Tech Support Forum - View Single Post - Virus Java/ByteVerify, Downloader.Zlob, Trojanhorse & more.

cableguy · 04-30-2008, 07:09 PM

Ok...here goes...

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-01 09:04:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 192 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-01 09:05:57
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator.PPC1\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.news.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {01FE095B-4190-4DBA-B26D-EBB863DF7709} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {071B64CC-DE4C-4B08-B602-77F75A025082} - (no file)
O2 - BHO: (no name) - {075B14B3-6DE7-4A31-B4F1-342889EBD917} - (no file)
O2 - BHO: (no name) - {0C232A58-86E4-47E5-886D-06F32942593B} - (no file)
O2 - BHO: (no name) - {0CC1AB92-52E3-4409-9AFF-DF66BECD8016} - (no file)
O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - (no file)
O2 - BHO: (no name) - {10E99DAB-7A56-4B0F-AB3C-EF88F820FC4B} - (no file)
O2 - BHO: (no name) - {143588E2-A11A-4D26-B0E4-93AEB570C73B} - (no file)
O2 - BHO: (no name) - {19494287-4D36-409F-A390-D20E710F183E} - (no file)
O2 - BHO: (no name) - {1F366527-E8E8-415F-8084-35D323B3DEF3} - (no file)
O2 - BHO: (no name) - {24D26DEA-79DD-4BB9-852B-1282CDC5883C} - (no file)
O2 - BHO: (no name) - {26572950-42D5-4BA0-AB12-952768FE5912} - (no file)
O2 - BHO: (no name) - {2A777FBB-7D94-48E8-8E73-93A34C9BE2C0} - (no file)
O2 - BHO: (no name) - {2CE4736D-4A1F-4A93-9461-8FEE22B3AB99} - (no file)
O2 - BHO: (no name) - {3725752F-AD3A-4932-9BA1-16AA24A2C6F5} - (no file)
O2 - BHO: (no name) - {3CDED179-60A5-4C6F-8342-1C4FEDFEED86} - (no file)
O2 - BHO: (no name) - {46A2C00B-8F57-4226-B63F-5DA017A20615} - (no file)
O2 - BHO: (no name) - {49EC75A6-40D4-410B-BA49-4B99D9E816D8} - (no file)
O2 - BHO: (no name) - {4B473956-D85C-4AE2-B83B-BA3FAC032A4F} - (no file)
O2 - BHO: (no name) - {4DBCE191-C000-4550-AC87-88601CA93691} - (no file)
O2 - BHO: (no name) - {4E0C3F4B-AE09-4207-AD98-46E4A09FB553} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54E13E07-EEF0-48CB-B9DC-B4120190C3D5} - (no file)
O2 - BHO: (no name) - {576E9541-10E7-4FB3-B1E3-DB791DB57F53} - (no file)
O2 - BHO: (no name) - {5A9FC9BA-CF40-4BFA-9925-16E9DF194D77} - (no file)
O2 - BHO: (no name) - {5C50F12D-ECB1-4726-9D6F-56C5F96A87E4} - C:\WINDOWS\System32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {6346BC9B-5719-402E-80E3-C10D369BF188} - (no file)
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file)
O2 - BHO: (no name) - {6AE8AD21-151E-471D-8A8D-61EE1C0B8586} - (no file)
O2 - BHO: (no name) - {71FA1D38-FCBE-4416-A3CD-32E047E8C542} - (no file)
O2 - BHO: (no name) - {74E45A97-521B-4CBF-9129-68CB2A1E5914} - (no file)
O2 - BHO: (no name) - {7647359E-E67F-417C-8389-CF7BEA5C13B7} - (no file)
O2 - BHO: (no name) - {7B34FFD7-AA7E-4355-91E3-DC5DE6E348EC} - (no file)
O2 - BHO: (no name) - {83F95AFE-B677-45A8-BDB0-CB12FB98BD1C} - (no file)
O2 - BHO: (no name) - {89EFD49D-5D90-4F20-ADED-DA130B4A5BB5} - (no file)
O2 - BHO: (no name) - {8D5849C4-93F3-429D-FF34-260A2068897C} - (no file)
O2 - BHO: (no name) - {906F1B82-C722-419D-B26C-D9A42A3FBD57} - (no file)
O2 - BHO: (no name) - {90B2364C-F844-4069-8293-B151F070994B} - (no file)
O2 - BHO: (no name) - {986BC75D-E8A5-43A7-8971-052FC88F5036} - (no file)
O2 - BHO: (no name) - {9C166FBD-B031-4811-96F6-4D37F1E824CB} - (no file)
O2 - BHO: (no name) - {9ECCAF33-BED5-430D-8FA9-ED1552142CA6} - (no file)
O2 - BHO: (no name) - {9ED47DF6-1920-4FAF-B6EF-C795D2D9B66C} - (no file)
O2 - BHO: (no name) - {9FDBEF6C-3D64-45CA-A116-5BB97C522D94} - (no file)
O2 - BHO: (no name) - {A0AAC1AB-EB9E-4951-B576-F48F26105EE3} - (no file)
O2 - BHO: (no name) - {A3752E3C-6641-4F0C-A86B-B11F08CE933C} - (no file)
O2 - BHO: (no name) - {AB79E329-7FA2-4B34-813A-3AED19DF6EEB} - (no file)
O2 - BHO: (no name) - {AD4A5016-1188-49E9-8E07-C4323D4A2F97} - (no file)
O2 - BHO: (no name) - {B55157E8-AE0C-4178-87AA-7250CC69D9C3} - (no file)
O2 - BHO: (no name) - {B7D042F5-725B-4E41-8AA2-3508E3BC923B} - (no file)
O2 - BHO: (no name) - {C3BBFF18-D9A8-4156-B50E-2270640C59EE} - (no file)
O2 - BHO: (no name) - {C657C484-9142-49BA-BB2B-FA6E9C052411} - (no file)
O2 - BHO: (no name) - {C79F0C77-A964-4DDA-A503-5580ACB6ED4B} - (no file)
O2 - BHO: (no name) - {CEF5D03D-A74B-4D14-B4E4-EC8551695F0E} - (no file)
O2 - BHO: (no name) - {D5EF16DE-C074-4F4B-8308-A2241B2DFADE} - (no file)
O2 - BHO: (no name) - {D72446DB-8675-4002-81B2-0366CF1EC30E} - (no file)
O2 - BHO: (no name) - {D9546BB4-7243-4C63-962F-B80D55D8A443} - (no file)
O2 - BHO: (no name) - {DA94A918-1C4A-4437-A758-06759AFEBE96} - (no file)
O2 - BHO: (no name) - {DB6CB071-CF57-41DC-A77A-FBEDD535EE93} - (no file)
O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\byxxwxy.dll
O2 - BHO: (no name) - {E4EDCD5E-0E84-452A-B8B6-6887FF0D43CC} - (no file)
O2 - BHO: (no name) - {E9438E2B-A47D-4285-A56F-037A965CA27B} - (no file)
O2 - BHO: (no name) - {ECC90355-9BCE-4D55-9F4F-BF69BADA76E3} - (no file)
O2 - BHO: (no name) - {EDAE651D-7C91-4759-B160-200CEB8C781E} - (no file)
O2 - BHO: (no name) - {EDE8E8B2-28E8-4C6C-9688-F6D1065A59D7} - (no file)
O2 - BHO: (no name) - {F6210944-A83B-49EC-9E5E-8E69EFB07E30} - (no file)
O2 - BHO: (no name) - {FEB64E52-187A-48C6-87E1-E0C0B1C06014} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file)
O4 - HKLM\..\Run: [\\Nasir\EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P38 "\\Nasir\EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM0ff3070b] Rundll32.exe "C:\WINDOWS\System32\anbfwlpt.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...163.1007638889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\Software\..\Telephony: DomainName = sg.muhammadiyah.intra
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: byxxwxy - C:\WINDOWS\System32\byxxwxy.dll
O22 - SharedTaskScheduler: Hex port setting - {8D5849C4-93F3-429D-FF34-260A2068897C} - (no file)
O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe

--
End of file - 12640 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-04-26 18:07:10 0 dr-h----- C:\Documents and Settings\Administrator.PPC1\Application Data\yahoo!
2008-04-20 07:59:02 95296 --a------ C:\WINDOWS\System32\whxnnvjh.dll
2008-04-19 23:10:53 95296 --a------ C:\WINDOWS\System32\sxwbldlu.dll
2008-04-19 16:16:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 16:16:46 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-19 16:16:41 0 d-------- C:\WINDOWS\LastGood
2008-04-19 16:12:38 0 d-------- C:\Program Files\Panda Security
2008-04-19 16:02:47 0 dr-h----- C:\Documents and Settings\Administrator.PPC1\Recent
2008-04-19 15:45:45 96320 --a------ C:\WINDOWS\System32\tljjsfmd.dll
2008-04-19 15:43:51 96320 --a------ C:\WINDOWS\System32\fpccbpxr.dll
2008-04-19 15:42:49 593 --ahs---- C:\WINDOWS\System32\mpqss.ini2
2008-04-12 19:02:36 175837 --ahs---- C:\WINDOWS\System32\ijkmp.ini2

-- Find3M Report ---------------------------------------------------------------

2008-05-01 08:36:57 0 d-------- C:\Documents and Settings\Administrator.PPC1\Application Data\AVG7
2008-04-26 18:09:29 0 d-------- C:\Program Files\Sony
2008-04-26 18

31 0 d-------- C:\Program Files\Yahoo!
2008-04-20 09:40:17 0 d-------- C:\Program Files\Helper
2008-04-20 08:01:27 0 d-------- C:\Program Files\Creative
2008-04-19 16:12:45 2483 --a------ C:\WINDOWS\mozver.dat
2008-04-19 16:00:07 0 d-------- C:\Program Files\DivX
2008-04-12 20:26:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 20:20:40 0 d-------- C:\Program Files\Google
2008-04-12 20:13:30 0 d-------- C:\Program Files\Java
2008-04-12 20:13:29 0 d-------- C:\Program Files\Common Files
2008-04-12 18:24:59 0 d-------- C:\Program Files\Common Files\Real
2008-04-12 18:22:44 0 d-------- C:\Documents and Settings\Administrator.PPC1\Application Data\Real
2008-03-29 19:56:36 267776 --a------ C:\WINDOWS\System32\jkhhf.dll
2008-03-29 19:51:21 0 d-------- C:\Program Files\NetProject
2008-03-29 19:51:12 39424 --a------ C:\WINDOWS\System32\byxxwxy.dll
2008-03-22 18:49:20 0 d-------- C:\Program Files\TextBridge Pro Millennium
2008-03-22 18:48:50 0 d-------- C:\Program Files\Common Files\ScanSoft Shared

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01FE095B-4190-4DBA-B26D-EBB863DF7709}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{071B64CC-DE4C-4B08-B602-77F75A025082}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{075B14B3-6DE7-4A31-B4F1-342889EBD917}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C232A58-86E4-47E5-886D-06F32942593B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CC1AB92-52E3-4409-9AFF-DF66BECD8016}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10E99DAB-7A56-4B0F-AB3C-EF88F820FC4B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{143588E2-A11A-4D26-B0E4-93AEB570C73B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19494287-4D36-409F-A390-D20E710F183E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F366527-E8E8-415F-8084-35D323B3DEF3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24D26DEA-79DD-4BB9-852B-1282CDC5883C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26572950-42D5-4BA0-AB12-952768FE5912}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A777FBB-7D94-48E8-8E73-93A34C9BE2C0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CE4736D-4A1F-4A93-9461-8FEE22B3AB99}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3725752F-AD3A-4932-9BA1-16AA24A2C6F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CDED179-60A5-4C6F-8342-1C4FEDFEED86}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A2C00B-8F57-4226-B63F-5DA017A20615}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49EC75A6-40D4-410B-BA49-4B99D9E816D8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B473956-D85C-4AE2-B83B-BA3FAC032A4F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DBCE191-C000-4550-AC87-88601CA93691}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E0C3F4B-AE09-4207-AD98-46E4A09FB553}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54E13E07-EEF0-48CB-B9DC-B4120190C3D5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{576E9541-10E7-4FB3-B1E3-DB791DB57F53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A9FC9BA-CF40-4BFA-9925-16E9DF194D77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C50F12D-ECB1-4726-9D6F-56C5F96A87E4}]
C:\WINDOWS\System32\ssqpm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6346BC9B-5719-402E-80E3-C10D369BF188}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AE8AD21-151E-471D-8A8D-61EE1C0B8586}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71FA1D38-FCBE-4416-A3CD-32E047E8C542}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74E45A97-521B-4CBF-9129-68CB2A1E5914}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647359E-E67F-417C-8389-CF7BEA5C13B7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B34FFD7-AA7E-4355-91E3-DC5DE6E348EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83F95AFE-B677-45A8-BDB0-CB12FB98BD1C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89EFD49D-5D90-4F20-ADED-DA130B4A5BB5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D5849C4-93F3-429D-FF34-260A2068897C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{906F1B82-C722-419D-B26C-D9A42A3FBD57}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B2364C-F844-4069-8293-B151F070994B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{986BC75D-E8A5-43A7-8971-052FC88F5036}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C166FBD-B031-4811-96F6-4D37F1E824CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECCAF33-BED5-430D-8FA9-ED1552142CA6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ED47DF6-1920-4FAF-B6EF-C795D2D9B66C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FDBEF6C-3D64-45CA-A116-5BB97C522D94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0AAC1AB-EB9E-4951-B576-F48F26105EE3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3752E3C-6641-4F0C-A86B-B11F08CE933C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB79E329-7FA2-4B34-813A-3AED19DF6EEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4A5016-1188-49E9-8E07-C4323D4A2F97}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B55157E8-AE0C-4178-87AA-7250CC69D9C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7D042F5-725B-4E41-8AA2-3508E3BC923B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3BBFF18-D9A8-4156-B50E-2270640C59EE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C657C484-9142-49BA-BB2B-FA6E9C052411}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79F0C77-A964-4DDA-A503-5580ACB6ED4B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF5D03D-A74B-4D14-B4E4-EC8551695F0E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5EF16DE-C074-4F4B-8308-A2241B2DFADE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D72446DB-8675-4002-81B2-0366CF1EC30E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9546BB4-7243-4C63-962F-B80D55D8A443}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA94A918-1C4A-4437-A758-06759AFEBE96}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB6CB071-CF57-41DC-A77A-FBEDD535EE93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}]
29/03/2008 19:51 39424 --a------ C:\WINDOWS\System32\byxxwxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EDCD5E-0E84-452A-B8B6-6887FF0D43CC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9438E2B-A47D-4285-A56F-037A965CA27B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECC90355-9BCE-4D55-9F4F-BF69BADA76E3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDAE651D-7C91-4759-B160-200CEB8C781E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE8E8B2-28E8-4C6C-9688-F6D1065A59D7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6210944-A83B-49EC-9E5E-8E69EFB07E30}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEB64E52-187A-48C6-87E1-E0C0B1C06014}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\Nasir\EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 19:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [31/08/2007 19:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/04/2008 15:43]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"BM0ff3070b"="C:\WINDOWS\System32\anbfwlpt.dll" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}"= C:\WINDOWS\System32\byxxwxy.dll [29/03/2008 19:51 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csqgj.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxwxy]
byxxwxy.dll 29/03/2008 19:51 39424 C:\WINDOWS\system32\byxxwxy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpm
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2683804368-1490112732-1395025495-1155\Scripts\Logon\0\0]
"Script"=MHQLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator.PPC1^Start Menu^Programs^Startup^ImationFlashDetect.lnk]
path=C:\Documents and Settings\Administrator.PPC1\Start Menu\Programs\Startup\ImationFlashDetect.lnk
backup=C:\WINDOWS\pss\ImationFlashDetect.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsgg.exe]
C:\WINDOWS\System32\dmsgg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06ADXRC_2588375]
"C:\Program Files\Microsoft Encarta\Encarta Premium 2006\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keybdll]
wormexe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\link part internet bird]
C:\Documents and Settings\All Users\Application Data\amok idle link part\BENDERROR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsNetHelper]
mozilla-text.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
"C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemWindows]
C:\WINDOWS\system32\scvhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\NavNT\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]
wormexe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f2-1716-11dd-8312-005070c81d48}]
AutoRun\command- E:\o9o2u.bat
explore\Command- E:\o9o2u.bat
open\Command- E:\o9o2u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f3-1716-11dd-8312-005070c81d48}]
AutoRun\command- F:\o9o2u.bat
explore\Command- F:\o9o2u.bat
open\Command- F:\o9o2u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f4-1716-11dd-8312-005070c81d48}]
AutoRun\command- G:\o9o2u.bat
explore\Command- G:\o9o2u.bat
open\Command- G:\o9o2u.bat

-- End of Deckard's System Scanner: finished at 2008-05-01 09:08:59 ------------

04-30-2008, 07:09 PM	#4 (permalink)
cableguy Registered User Join Date: Apr 2008 Posts: 23 OS: xp sp2	Re: Virus Java/ByteVerify, Downloader.Zlob, Trojanhorse & more. Ok...here goes... Deckard's System Scanner v20071014.68 Run by Administrator on 2008-05-01 09:04:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 87% (more than 75%). Total Physical Memory: 192 MiB (512 MiB recommended). -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-01 09:05:57 Platform: Windows XP Service Pack 1 (5.01.2600) MSIE: Internet Explorer (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator.PPC1\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.news.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {01FE095B-4190-4DBA-B26D-EBB863DF7709} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {071B64CC-DE4C-4B08-B602-77F75A025082} - (no file) O2 - BHO: (no name) - {075B14B3-6DE7-4A31-B4F1-342889EBD917} - (no file) O2 - BHO: (no name) - {0C232A58-86E4-47E5-886D-06F32942593B} - (no file) O2 - BHO: (no name) - {0CC1AB92-52E3-4409-9AFF-DF66BECD8016} - (no file) O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - (no file) O2 - BHO: (no name) - {10E99DAB-7A56-4B0F-AB3C-EF88F820FC4B} - (no file) O2 - BHO: (no name) - {143588E2-A11A-4D26-B0E4-93AEB570C73B} - (no file) O2 - BHO: (no name) - {19494287-4D36-409F-A390-D20E710F183E} - (no file) O2 - BHO: (no name) - {1F366527-E8E8-415F-8084-35D323B3DEF3} - (no file) O2 - BHO: (no name) - {24D26DEA-79DD-4BB9-852B-1282CDC5883C} - (no file) O2 - BHO: (no name) - {26572950-42D5-4BA0-AB12-952768FE5912} - (no file) O2 - BHO: (no name) - {2A777FBB-7D94-48E8-8E73-93A34C9BE2C0} - (no file) O2 - BHO: (no name) - {2CE4736D-4A1F-4A93-9461-8FEE22B3AB99} - (no file) O2 - BHO: (no name) - {3725752F-AD3A-4932-9BA1-16AA24A2C6F5} - (no file) O2 - BHO: (no name) - {3CDED179-60A5-4C6F-8342-1C4FEDFEED86} - (no file) O2 - BHO: (no name) - {46A2C00B-8F57-4226-B63F-5DA017A20615} - (no file) O2 - BHO: (no name) - {49EC75A6-40D4-410B-BA49-4B99D9E816D8} - (no file) O2 - BHO: (no name) - {4B473956-D85C-4AE2-B83B-BA3FAC032A4F} - (no file) O2 - BHO: (no name) - {4DBCE191-C000-4550-AC87-88601CA93691} - (no file) O2 - BHO: (no name) - {4E0C3F4B-AE09-4207-AD98-46E4A09FB553} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {54E13E07-EEF0-48CB-B9DC-B4120190C3D5} - (no file) O2 - BHO: (no name) - {576E9541-10E7-4FB3-B1E3-DB791DB57F53} - (no file) O2 - BHO: (no name) - {5A9FC9BA-CF40-4BFA-9925-16E9DF194D77} - (no file) O2 - BHO: (no name) - {5C50F12D-ECB1-4726-9D6F-56C5F96A87E4} - C:\WINDOWS\System32\ssqpm.dll (file missing) O2 - BHO: (no name) - {6346BC9B-5719-402E-80E3-C10D369BF188} - (no file) O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - (no file) O2 - BHO: (no name) - {6AE8AD21-151E-471D-8A8D-61EE1C0B8586} - (no file) O2 - BHO: (no name) - {71FA1D38-FCBE-4416-A3CD-32E047E8C542} - (no file) O2 - BHO: (no name) - {74E45A97-521B-4CBF-9129-68CB2A1E5914} - (no file) O2 - BHO: (no name) - {7647359E-E67F-417C-8389-CF7BEA5C13B7} - (no file) O2 - BHO: (no name) - {7B34FFD7-AA7E-4355-91E3-DC5DE6E348EC} - (no file) O2 - BHO: (no name) - {83F95AFE-B677-45A8-BDB0-CB12FB98BD1C} - (no file) O2 - BHO: (no name) - {89EFD49D-5D90-4F20-ADED-DA130B4A5BB5} - (no file) O2 - BHO: (no name) - {8D5849C4-93F3-429D-FF34-260A2068897C} - (no file) O2 - BHO: (no name) - {906F1B82-C722-419D-B26C-D9A42A3FBD57} - (no file) O2 - BHO: (no name) - {90B2364C-F844-4069-8293-B151F070994B} - (no file) O2 - BHO: (no name) - {986BC75D-E8A5-43A7-8971-052FC88F5036} - (no file) O2 - BHO: (no name) - {9C166FBD-B031-4811-96F6-4D37F1E824CB} - (no file) O2 - BHO: (no name) - {9ECCAF33-BED5-430D-8FA9-ED1552142CA6} - (no file) O2 - BHO: (no name) - {9ED47DF6-1920-4FAF-B6EF-C795D2D9B66C} - (no file) O2 - BHO: (no name) - {9FDBEF6C-3D64-45CA-A116-5BB97C522D94} - (no file) O2 - BHO: (no name) - {A0AAC1AB-EB9E-4951-B576-F48F26105EE3} - (no file) O2 - BHO: (no name) - {A3752E3C-6641-4F0C-A86B-B11F08CE933C} - (no file) O2 - BHO: (no name) - {AB79E329-7FA2-4B34-813A-3AED19DF6EEB} - (no file) O2 - BHO: (no name) - {AD4A5016-1188-49E9-8E07-C4323D4A2F97} - (no file) O2 - BHO: (no name) - {B55157E8-AE0C-4178-87AA-7250CC69D9C3} - (no file) O2 - BHO: (no name) - {B7D042F5-725B-4E41-8AA2-3508E3BC923B} - (no file) O2 - BHO: (no name) - {C3BBFF18-D9A8-4156-B50E-2270640C59EE} - (no file) O2 - BHO: (no name) - {C657C484-9142-49BA-BB2B-FA6E9C052411} - (no file) O2 - BHO: (no name) - {C79F0C77-A964-4DDA-A503-5580ACB6ED4B} - (no file) O2 - BHO: (no name) - {CEF5D03D-A74B-4D14-B4E4-EC8551695F0E} - (no file) O2 - BHO: (no name) - {D5EF16DE-C074-4F4B-8308-A2241B2DFADE} - (no file) O2 - BHO: (no name) - {D72446DB-8675-4002-81B2-0366CF1EC30E} - (no file) O2 - BHO: (no name) - {D9546BB4-7243-4C63-962F-B80D55D8A443} - (no file) O2 - BHO: (no name) - {DA94A918-1C4A-4437-A758-06759AFEBE96} - (no file) O2 - BHO: (no name) - {DB6CB071-CF57-41DC-A77A-FBEDD535EE93} - (no file) O2 - BHO: (no name) - {E2F8F7C7-954D-4336-BA99-27BFBEB73DAF} - C:\WINDOWS\system32\byxxwxy.dll O2 - BHO: (no name) - {E4EDCD5E-0E84-452A-B8B6-6887FF0D43CC} - (no file) O2 - BHO: (no name) - {E9438E2B-A47D-4285-A56F-037A965CA27B} - (no file) O2 - BHO: (no name) - {ECC90355-9BCE-4D55-9F4F-BF69BADA76E3} - (no file) O2 - BHO: (no name) - {EDAE651D-7C91-4759-B160-200CEB8C781E} - (no file) O2 - BHO: (no name) - {EDE8E8B2-28E8-4C6C-9688-F6D1065A59D7} - (no file) O2 - BHO: (no name) - {F6210944-A83B-49EC-9E5E-8E69EFB07E30} - (no file) O2 - BHO: (no name) - {FEB64E52-187A-48C6-87E1-E0C0B1C06014} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file) O4 - HKLM\..\Run: [\\Nasir\EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P38 "\\Nasir\EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BM0ff3070b] Rundll32.exe "C:\WINDOWS\System32\anbfwlpt.dll",s O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} () - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...163.1007638889 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} () - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\Software\..\Telephony: DomainName = sg.muhammadiyah.intra O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = sg.muhammadiyah.intra O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O20 - Winlogon Notify: byxxwxy - C:\WINDOWS\System32\byxxwxy.dll O22 - SharedTaskScheduler: Hex port setting - {8D5849C4-93F3-429D-FF34-260A2068897C} - (no file) O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe -- End of file - 12640 bytes -- Files created between 2008-04-01 and 2008-05-01 ----------------------------- 2008-04-26 18:07:10 0 dr-h----- C:\Documents and Settings\Administrator.PPC1\Application Data\yahoo! 2008-04-20 07:59:02 95296 --a------ C:\WINDOWS\System32\whxnnvjh.dll 2008-04-19 23:10:53 95296 --a------ C:\WINDOWS\System32\sxwbldlu.dll 2008-04-19 16:16:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-19 16:16:46 0 d-------- C:\WINDOWS\System32\Kaspersky Lab 2008-04-19 16:16:41 0 d-------- C:\WINDOWS\LastGood 2008-04-19 16:12:38 0 d-------- C:\Program Files\Panda Security 2008-04-19 16:02:47 0 dr-h----- C:\Documents and Settings\Administrator.PPC1\Recent 2008-04-19 15:45:45 96320 --a------ C:\WINDOWS\System32\tljjsfmd.dll 2008-04-19 15:43:51 96320 --a------ C:\WINDOWS\System32\fpccbpxr.dll 2008-04-19 15:42:49 593 --ahs---- C:\WINDOWS\System32\mpqss.ini2 2008-04-12 19:02:36 175837 --ahs---- C:\WINDOWS\System32\ijkmp.ini2 -- Find3M Report --------------------------------------------------------------- 2008-05-01 08:36:57 0 d-------- C:\Documents and Settings\Administrator.PPC1\Application Data\AVG7 2008-04-26 18:09:29 0 d-------- C:\Program Files\Sony 2008-04-26 1831 0 d-------- C:\Program Files\Yahoo! 2008-04-20 09:40:17 0 d-------- C:\Program Files\Helper 2008-04-20 08:01:27 0 d-------- C:\Program Files\Creative 2008-04-19 16:12:45 2483 --a------ C:\WINDOWS\mozver.dat 2008-04-19 16:00:07 0 d-------- C:\Program Files\DivX 2008-04-12 20:26:04 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-12 20:20:40 0 d-------- C:\Program Files\Google 2008-04-12 20:13:30 0 d-------- C:\Program Files\Java 2008-04-12 20:13:29 0 d-------- C:\Program Files\Common Files 2008-04-12 18:24:59 0 d-------- C:\Program Files\Common Files\Real 2008-04-12 18:22:44 0 d-------- C:\Documents and Settings\Administrator.PPC1\Application Data\Real 2008-03-29 19:56:36 267776 --a------ C:\WINDOWS\System32\jkhhf.dll 2008-03-29 19:51:21 0 d-------- C:\Program Files\NetProject 2008-03-29 19:51:12 39424 --a------ C:\WINDOWS\System32\byxxwxy.dll 2008-03-22 18:49:20 0 d-------- C:\Program Files\TextBridge Pro Millennium 2008-03-22 18:48:50 0 d-------- C:\Program Files\Common Files\ScanSoft Shared -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01FE095B-4190-4DBA-B26D-EBB863DF7709}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{071B64CC-DE4C-4B08-B602-77F75A025082}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{075B14B3-6DE7-4A31-B4F1-342889EBD917}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C232A58-86E4-47E5-886D-06F32942593B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CC1AB92-52E3-4409-9AFF-DF66BECD8016}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10E99DAB-7A56-4B0F-AB3C-EF88F820FC4B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{143588E2-A11A-4D26-B0E4-93AEB570C73B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19494287-4D36-409F-A390-D20E710F183E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F366527-E8E8-415F-8084-35D323B3DEF3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24D26DEA-79DD-4BB9-852B-1282CDC5883C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26572950-42D5-4BA0-AB12-952768FE5912}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A777FBB-7D94-48E8-8E73-93A34C9BE2C0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CE4736D-4A1F-4A93-9461-8FEE22B3AB99}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3725752F-AD3A-4932-9BA1-16AA24A2C6F5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CDED179-60A5-4C6F-8342-1C4FEDFEED86}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A2C00B-8F57-4226-B63F-5DA017A20615}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49EC75A6-40D4-410B-BA49-4B99D9E816D8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B473956-D85C-4AE2-B83B-BA3FAC032A4F}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DBCE191-C000-4550-AC87-88601CA93691}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E0C3F4B-AE09-4207-AD98-46E4A09FB553}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54E13E07-EEF0-48CB-B9DC-B4120190C3D5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{576E9541-10E7-4FB3-B1E3-DB791DB57F53}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A9FC9BA-CF40-4BFA-9925-16E9DF194D77}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C50F12D-ECB1-4726-9D6F-56C5F96A87E4}] C:\WINDOWS\System32\ssqpm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6346BC9B-5719-402E-80E3-C10D369BF188}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6860A44B-5D3E-433D-A7B5-D517F810D0E7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AE8AD21-151E-471D-8A8D-61EE1C0B8586}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71FA1D38-FCBE-4416-A3CD-32E047E8C542}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74E45A97-521B-4CBF-9129-68CB2A1E5914}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7647359E-E67F-417C-8389-CF7BEA5C13B7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B34FFD7-AA7E-4355-91E3-DC5DE6E348EC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83F95AFE-B677-45A8-BDB0-CB12FB98BD1C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89EFD49D-5D90-4F20-ADED-DA130B4A5BB5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D5849C4-93F3-429D-FF34-260A2068897C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{906F1B82-C722-419D-B26C-D9A42A3FBD57}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B2364C-F844-4069-8293-B151F070994B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{986BC75D-E8A5-43A7-8971-052FC88F5036}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C166FBD-B031-4811-96F6-4D37F1E824CB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECCAF33-BED5-430D-8FA9-ED1552142CA6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ED47DF6-1920-4FAF-B6EF-C795D2D9B66C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FDBEF6C-3D64-45CA-A116-5BB97C522D94}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0AAC1AB-EB9E-4951-B576-F48F26105EE3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3752E3C-6641-4F0C-A86B-B11F08CE933C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB79E329-7FA2-4B34-813A-3AED19DF6EEB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4A5016-1188-49E9-8E07-C4323D4A2F97}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B55157E8-AE0C-4178-87AA-7250CC69D9C3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7D042F5-725B-4E41-8AA2-3508E3BC923B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3BBFF18-D9A8-4156-B50E-2270640C59EE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C657C484-9142-49BA-BB2B-FA6E9C052411}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79F0C77-A964-4DDA-A503-5580ACB6ED4B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF5D03D-A74B-4D14-B4E4-EC8551695F0E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5EF16DE-C074-4F4B-8308-A2241B2DFADE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D72446DB-8675-4002-81B2-0366CF1EC30E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9546BB4-7243-4C63-962F-B80D55D8A443}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA94A918-1C4A-4437-A758-06759AFEBE96}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB6CB071-CF57-41DC-A77A-FBEDD535EE93}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}] 29/03/2008 19:51 39424 --a------ C:\WINDOWS\System32\byxxwxy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4EDCD5E-0E84-452A-B8B6-6887FF0D43CC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9438E2B-A47D-4285-A56F-037A965CA27B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECC90355-9BCE-4D55-9F4F-BF69BADA76E3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDAE651D-7C91-4759-B160-200CEB8C781E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EDE8E8B2-28E8-4C6C-9688-F6D1065A59D7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6210944-A83B-49EC-9E5E-8E69EFB07E30}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FEB64E52-187A-48C6-87E1-E0C0B1C06014}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\Nasir\EPSON Stylus Photo R230 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.exe" [09/03/2005 19:00] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [31/08/2007 19:43] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [19/04/2008 15:43] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "BM0ff3070b"="C:\WINDOWS\System32\anbfwlpt.dll" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "some"=C:\Program Files\NetProject\scit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E2F8F7C7-954D-4336-BA99-27BFBEB73DAF}"= C:\WINDOWS\System32\byxxwxy.dll [29/03/2008 19:51 39424] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="csqgj.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxwxy] byxxwxy.dll 29/03/2008 19:51 39424 C:\WINDOWS\system32\byxxwxy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqpm "Notification Packages"= :\WINDOW [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2683804368-1490112732-1395025495-1155\Scripts\Logon\0\0] "Script"=MHQLOGON.BAT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator.PPC1^Start Menu^Programs^Startup^ImationFlashDetect.lnk] path=C:\Documents and Settings\Administrator.PPC1\Start Menu\Programs\Startup\ImationFlashDetect.lnk backup=C:\WINDOWS\pss\ImationFlashDetect.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] C:\WINDOWS\CTRegRun.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmsgg.exe] C:\WINDOWS\System32\dmsgg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06ADXRC_2588375] "C:\Program Files\Microsoft Encarta\Encarta Premium 2006\EDICT.EXE" -m [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keybdll] wormexe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\link part internet bird] C:\Documents and Settings\All Users\Application Data\amok idle link part\BENDERROR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsNetHelper] mozilla-text.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemWindows] C:\WINDOWS\system32\scvhost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] C:\PROGRA~1\NavNT\vptray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate] wormexe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f2-1716-11dd-8312-005070c81d48}] AutoRun\command- E:\o9o2u.bat explore\Command- E:\o9o2u.bat open\Command- E:\o9o2u.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f3-1716-11dd-8312-005070c81d48}] AutoRun\command- F:\o9o2u.bat explore\Command- F:\o9o2u.bat open\Command- F:\o9o2u.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1a339f4-1716-11dd-8312-005070c81d48}] AutoRun\command- G:\o9o2u.bat explore\Command- G:\o9o2u.bat open\Command- G:\o9o2u.bat -- End of Deckard's System Scanner: finished at 2008-05-01 09:08:59 ------------