Tech Support Forum - View Single Post - Computer Malware Issue

BoyWonderZ · 06-30-2008, 08:46 PM

Yea I've been slow - travelling for work.

I am running Microsoft Windows XP Home Edition Version 2002 Service Pack 2. I can run the PC in safe mode with networking and it seems to run ok - can access internet and runs at normal speed under the administrator setting, but is awefully slow in safe mode other setting or in normal mode.

Here is the re-run DSS log:

Deckard's System Scanner v20071014.68
Run by Evan Schuman on 2008-06-30 21:39:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Evan Schuman.exe) ----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-30 21:39:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Documents and Settings\Evan Schuman\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi.redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\urqNEUom.dll (file missing)
O2 - BHO: QXK Olive - {4F7764DC-5B4A-44B9-B629-E889E542C545} - C:\WINDOWS\boqnrwdmqed.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: IE - {73AB9095-4904-4C64-83D8-01F9F7DDC41C} - C:\WINDOWS\odunbexu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {D4587915-9514-48A6-8E55-C1770ED17536} - C:\WINDOWS\system32\ssqPhhGX.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: atfxqogp - {6813E51A-D108-4693-972A-0490411C4878} - C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\ac8zt2\atfxqogp.dll (file missing)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [c0a7d64e] rundll32.exe "C:\WINDOWS\system32\qrfyrkio.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp1.csom.umn.edu/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} () - http://www.imagestation.com/common/c...on=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096580807437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169934886966
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: urqNEUom - C:\WINDOWS\system32\urqNEUom.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 15232 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-14 06:55:18 0 d-------- C:\Cleanup programs
2008-06-14 01:51:48 0 d-------- C:\Program Files\Panda Security
2008-06-14 01:25:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 01:25:19 0 d-------- C:\Program Files\Spyware Doctor
2008-06-14 01:25:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-14 01:24:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-14 01:23:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-05 21:21:46 96128 --a------ C:\WINDOWS\system32\qrfyrkio.dll
2008-06-02 19:26:54 0 d--h----- C:\$AVG8.VAULT$
2008-06-02 19:23:43 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 19:23:42 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\AVGTOOLBAR
2008-06-02 19:23:18 0 d-------- C:\Program Files\AVG
2008-06-02 19:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 19:18:04 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\TmpRecentIcons
2008-05-31 09:27:37 371185 --ahs---- C:\WINDOWS\system32\XGhhPqss.ini2
2008-05-31 09:21:44 52 --a------ C:\smp.bat

-- Find3M Report ---------------------------------------------------------------

2008-06-29 18:50:51 0 d-------- C:\Program Files\Starcraft
2008-06-14 08:00:20 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-14 06:56:36 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 22:41:57 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\uTorrent

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}]
C:\WINDOWS\system32\urqNEUom.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F7764DC-5B4A-44B9-B629-E889E542C545}]
C:\WINDOWS\boqnrwdmqed.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73AB9095-4904-4C64-83D8-01F9F7DDC41C}]
C:\WINDOWS\odunbexu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/03/2008 08:16: VIRUS ALERT! 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4587915-9514-48A6-8E55-C1770ED17536}]
C:\WINDOWS\system32\ssqPhhGX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 11:43: VIRUS ALERT!]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43: VIRUS ALERT!]
"P17Helper"="P17.dll" [05/03/2005 19:38: VIRUS ALERT! C:\WINDOWS\SYSTEM32\P17.dll]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 20:15: VIRUS ALERT!]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01: VIRUS ALERT!]
"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [09/23/2003 18:04: VIRUS ALERT!]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 16:12: VIRUS ALERT!]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [11/02/2002 01:33: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 10:21: VIRUS ALERT!]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 20:27: VIRUS ALERT!]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 04:46: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 15:24: VIRUS ALERT!]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [11/25/2005 10:53: VIRUS ALERT!]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 15:41: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/09/2006 07:37: VIRUS ALERT!]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 14:21: VIRUS ALERT!]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!]
"advap32"="C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/03/2008 08:16: VIRUS ALERT!]
"c0a7d64e"="C:\WINDOWS\system32\qrfyrkio.dll" [06/05/2008 21:21: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56: VIRUS ALERT!]
"Sonic RecordNow!"="" []
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 19:16: VIRUS ALERT!]

C:\Documents and Settings\Evan Schuman\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/3/2004 3:49:22 PM]
Color Calibration.lnk - C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe [11/25/2006 9:44:29 PM]
DESKTOP.INI [9/3/2002 9:00:00 AM]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [11/25/2006 9:35:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F26BEDB-D89B-44A1-948B-5D523292DADF}"= C:\WINDOWS\system32\urqNEUom.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEUom]
urqNEUom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3344167508-1604278677-3497227341-1007\Scripts\Logoff\0\0]
"Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntU55.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\obO31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpH33.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqY68.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-06-30 21:44:10 ------------

06-30-2008, 08:46 PM	#5 (permalink)
BoyWonderZ Registered User Join Date: Jun 2008 Posts: 9 OS: WinXP	Re: Computer Malware Issue - "VIRUS ALERT!" Yea I've been slow - travelling for work. I am running Microsoft Windows XP Home Edition Version 2002 Service Pack 2. I can run the PC in safe mode with networking and it seems to run ok - can access internet and runs at normal speed under the administrator setting, but is awefully slow in safe mode other setting or in normal mode. Here is the re-run DSS log: Deckard's System Scanner v20071014.68 Run by Evan Schuman on 2008-06-30 21:39:11 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 86% (more than 75%). Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as Evan Schuman.exe) ---------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-30 21:39:33 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\SYSTEM32\services.exe C:\WINDOWS\SYSTEM32\lsass.exe C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SYSTEM32\spoolsv.exe C:\Program Files\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\SYSTEM32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SYSTEM32\MsPMSPSv.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\D-Link\Air Utility\AirCFG.exe C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Razer\Copperhead\razerhid.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Razer\Copperhead\razerofa.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\SYSTEM32\rundll32.exe C:\WINDOWS\SYSTEM32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\WINDOWS\SYSTEM32\wuauclt.exe C:\Program Files\AVG\AVG8\avgupd.exe C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe C:\Program Files\SEC\Natural Color Pro\NCProTray.exe C:\Documents and Settings\Evan Schuman\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi.redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\WINDOWS\system32\urqNEUom.dll (file missing) O2 - BHO: QXK Olive - {4F7764DC-5B4A-44B9-B629-E889E542C545} - C:\WINDOWS\boqnrwdmqed.dll (file missing) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: IE - {73AB9095-4904-4C64-83D8-01F9F7DDC41C} - C:\WINDOWS\odunbexu.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O2 - BHO: (no name) - {D4587915-9514-48A6-8E55-C1770ED17536} - C:\WINDOWS\system32\ssqPhhGX.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: atfxqogp - {6813E51A-D108-4693-972A-0490411C4878} - C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\ac8zt2\atfxqogp.dll (file missing) O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [c0a7d64e] rundll32.exe "C:\WINDOWS\system32\qrfyrkio.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: NCProTray.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://qp1.csom.umn.edu/qp2.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} () - http://www.imagestation.com/common/c...on=4,3,2,20802 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096580807437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169934886966 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.adoramapix.com/components/ImageUploader3.cab O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: urqNEUom - C:\WINDOWS\system32\urqNEUom.dll (file missing) O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 -- End of file - 15232 bytes -- Files created between 2008-05-30 and 2008-06-30 ----------------------------- 2008-06-14 06:55:18 0 d-------- C:\Cleanup programs 2008-06-14 01:51:48 0 d-------- C:\Program Files\Panda Security 2008-06-14 01:25:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-14 01:25:19 0 d-------- C:\Program Files\Spyware Doctor 2008-06-14 01:25:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2008-06-14 01:24:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-06-14 01:23:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-06-05 21:21:46 96128 --a------ C:\WINDOWS\system32\qrfyrkio.dll 2008-06-02 19:26:54 0 d--h----- C:\$AVG8.VAULT$ 2008-06-02 19:23:43 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-02 19:23:42 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\AVGTOOLBAR 2008-06-02 19:23:18 0 d-------- C:\Program Files\AVG 2008-06-02 19:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-02 19:18:04 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\TmpRecentIcons 2008-05-31 09:27:37 371185 --ahs---- C:\WINDOWS\system32\XGhhPqss.ini2 2008-05-31 09:21:44 52 --a------ C:\smp.bat -- Find3M Report --------------------------------------------------------------- 2008-06-29 18:50:51 0 d-------- C:\Program Files\Starcraft 2008-06-14 08:00:20 0 d-------- C:\Program Files\Symantec AntiVirus 2008-06-14 06:56:36 0 d-------- C:\Program Files\SpywareBlaster 2008-05-18 22:41:57 0 d-------- C:\Documents and Settings\Evan Schuman\Application Data\uTorrent -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F26BEDB-D89B-44A1-948B-5D523292DADF}] C:\WINDOWS\system32\urqNEUom.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F7764DC-5B4A-44B9-B629-E889E542C545}] C:\WINDOWS\boqnrwdmqed.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73AB9095-4904-4C64-83D8-01F9F7DDC41C}] C:\WINDOWS\odunbexu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 06/03/2008 08:16: VIRUS ALERT! 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4587915-9514-48A6-8E55-C1770ED17536}] C:\WINDOWS\system32\ssqPhhGX.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/11/2004 11:43: VIRUS ALERT!] "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43: VIRUS ALERT!] "P17Helper"="P17.dll" [05/03/2005 19:38: VIRUS ALERT! C:\WINDOWS\SYSTEM32\P17.dll] "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 20:15: VIRUS ALERT!] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01: VIRUS ALERT!] "D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [09/23/2003 18:04: VIRUS ALERT!] "ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [08/21/2003 16:12: VIRUS ALERT!] "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [11/02/2002 01:33: VIRUS ALERT!] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 10:21: VIRUS ALERT!] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 20:27: VIRUS ALERT!] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [03/15/2005 04:46: VIRUS ALERT!] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 15:24: VIRUS ALERT!] "Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [11/25/2005 10:53: VIRUS ALERT!] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 15:41: VIRUS ALERT!] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/09/2006 07:37: VIRUS ALERT!] "ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 14:21: VIRUS ALERT!] "@"="" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16: VIRUS ALERT!] "advap32"="C:\DOCUME~1\EVANSC~1\LOCALS~1\Temp\rbnpsrv.exe/r" [] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/03/2008 08:16: VIRUS ALERT!] "c0a7d64e"="C:\WINDOWS\system32\qrfyrkio.dll" [06/05/2008 21:21: VIRUS ALERT!] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24: VIRUS ALERT!] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56: VIRUS ALERT!] "Sonic RecordNow!"="" [] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 19:16: VIRUS ALERT!] C:\Documents and Settings\Evan Schuman\Start Menu\Programs\Startup\ DESKTOP.INI [9/3/2002 9:00:00 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/3/2004 3:49:22 PM] Color Calibration.lnk - C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe [11/25/2006 9:44:29 PM] DESKTOP.INI [9/3/2002 9:00:00 AM] NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [11/25/2006 9:35:34 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) "DisableRegistryTools"=1 (0x1) "NoDispCPL"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"=1 (0x1) "StartMenuLogoff"=1 (0x1) "NoStartMenuMorePrograms"=1 (0x1) "NoSetFolders"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F26BEDB-D89B-44A1-948B-5D523292DADF}"= C:\WINDOWS\system32\urqNEUom.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqNEUom] urqNEUom.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] WinCtrl32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3344167508-1604278677-3497227341-1007\Scripts\Logoff\0\0] "Script"=C:\Program Files\Automatic Windows Internet Washer\xp.cmd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntU55.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\obO31.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpH33.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqY68.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-06-30 21:44:10 ------------