Tech Support Forum - View Single Post

carlccfc · 05-03-2008, 01:35 AM

hi reid

here is the cobofix log

ComboFix 08-04-22.5 - carl 2008-04-23 23:12:19.2 - NTFSx86
Running from: C:\Documents and Settings\carl\Desktop\ComboFix.exe
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\LlUwyyxx.ini
C:\WINDOWS\system32\LlUwyyxx.ini2
.
---- Previous Run -------
.
C:\WINDOWS\local.html
C:\WINDOWS\system32\ttu.exe
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-23 22:06 . 2008-04-23 22:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-23 21:53 . 2008-04-23 21:53 <DIR> d-------- C:\Deckard
2008-04-23 19:40 . 2008-04-23 19:32 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-23 19:40 . 2008-04-23 19:40 2,538 --a------ C:\WINDOWS\unins000.dat
2008-04-23 18:06 . 2008-04-23 18:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-23 18:06 . 2008-04-23 20:10 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-23 17:35 . 2008-04-23 17:35 <DIR> d-------- C:\FAMILY_GUY_DISC3
2008-04-21 16:47 . 2008-04-21 16:47 165 --a------ C:\WINDOWS\system32\test.aok
2008-04-21 15:36 . 2008-04-23 17:38 <DIR> d-------- C:\Program Files\McDonaldsFairies
2008-04-20 10:03 . 2008-04-23 15:14 109,756 --a------ C:\WINDOWS\BM435af00e.xml
2008-04-19 21:59 . 2008-04-19 22:00 275,456 --a------ C:\WINDOWS\system32\xxyywUlL.dll
2008-04-19 21:54 . 2008-04-19 21:54 38,400 --a------ C:\WINDOWS\system32\urqQjkkH.dll
2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Program Files\iPod
2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\Conduit
2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\bigmaq2
2008-03-29 11:29 . 2008-03-29 11:30 <DIR> d-------- C:\OutputFolder
2008-03-29 11:24 . 2008-03-29 11:40 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-03-29 11:24 . 2008-03-29 11:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-29 11:04 . 2008-03-29 11:04 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:03 --------- d-----w C:\Program Files\Steam
2008-04-23 21:17 --------- d-----w C:\Program Files\TextAloud
2008-04-23 19:43 --------- d-----w C:\Documents and Settings\carl\Application Data\uTorrent
2008-04-23 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-20 22:36 --------- d-----w C:\Program Files\EPSON Print CD
2008-04-20 06:42 --------- d-----w C:\Documents and Settings\carl\Application Data\Vso
2008-04-18 19:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 17:04 --------- d-----w C:\Program Files\iTunes
2008-04-18 17:01 --------- d-----w C:\Program Files\QuickTime Alternative
2008-04-13 15:50 --------- d-----w C:\Program Files\Pixel Chix Desktop
2008-04-08 19:00 --------- d-----w C:\Program Files\bigmaq
2008-04-03 17:43 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-28 17:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 20:56 --------- d-----w C:\Documents and Settings\carl\Application Data\Apple Computer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 19:57 --------- d-----w C:\Program Files\ETUSB2.0
2008-03-18 19:57 --------- d-----w C:\Program Files\eMPIA-ET
2008-03-11 20:30 --------- d-----w C:\Program Files\Smallvideosoft
2008-03-05 20:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 20:43 --------- d-----w C:\Program Files\Windows Live
2008-03-05 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-10-09 20:41 87,608 ----a-w C:\Documents and Settings\carl\Application Data\inst.exe
2007-10-09 20:41 47,360 ----a-w C:\Documents and Settings\carl\Application Data\pcouffin.sys
2007-01-01 20:29 26,400 ----a-w C:\Documents and Settings\carl\TB2Categories000.dat
2003-08-27 13:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{297800AF-0F98-48D2-84C9-A88BD70DF719}]
2008-04-19 22:00 275456 --a------ C:\WINDOWS\system32\xxyywUlL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
2008-04-19 21:54 38400 --a------ C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3730ce0-582d-4b69-883c-613308706456}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\bigmaq2\tbbigm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F3730CE0-582D-4B69-883C-613308706456}"= "C:\Program Files\bigmaq2\tbbigm.dll" [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F3730CE0-582D-4B69-883C-613308706456}"= C:\Program Files\bigmaq2\tbbigm.dll [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-14 21:44 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-31 22:54 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-06-30 19:29 1179648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-07-26 12:45 40960]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-07-29 12:07 188416]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 06:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-07 19:50 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-05-06 22:01 82432]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 03:59 24576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\carl\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2006-10-16 21:14:20 534016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\urqQjkkH.dll [2008-04-19 21:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjkkH]
urqQjkkH.dll 2008-04-19 21:54 38400 C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax
"VIDC.MJPG"= Pvmjpg21.dll
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\burst\\btdownloadheadless.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\LimeWire\LimeWire.exe"= C:\Program Files\LimeWire\LimeWire.exe:82.11.218.11/255.255.255.255:Enabled:LimeWire
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Documents and Settings\\carl\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"C:\\Program Files\\QuickTime Alternative\\QuickTimePlayer.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aaroncurtis\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Hooligans\\Hooligans.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25644:UDP"= 25644:UDP:82.11.218.11/255.255.255.255:Enabled:LimeWire.exe
"58210:TCP"= 58210:TCP:utorrent.exe
"5000:TCP"= 5000:TCP:utor1

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22]
R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 22:36]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-08-06 09:46]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-05-04 10:21]
R2 MAC_MOT;MAC_MOT;C:\WINDOWS\system32\drivers\MAC_MOT.sys [2003-05-28 04:55]
R2 PAR1284;PAR1284;C:\WINDOWS\system32\drivers\PAR1284.sys [2002-03-20 13:46]
R3 DCamUSBET;ET USB 2710 Camera;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 17:14]
R3 FiltUSBET;ET USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-06 11:36]
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-04-14 09:24]
R3 ScanUSBET;ET USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 17:14]
S3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys []
S3 gtermddo;gtermddo;C:\DOCUME~1\carl\LOCALS~1\Temp\gtermddo.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d4dea3-cb38-11da-8f11-806d6172696f}]
\Shell\AutoRun\command - G:\fscommand\vividas.exe fscommand\Dora_ep1.viv /xml:8993 /blankscreen:134:228:252 /nosplash /run:main.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edc8f5f7-b2df-11dc-bee7-000c76bb1a5e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654337083002210

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 16:49:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 00:00:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\xxyywUlL.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API

scan completed successfully
hidden files: 1524

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\urqQjkkH.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-24 0:25:30 - machine was rebooted [carl]
ComboFix-quarantined-files.txt 2008-04-23 23:24:29

Pre-Run: 27,244,593,152 bytes free
Post-Run: 28,192,198,656 bytes free

373 --- E O F --- 2008-04-12 02:07:18

05-03-2008, 01:35 AM	#4 (permalink)
carlccfc Registered User Join Date: Apr 2008 Posts: 10 OS: winxp	Re: slow system urqQjkkH threat hi reid here is the cobofix log ComboFix 08-04-22.5 - carl 2008-04-23 23:12:19.2 - NTFSx86 Running from: C:\Documents and Settings\carl\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\LlUwyyxx.ini C:\WINDOWS\system32\LlUwyyxx.ini2 . ---- Previous Run ------- . C:\WINDOWS\local.html C:\WINDOWS\system32\ttu.exe C:\WINDOWS\winhelp.ini . ((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))) . 2008-04-23 22:06 . 2008-04-23 22:06 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-23 21:53 . 2008-04-23 21:53 <DIR> d-------- C:\Deckard 2008-04-23 19:40 . 2008-04-23 19:32 691,545 --a------ C:\WINDOWS\unins000.exe 2008-04-23 19:40 . 2008-04-23 19:40 2,538 --a------ C:\WINDOWS\unins000.dat 2008-04-23 18:06 . 2008-04-23 18:06 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-23 18:06 . 2008-04-23 20:10 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-04-23 17:35 . 2008-04-23 17:35 <DIR> d-------- C:\FAMILY_GUY_DISC3 2008-04-21 16:47 . 2008-04-21 16:47 165 --a------ C:\WINDOWS\system32\test.aok 2008-04-21 15:36 . 2008-04-23 17:38 <DIR> d-------- C:\Program Files\McDonaldsFairies 2008-04-20 10:03 . 2008-04-23 15:14 109,756 --a------ C:\WINDOWS\BM435af00e.xml 2008-04-19 21:59 . 2008-04-19 22:00 275,456 --a------ C:\WINDOWS\system32\xxyywUlL.dll 2008-04-19 21:54 . 2008-04-19 21:54 38,400 --a------ C:\WINDOWS\system32\urqQjkkH.dll 2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Program Files\iPod 2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\Conduit 2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\bigmaq2 2008-03-29 11:29 . 2008-03-29 11:30 <DIR> d-------- C:\OutputFolder 2008-03-29 11:24 . 2008-03-29 11:40 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-03-29 11:24 . 2008-03-29 11:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-03-29 11:04 . 2008-03-29 11:04 <DIR> d-------- C:\Program Files\YouTube Downloader 3000 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-23 23:03 --------- d-----w C:\Program Files\Steam 2008-04-23 21:17 --------- d-----w C:\Program Files\TextAloud 2008-04-23 19:43 --------- d-----w C:\Documents and Settings\carl\Application Data\uTorrent 2008-04-23 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-23 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-20 22:36 --------- d-----w C:\Program Files\EPSON Print CD 2008-04-20 06:42 --------- d-----w C:\Documents and Settings\carl\Application Data\Vso 2008-04-18 19:06 --------- d-----w C:\Program Files\Apple Software Update 2008-04-18 17:04 --------- d-----w C:\Program Files\iTunes 2008-04-18 17:01 --------- d-----w C:\Program Files\QuickTime Alternative 2008-04-13 15:50 --------- d-----w C:\Program Files\Pixel Chix Desktop 2008-04-08 19:00 --------- d-----w C:\Program Files\bigmaq 2008-04-03 17:43 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-28 17:19 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-27 20:56 --------- d-----w C:\Documents and Settings\carl\Application Data\Apple Computer 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-18 19:57 --------- d-----w C:\Program Files\ETUSB2.0 2008-03-18 19:57 --------- d-----w C:\Program Files\eMPIA-ET 2008-03-11 20:30 --------- d-----w C:\Program Files\Smallvideosoft 2008-03-05 20:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 20:43 --------- d-----w C:\Program Files\Windows Live 2008-03-05 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll 2007-10-09 20:41 87,608 ----a-w C:\Documents and Settings\carl\Application Data\inst.exe 2007-10-09 20:41 47,360 ----a-w C:\Documents and Settings\carl\Application Data\pcouffin.sys 2007-01-01 20:29 26,400 ----a-w C:\Documents and Settings\carl\TB2Categories000.dat 2003-08-27 13:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{297800AF-0F98-48D2-84C9-A88BD70DF719}] 2008-04-19 22:00 275456 --a------ C:\WINDOWS\system32\xxyywUlL.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}] 2008-04-19 21:54 38400 --a------ C:\WINDOWS\system32\urqQjkkH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3730ce0-582d-4b69-883c-613308706456}] 2008-04-03 10:40 1523736 --a------ C:\Program Files\bigmaq2\tbbigm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F3730CE0-582D-4B69-883C-613308706456}"= "C:\Program Files\bigmaq2\tbbigm.dll" [2008-04-03 10:40 1523736] [HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F3730CE0-582D-4B69-883C-613308706456}"= C:\Program Files\bigmaq2\tbbigm.dll [2008-04-03 10:40 1523736] [HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-14 21:44 190024] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "Steam"="c:\program files\steam\steam.exe" [2008-03-31 22:54 1271032] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 65536 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208] "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-06-30 19:29 1179648] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl] "etMonitor"="C:\WINDOWS\etMon.exe" [2005-07-26 12:45 40960] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-07-29 12:07 188416] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 06:49 106544 C:\WINDOWS\system32\tweakui.cpl] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-07 19:50 949376] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768] "ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-05-06 22:01 82432] "BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 03:59 24576] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] C:\Documents and Settings\carl\Start Menu\Programs\Startup\ MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2006-10-16 21:14:20 534016] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\urqQjkkH.dll [2008-04-19 21:54 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjkkH] urqQjkkH.dll 2008-04-19 21:54 38400 C:\WINDOWS\system32\urqQjkkH.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL "vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll "vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll "vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll "vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll "msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm "vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll "vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll "vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll "msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm "msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm "msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm "vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll "vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm "vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll "vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll "vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll "vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll "vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL "vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL "vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL "vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL "vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL "vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll "vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL "vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll "vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll "vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll "vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll "vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll "vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll "vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv "msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm "vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL "vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL "vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL "msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM "vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll "vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll "vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll "vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll "msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm "vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll "vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll "vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll "vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll "vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll "vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv "vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll "vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll "vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL "msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM "vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL "vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL "vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL "vidc.dv25"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.dv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.msmc"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mmjp"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx1"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx2"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx3"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx4"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx5"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx6"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx7"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx8"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mtx9"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "vidc.mmes"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll "msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm "msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm "msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm "msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm "msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm "vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv "vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv "vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll "vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll "vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll "vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm "vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll "vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll "msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm "vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll "vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll "vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll "vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll "vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll "vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll "vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL "vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL "vidc.pim1"= pclepim1.dll "msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm "vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll "vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll "msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm "vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll "vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll "vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll "vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll "msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm "vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll "MSACM.CEGSM"= mobilev.acm "vidc.ffds"= ffdshow.ax "VIDC.MJPG"= Pvmjpg21.dll "msacm.fraunhoferacm"= l3codecp.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Program Files\\burst\\btdownloadheadless.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= C:\Program Files\LimeWire\LimeWire.exe:82.11.218.11/255.255.255.255:Enabled:LimeWire "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Documents and Settings\\carl\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\VirtualDJ\\virtualdj.exe"= "C:\\Program Files\\QuickTime Alternative\\QuickTimePlayer.exe"= "C:\\Program Files\\Steam\\SteamApps\\aaroncurtis\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\Steam.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Hooligans\\Hooligans.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25644:UDP"= 25644:UDP:82.11.218.11/255.255.255.255:Enabled:LimeWire.exe "58210:TCP"= 58210:TCP:utorrent.exe "5000:TCP"= 5000:TCP:utor1 R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22] R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 22:36] R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-08-06 09:46] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-05-04 10:21] R2 MAC_MOT;MAC_MOT;C:\WINDOWS\system32\drivers\MAC_MOT.sys [2003-05-28 04:55] R2 PAR1284;PAR1284;C:\WINDOWS\system32\drivers\PAR1284.sys [2002-03-20 13:46] R3 DCamUSBET;ET USB 2710 Camera;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-07-01 17:14] R3 FiltUSBET;ET USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2005-07-06 11:36] R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-04-14 09:24] R3 ScanUSBET;ET USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-07-01 17:14] S3 Egatebus;Egatebus;C:\WINDOWS\system32\drivers\egatebus.sys [] S3 gtermddo;gtermddo;C:\DOCUME~1\carl\LOCALS~1\Temp\gtermddo.sys [] S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d4dea3-cb38-11da-8f11-806d6172696f}] \Shell\AutoRun\command - G:\fscommand\vividas.exe fscommand\Dora_ep1.viv /xml:8993 /blankscreen:134:228:252 /nosplash /run:main.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edc8f5f7-b2df-11dc-bee7-000c76bb1a5e}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654337083002210 . Contents of the 'Scheduled Tasks' folder "2008-04-18 16:49:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 00:00:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\xxyywUlL.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API scan completed successfully hidden files: 1524 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\urqQjkkH.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-04-24 0:25:30 - machine was rebooted [carl] ComboFix-quarantined-files.txt 2008-04-23 23:24:29 Pre-Run: 27,244,593,152 bytes free Post-Run: 28,192,198,656 bytes free 373 --- E O F --- 2008-04-12 02:07:18