Thread: Unknown processes, mrofinu572.exe, scanregw.exe, help!!
View Single Post
Old 01-28-2008, 04:27 AM   #1 (permalink)
jrtech
Registered User
 
Join Date: Jan 2008
Posts: 5
OS: Windows Xp


Unknown processes, mrofinu572.exe, scanregw.exe, help!!
My IE is constantly opening itself when i don't even use it. I've used many cleansing programs to no success. Here is my log:

Deckard's System Scanner v20071014.68
Run by Junior on 2008-01-28 02:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-01-28 10:43:12 UTC - RP788 - Deckard's System Scanner Restore Point
95: 2008-01-28 08:09:17 UTC - RP787 - Installed Dell Support Center.
94: 2008-01-28 07:18:47 UTC - RP786 - Made by Registry Mechanic
93: 2008-01-28 07:18:34 UTC - RP785 - Made by Registry Mechanic
92: 2008-01-28 07:01:27 UTC - RP784 - Restore Operation


-- First Restore Point --
1: 2008-01-28 01:21:54 UTC - RP693 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Junior.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:22 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\mrofinu572.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\FNTS~1\wuaclt.exe
C:\WINDOWS\system32\?racle\s?anregw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Junior\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Junior.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {089d8004-de81-4857-a552-6671d923870a} - (no file)
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {433BD534-6885-2305-F8CD-66A395FAF8BA} - C:\WINDOWS\system32\bmtl.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)
O2 - BHO: (no name) - {979C18FB-35A3-4D70-9E77-AD4EDD119904} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\opnlkjh.dll
O2 - BHO: (no name) - {99291725-7939-455B-ACEC-387508DE1AAD} - C:\Program Files\Online Services\vizykinu4444.dll
O2 - BHO: (no name) - {A41B291B-987E-4954-B1FD-9E722BEA6178} - C:\Program Files\Online Services\vizykinu83122.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 0 - {C225521C-2913-49C5-26A0-AE19F8B84E68} - (no file)
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\iihhfe.dll",forkonce
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\FNTS~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: ialcap - ialcap.dll (file missing)
O20 - Winlogon Notify: opnlkjh - C:\WINDOWS\SYSTEM32\opnlkjh.dll
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\
O21 - SSODL: itNvUfnoPKDSkA - {04EE4652-AE44-ECF8-7E0E-53444C0D25FB} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Service (INSY) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\dirto.html

--
End of file - 11547 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mcdd - c:\windows\system32\drivers\mcdd.sys

S1 EXAMPLE - c:\windows\system32\main.sys (file missing)
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 driverpp (Plug and Play Support Driver) - c:\windows\system32\msdrives\driverpp.sys (file missing)
S2 windev-73db-d83 - c:\windows\system32\windev-73db-d83.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 NDnet1 - c:\windows\system32\ksys.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\qwerty12.exe /service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 INSY (Security Service) - c:\windows\system32\svcd\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-27 23:28:06 272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-01-27 23:28:04 394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-01-26 09:21:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-28 02:46:22 0 d-------- C:\Program Files\Trend Micro
2008-01-28 01:24:37 0 d-------- C:\Program Files\SpywareBlaster
2008-01-28 00:56:56 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-28 00:41:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-28 00:41:21 0 d-------- C:\WINDOWS\LastGood
2008-01-28 00:15:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 00:14:13 0 d-------- C:\Program Files\Dell Support Center
2008-01-28 00:14:12 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-28 00:05:17 0 dr-h----- C:\Documents and Settings\Junior\Recent
2008-01-27 23:34:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 23:27:54 0 d-------- C:\Program Files\Uniblue
2008-01-27 23:12:40 0 d-------- C:\Documents and Settings\Junior\Application Data\Uniblue
2008-01-27 23:02:10 0 d-------- C:\Documents and Settings\Junior\Application Data\PC Tools
2008-01-27 23:02:09 0 d-------- C:\Program Files\Spyware Doctor
2008-01-27 20:38:34 49647 --ahs---- C:\WINDOWS\system32\ghhkj.ini2
2008-01-27 18:40:06 1040384 --a------ C:\Documents and Settings\Guest\ntuser.dat
2008-01-27 18:40:06 1306624 --a------ C:\Documents and Settings\Genesis\ntuser.dat
2008-01-27 18:40:06 696320 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-01-27 18:40:05 11272192 --a------ C:\Documents and Settings\Junior\ntuser.dat
2008-01-27 18:34:19 0 d-------- C:\Program Files\Temporary
2008-01-27 18:26:59 87552 --a------ C:\WINDOWS\system32\TmpX.exe
2008-01-27 18:26:54 114 --a------ C:\WINDOWS\system32\url3
2008-01-27 18:26:54 102 --a------ C:\WINDOWS\system32\url2
2008-01-27 18:26:54 102 --a------ C:\WINDOWS\system32\url1
2008-01-27 18:26:54 8 --a------ C:\WINDOWS\system32\CID
2008-01-27 18:26:49 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-27 18:26:49 0 d-------- C:\WINDOWS\system32\svcd
2008-01-27 18:26:41 34816 --a------ C:\info.exe
2008-01-27 17:21:35 333312 --a------ C:\WINDOWS\system32\jkhhg.dll
2008-01-27 17:17:18 135168 --a------ C:\WINDOWS\tk58.exe
2008-01-27 17:17:06 0 d-------- C:\WINDOWS\system32\?racle
2008-01-27 17:17:00 60928 --a------ C:\WINDOWS\system32\bmtl.dll
2008-01-27 17:16:56 169147 --a------ C:\WINDOWS\TTC-4444.exe
2008-01-27 17:16:47 36864 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-01-27 17:16:38 36864 -ra------ C:\WINDOWS\mrofinu572.exe
2008-01-27 17:16:35 86016 --a------ C:\WINDOWS\system32\drivers\mcdd.sys
2008-01-27 17:16:21 0 d-------- C:\WINDOWS\system32\wnis6
2008-01-27 17:16:21 0 d-------- C:\WINDOWS\system32\ets1
2008-01-27 17:16:20 0 d-------- C:\WINDOWS\system32\nip4
2008-01-27 17:16:18 38400 --a------ C:\WINDOWS\system32\opnlkjh.dll
2008-01-27 17:16:17 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-01-26 11:43:01 0 d-------- C:\Program Files\Ubisoft
2008-01-25 12:02:10 0 d-------- C:\Documents and Settings\Junior\My Documents
2008-01-24 11:19:56 0 d-------- C:\Documents and Settings\Junior\Application Data\Adobe
2008-01-24 11:03:57 58904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2008-01-24 11:03:57 58904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2008-01-24 11:03:49 0 d-------- C:\Program Files\AlphaZIP
2008-01-21 09:44:38 53760 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2008-01-28 01:51:36 0 d-------- C:\Program Files\BitComet
2008-01-28 01:51:32 0 d-------- C:\Program Files\AIM
2008-01-28 00:14:12 0 d-------- C:\Program Files\Common Files
2008-01-27 20:37:25 6144 --a------ C:\WINDOWS\system32\perfc000.dat
2008-01-27 18:53:57 0 d-------- C:\Program Files\Starcraft
2008-01-27 17:17:23 0 d-------- C:\Program Files\Windows Plus
2008-01-27 17:17:06 0 d-------- C:\Program Files\Online Services
2008-01-26 12:13:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 12:01:48 0 d-------- C:\Documents and Settings\Junior\Application Data\Aim
2008-01-19 23:49:56 0 d-------- C:\Program Files\Soulseek-Test
2007-12-09 10:45:00 0 d-------- C:\Program Files\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089d8004-de81-4857-a552-6671d923870a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{433BD534-6885-2305-F8CD-66A395FAF8BA}]
01/15/2008 08:30 AM 60928 --a------ C:\WINDOWS\system32\bmtl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{979C18FB-35A3-4D70-9E77-AD4EDD119904}]
01/27/2008 05:21 PM 333312 --a------ C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}]
01/27/2008 05:16 PM 38400 --a------ C:\WINDOWS\system32\opnlkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99291725-7939-455B-ACEC-387508DE1AAD}]
08/02/2007 05:43 AM 282624 --a------ C:\Program Files\Online Services\vizykinu4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A41B291B-987E-4954-B1FD-9E722BEA6178}]
08/02/2007 05:43 AM 282624 --a------ C:\Program Files\Online Services\vizykinu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C225521C-2913-49C5-26A0-AE19F8B84E68}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 09:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 09:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 09:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 02:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 11:05 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 09:06 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/08/2005 02:00 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/30/2005 10:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [04/19/2007 10:07 AM]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [06/20/2005 11:10 AM]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [05/09/2005 11:19 AM]
"SystemOptimizer"="C:\WINDOWS\iihhfe.dll" [08/06/2007 11:30 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"runner1"="C:\WINDOWS\mrofinu572.exe" [01/23/2008 11:36 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/30/2005 10:10 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [03/12/2004 12:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/17/2007 11:46 AM]
"Uaol"="C:\WINDOWS\FNTS~1\wuaclt.exe" [01/27/2008 05:16 PM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [12/07/2007 09:31 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"RemoveInstallPath"=cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"POSTRBT"=C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/5/2005 3:52:50 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [3/5/2006 8:57:37 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
MyWebSearch Email Plugin.lnk - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [12/30/2005 10:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Plus\dirto.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\system32\opnlkjh.dll [01/27/2008 05:16 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ialcap]
ialcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkjh]
opnlkjh.dll 01/27/2008 05:16 PM 38400 C:\WINDOWS\system32\opnlkjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc1]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\perfc000.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - PLHRGJHTBSKO
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2008-01-28 02:49:45 ------------
Attached Files
File Type: txt extra.txt (15.0 KB, 0 views)
jrtech is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here