32\mljgh.dll
2008-01-14 17:24:24 328224 --a------ C:\WINDOWS\system32\awvtt.dll
2008-01-14 16:24:14 328224 --a------ C:\WINDOWS\system32\jkkjk.dll
2008-01-14 15:25:26 328224 --a------ C:\WINDOWS\system32\awtst.dll
2008-01-13 20:30:12 328224 --a------ C:\WINDOWS\system32\geebx.dll
2008-01-13 18:30:08 328224 --a------ C:\WINDOWS\system32\vtsts.dll
2008-01-13 17:30:07 328224 --a------ C:\WINDOWS\system32\gebcy.dll
2008-01-13 16:29:52 328224 --a------ C:\WINDOWS\system32\awvts.dll
2008-01-12 16:55:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-12 12:50:31 27540 --a------ C:\WINDOWS\system32\awtsp.dll
2008-01-11 10:29:15 0 d-------- C:\Program Files\MalwareCrush
2008-01-11 10:27:51 145 --a------ C:\WINDOWS\system32\winver.bat
2008-01-11 10:27:23 39424 --a------ C:\WINDOWS\system32\rqrppqr.dll
2008-01-08 16:21:40 0 d-------- C:\Program Files\AOL Games
2008-01-08 0155 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-06 00:53:53 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-01-06 00:53:41 0 d-------- C:\Program Files\Alcohol Soft
2008-01-06 00:37:41 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 00:30:23 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-01-05 22:44:42 0 d-------- C:\PS1
2008-01-05 22:21:47 0 d-------- C:\SNES
2008-01-05 22:21:36 0 d-------- C:\docs
2007-12-28 20:46:45 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-12-28 20:44:05 0 d-------- C:\Program Files\VideoLAN
2007-12-26 21:36:59 0 d-------- C:\Program Files\Apple Software Update
2007-12-26 20:58:16 13184 --a------ C:\WINDOWS\system32\drivers\Secdfu.sys <Not Verified; Apple Computer Inc; SECDFU>
2007-12-22 13:50:28 0 d-------- C:\Documents and Settings\All Users\Application Data\ESPN
2007-12-22 12:21:22 15360 --a------ C:\WINDOWS\system32\drvlurr.dll
2007-12-22 12:21:22 102912 --a------ C:\WINDOWS\system32\drvlur.dll
2007-12-16 17:32:02 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-01-15 17:29:46 0 d-------- C:\Program Files\iTunes
2008-01-15 16:04:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-01-15 15:22:55 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-05 22:21:38 594432 --a------ C:\zsnesw.exe
2007-12-27 09:28:20 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-12-26 21:45:09 0 d-------- C:\Program Files\iPod
2007-12-26 21:41:30 0 d-------- C:\Program Files\QuickTime
2007-12-24 18:37:31 0 d-------- C:\Program Files\Common Files
2007-12-18 23:32:37 0 d-------- C:\Program Files\Fashion Fits
2007-12-18 23:32:26 0 d-------- C:\Program Files\GameFiesta
2007-12-15 17:27:58 0 d-------- C:\Program Files\TVUPlayer <TVUPLA~1>
2007-12-15 17:27:33 0 d-------- C:\Documents and Settings\Owner\Application Data\TVU Networks
2007-12-10 20:09:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
2007-12-09 16:15:53 0 d-------- C:\Program Files\SecCenter
2007-12-09 16:15:52 0 d-------- C:\Program Files\MalwareAlarm
2007-12-09 16:15:52 0 d-------- C:\Program Files\E404DHelper
2007-12-09 16:15:52 0 d-------- C:\Program Files\E404 Helper
2007-12-04 00:29:49 441638 --ahs---- C:\WINDOWS\system32\qtvwa.ini2
2007-12-03 19:51:13 0 d-------- C:\Program Files\PokerStars.NET
2007-12-03 19:07:21 0 d-------- C:\Documents and Settings\Owner\Application Data\FinalBurner .ISO
2007-12-03 1925 0 d-------- C:\Program Files\FinalBurner
2007-12-03 18:53:46 6939 --ahs---- C:\WINDOWS\system32\qtvwa.bak2
2007-11-23 16:22:54 471804 --ahs---- C:\WINDOWS\system32\qtvwa.bak1
2007-11-21 01:55:00 6513 --ahs---- C:\WINDOWS\system32\bbeeg.bak1
2007-11-20 10:54:06 6513 --ahs---- C:\WINDOWS\system32\svvwa.bak1
2007-11-20 10:35:10 439298 --ahs---- C:\WINDOWS\system32\ihhkj.bak2
2007-11-20 10:33:24 321 --ahs---- C:\WINDOWS\system32\npqss.ini2
2007-11-19 14:15:52 6513 --ahs---- C:\WINDOWS\system32\npqss.bak1
2007-11-18 17:56:12 6513 --ahs---- C:\WINDOWS\system32\ihhkj.bak1
2007-11-18 17:48:43 15360 --a------ C:\WINDOWS\system32\drvruxr.dll
2007-11-18 14:09:06 467065 --ahs---- C:\WINDOWS\system32\nnnmp.bak1
2007-11-17 14:08:44 438918 --ahs---- C:\WINDOWS\system32\nnnmp.bak2
2007-11-15 09:44:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-15 09:23:05 15360 --a------ C:\WINDOWS\system32\drvtacr.dll
2007-10-31 19:07:56 6473 --ahs---- C:\WINDOWS\system32\ststv.bak1
2007-10-31 19:01:45 1149576 --a------ C:\Install
2007-10-15 17:05:23 695393 --ahs---- C:\WINDOWS\system32\kjjlm.ini2
2007-10-15 02:51:35 691161 --ahs---- C:\WINDOWS\system32\kjjlm.bak1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A378F3F-74AF-4498-BCC7-90BE524C91A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CD75D10-0BD8-48D1-9F41-76BAAFCEE734}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DAC115D-B330-40BF-BE99-23204F12AF6B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A6189CC-167A-4690-AAA8-A8B5873078BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
C:\Program Files\Cxwdtoel\jzjjzukd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F2A7AF-C2A6-4EF1-8E05-493AFA54EB39}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37B5E3EE-94D6-4856-9BDF-E7550CF68DFF}]
01/13/2008 06:30 PM 328224 --a------ C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3858FD99-F346-485F-B43D-F1BB1D394899}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FD390E8-2B59-49AF-8E67-FAB7C66D6434}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{445F383E-9CA4-42B7-96C8-DA36229C6AED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{483AD3A8-6658-4C6E-AD0E-AE9C56BA0A74}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{498811B9-1DEF-40CF-82D1-DE95EDD72613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA93B29-C17F-42B9-B02B-3EAC735A0A15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C3256D7-26F9-4866-9B5C-38509E3453C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53400F30-2EB4-49F8-B5BC-32360B4188CC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE180D-E453-42FD-B2B3-2308F0D140ED}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
C:\WINDOWS\system32\efcbbaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6904ECAF-CD52-4057-BAFF-50ACC943E62C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA3809C-6261-456F-8FCA-43FE39ADC5E9}]
C:\WINDOWS\system32\urqqrrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{700D8A59-F3A5-4A6F-B970-CFAAE02784E1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
C:\WINDOWS\system32\jkkkjgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88778AF4-B8BE-4468-8297-D129CB780F73}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
C:\WINDOWS\system32\scgjacba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92F10A62-C829-4B59-B0F7-6E4F48E1B794}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5D99987-5B79-4B11-A5D6-F7F46808711D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFD0CBBF-B05F-4D11-A1D1-EB8E37F809A2}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6F05979-9DCB-4A61-AB9D-98D91D4C1E02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8973C24-A494-FA17-B35D-8A8A41827EC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C008E07F-37A4-45D8-A044-0BB64B960D89}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAB39BFE-C31E-496C-AFBC-048D788938CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCC1AF4F-7D77-403A-AFF2-338A00662E27}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7F98C3-2511-4B49-9730-4B9F260A81F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF}]
C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA76427D-800E-42BB-B104-41694FE66434}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB652A31-2468-4DD7-AF9F-501376EE2CF3}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD257673-E03A-4210-9261-9FABA2EE630C}]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE33D2B5-CA4D-4F33-BCC7-83C3C3AB248B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E245D31A-F1FF-4AF8-A1A7-68695C433BC3}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2CD2C26-731B-4F20-A93B-F365769F9307}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v6.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F123C548-2D9D-4953-B09D-642EB6700CAF}]
C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1973DC9-5B9F-4ACB-8D05-67B49184D0B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1A882CC-E18C-4FE1-94C3-CA713606DEBE}]
C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F26D1B6C-0A7F-47E1-92FC-1F518171532D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C4BBAB-FD1A-49F9-AC86-7E227A24647C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4FCCB75-A7AF-47AC-BF53-28FF135EE591}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F750FBF8-AF96-42C7-A817-042E95264EAB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}]
01/11/2008 10:27 AM 39424 --a------ C:\WINDOWS\system32\rqrppqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF8FB66C-94C1-4A32-B29D-A11F20832A48}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 04:50 PM]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 07:13 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 09:29 AM]
"AlcxMonitor"="ALCXMNTR.EXE" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 01:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"whmlglkl"="C:\Program Files\rczclens\twxidyfc.dll" []
"SearchIndexer"="C:\WINDOWS\system32\cwibesci.dll" []
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" []
"yhihmhov"="C:\Program Files\yhihmhov\ivubwtyj.dll" []
"SC2"="C:\Program Files\SecCenter\scprot4.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"avp"="C:\WINDOWS\TEMP\win198.tmp.exe" []
"HP OfficeJet T Series"="C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" [09/25/2001 12:08 PM]
"CTDrive"="C:\WINDOWS\system32\drvlur.dll" [12/22/2007 12:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 12:04 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Srbhteoe"="C:\WINDOWS\a?sembly\l?***.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 07:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"Wallpaper"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\jkkkjgg.dll [ ]
"{B72CA17C-742C-4E70-ABF6-B3AF3EE1CFCE}"= C:\WINDOWS\system32\ddcyvsr.dll [ ]
"{183807B8-BC07-48A2-8DAD-ABC96FA6C7A8}"= C:\WINDOWS\system32\opnkkli.dll [ ]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\efcbbaw.dll [ ]
"{6AA3809C-6261-456F-8FCA-43FE39ADC5E9}"= C:\WINDOWS\system32\urqqrrp.dll [ ]
"{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}"= C:\WINDOWS\system32\rqrppqr.dll [01/11/2008 10:27 AM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyvsr]
ddcyvsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbbaw]
efcbbaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjgg]
jkkkjgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjge]
ljjjjge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkli]
opnkkli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrppqr]
rqrppqr.dll 01/11/2008 10:27 AM 39424 C:\WINDOWS\system32\rqrppqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvssst]
tuvssst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvstqo]
tuvstqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqrrp]
urqqrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winveg32]
winveg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=nslookup.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\gebya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a71624-9eab-11db-9bcc-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad1eec6-6a02-11da-9927-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c0c778-76cf-11dc-9d51-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86655c8-9782-11db-9bb6-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - HYHTYKLBBQLJ
*Newly Created Service* - PXARK
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\nusrmgr.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.2 www.i-dress-up.com
127.0.0.3 www.myspace.com


-- End of Deckard's System Scanner: finished at 2008-01-15 18:58:10 ------------

I ran a panda scan, the results are attached


Ugh malicious software is so annoying....
Attached Files
File Type: txt extra.txt (15.3 KB, 0 views)
File Type: txt Activescan.txt (46.0 KB, 0 views)
jbjlabs is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here