A few days ago I ran an exe I'd downloaded and think I've landed myself with vundo. I'd scanned the file with AVG but it came up clean. Ditched AVG for BitDefender when I noticed I had problems:
FF and IE both refuse to load google results pages, also sites like facebook/myspace/yahoo/hotmail etc. never load. Have the odd pop-up too. PC runs at a snails pace, seems to be due mainly to the lsass.exe process eating 50-99% of my CPU.)
BitDefender found the infected files but couldn't move/delete/heal a couple of them.
DSS log is below, thanks in advance for any help.
Deckard's System Scanner v20071014.68
Run by Dave on 2008-07-14 16:30:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
28: 2008-07-14 15:34:43 UTC - RP948 - Deckard's System Scanner Restore Point
27: 2008-07-14 13:32:16 UTC - RP947 - Windows Update V4
26: 2008-07-13 15:26:49 UTC - RP946 - Avira AntiVir Personal - 13/07/2008 16:22
25: 2008-07-12 16:40:24 UTC - RP945 - Installed BitDefender Free Edition v10
24: 2008-07-12 16:02:55 UTC - RP944 - Last known good configuration
-- First Restore Point --
1: 2008-07-12 16:02:34 UTC - RP921 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 1.43 GiB (less than 15%) free.
-- HijackThis (run as Dave.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:44, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Apache2\bin\Apache.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {3785A31A-8624-470D-A5AF-2028A270FB5A} - C:\WINDOWS\system32\mlJApMcB.dll (file missing)
O2 - BHO: {79d91f6d-1252-6ba8-bf54-4c807dc45634} - {43654cd7-08c4-45fb-8ab6-2521d6f19d97} - C:\WINDOWS\system32\rqykhj.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {788629AF-89BB-40CC-825C-44170578E2CC} - C:\WINDOWS\system32\qoMcbAsQ.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {D5C4454E-D035-48EC-87B9-B113D3EF8CA0} - C:\WINDOWS\system32\rqRKBSLd.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Prolific_PLUtil] C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a04c589b] rundll32.exe "C:\WINDOWS\system32\rurkvboq.dll",b
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BMa37f6b07] Rundll32.exe "C:\WINDOWS\system32\oqdebjri.dll",s
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache2\bin\ApacheMonitor.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.karoo.co.uk
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su2/CTL_V020...5030/CTPID.cab
O20 - Winlogon Notify: qoMcbAsQ - C:\WINDOWS\SYSTEM32\qoMcbAsQ.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Apache2\bin\Apache.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MySql (MySQL) - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 11813 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080713-182916-289 O2 - BHO: (no name) - {788629AF-89BB-40CC-825C-44170578E2CC} - C:\WINDOWS\system32\qoMcbAsQ.dll
backup-20080713-182932-507 O20 - Winlogon Notify: qoMcbAsQ - C:\WINDOWS\SYSTEM32\qoMcbAsQ.dll
backup-20080713-183904-517 O2 - BHO: (no name) - {3785A31A-8624-470D-A5AF-2028A270FB5A} - C:\WINDOWS\system32\mlJApMcB.dll (file missing)
backup-20080713-183904-619 O20 - Winlogon Notify: qoMcbAsQ - C:\WINDOWS\SYSTEM32\qoMcbAsQ.dll
backup-20080713-183904-810 O2 - BHO: (no name) - {31CD5253-98CB-4B4F-A98A-3066911F55F2} - C:\WINDOWS\system32\urqPgdcd.dll (file missing)
backup-20080713-183904-924 O2 - BHO: (no name) - {788629AF-89BB-40CC-825C-44170578E2CC} - C:\WINDOWS\system32\qoMcbAsQ.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 PLFF (USB Flash Disk Driver) - c:\windows\system32\drivers\plff.sys <Not Verified; Prolific Technology Inc.; Prolific Flash Disk>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 ISODrive (ISO CD-ROM Device Driver) - c:\program files\ultraiso\drivers\isodrive.sys <Not Verified; EZB Systems, Inc.; ISODrive>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 PEEK5 (PEEK5 Protocol Driver) - c:\docume~1\dave\desktop\aircra~1.9-w\bin\peek5.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apache2 - "c:\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 C-DillaSrv - c:\windows\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 MySQL - c:/mysql/bin/mysqld-nt.exe
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>
S4 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1068&SUBSYS_01A41028&REV_03\4&2FA23535&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1068&SUBSYS_01A41028&REV_03\4&2FA23535&0&40F0
Service: E100B
-- Scheduled Tasks -------------------------------------------------------------
2008-07-14 02:27:01 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-10 17:51:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-14 and 2008-07-14 -----------------------------
2008-07-14 14:28:41 0 d-------- C:\WUTemp
2008-07-14 01:43:34 0 d-------- C:\Program Files\Panda Security
2008-07-14 00:42:10 78848 --a------ C:\WINDOWS\system32\rurkvboq.dll
2008-07-13 23:33:36 103424 --a------ C:\WINDOWS\system32\rqykhj.dll
2008-07-13 23:33:33 103424 --a------ C:\WINDOWS\system32\qlkcovhp.dll
2008-07-13 23:30:33 91648 --a------ C:\WINDOWS\system32\oqdebjri.dll
2008-07-13 23:27:32 639810 --ahs---- C:\WINDOWS\system32\dLSBKRqr.ini2
2008-07-13 23:27:14 320000 --a------ C:\WINDOWS\system32\rqRKBSLd.dll
2008-07-13 17:58:33 0 d-------- C:\Program Files\Trend Micro
2008-07-13 16:29:04 0 d-------- C:\Program Files\Avira
2008-07-13 16:29:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-13 12:03:14 0 d-------- C:\Program Files\Enigma Software Group
2008-07-12 17:02:24 594179 --ahs---- C:\WINDOWS\system32\BcMpAJlm.ini2
2008-07-12 15:38:20 0 d-------- C:\Program Files\GiPo@Utilities
2008-07-12 15:38:20 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-07-12 11:53:39 0 d-------- C:\Documents and Settings\Dave\Application Data\Bitdefender
2008-07-12 01:17:27 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-12 01:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-12 00:44:47 0 d-------- C:\Program Files\Belkin
2008-07-11 22:58:25 0 d-------- C:\Documents and Settings\Dave\Application Data\MailFrontier
2008-07-11 22:34:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-11 22:28:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-11 22:28:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-11 22:28:42 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-11 22:09:22 1379872 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 21:57:14 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-11 21:54:28 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-07-11 21:53:34 0 d-------- C:\WINDOWS\Internet Logs
2008-07-11 21:10:27 0 d-------- C:\Program Files\shcc4cj0ep5g
2008-07-11 21:07:27 0 d-------- C:\Documents and Settings\Dave\.housecall6.6
2008-07-11 20:58:51 584302 --ahs---- C:\WINDOWS\system32\HQBLlnpo.ini2
2008-07-11 20:36:31 0 d-------- C:\Program Files\Belkin(2)
2008-07-11 19:58:00 0 d-------- C:\Documents and Settings\Dave\Application Data\Uniblue
2008-07-11 19:57:33 0 d-------- C:\Program Files\Uniblue
2008-07-11 17:48:40 0 d-------- C:\Program Files\Windows Defender
2008-07-11 12:15:12 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-07-10 14:51:43 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-07-10 14:51:23 601117 --ahs---- C:\WINDOWS\system32\dcdgPqru.ini2
2008-07-10 14:45:53 26112 --a------ C:\WINDOWS\system32\qoMcbAsQ.dll
2008-06-21 14
00 0 d-------- C:\Documents and Settings\Dave\Application Data\Gencontrol
2008-06-20 13:07:36 0 d-------- C:\Program Files\America's Army Server Manager
2008-06-17 11:07:38 0 d-------- C:\WINDOWS\A8B9466986544126BD28D0D2412CDED6.TMP
2008-06-16 11:46:40 0 d-------- C:\Documents and Settings\All Users\Application Data\CCP
-- Find3M Report ---------------------------------------------------------------
2008-07-14 14:07:06 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-12 16:11:43 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2008-07-12 15:38:20 0 d-------- C:\Program Files\Common Files
2008-07-12 02:05:29 0 d-------- C:\Program Files\CureROM
2008-07-12 00:44:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-11 20:55:49 0 d-------- C:\Documents and Settings\Dave\Application Data\AVG7
2008-06-20 12:26:20 0 d-------- C:\Program Files\Sierra
2008-06-17 11:15:21 0 d-------- C:\Program Files\Terragen
2008-06-12 17:36:50 0 d-------- C:\Program Files\Common Files\DeskShare Shared
2008-06-12 17:36:31 0 d-------- C:\Documents and Settings\Dave\Application Data\STOIK
2008-06-12 17:35:28 0 d-------- C:\Program Files\STOIK Imaging
2008-05-30 09:31:15 0 d-------- C:\Program Files\Rockstar Games
2008-05-24 15:26:36 0 d-------- C:\Documents and Settings\Dave\Application Data\Real
2008-05-24 14:58:40 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-24 14:58:30 0 d-------- C:\Program Files\Common Files\Real
2008-05-24 14:56:59 0 d-------- C:\Program Files\Real
2008-05-06 13:28:58 45176 --a----c- C:\Documents and Settings\Dave\Application Data\GDIPFONTCACHEV1.DAT
2008-04-25 19:52:17 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3785A31A-8624-470D-A5AF-2028A270FB5A}]
C:\WINDOWS\system32\mlJApMcB.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43654cd7-08c4-45fb-8ab6-2521d6f19d97}]
13/07/2008 23:33 103424 --a------ C:\WINDOWS\system32\rqykhj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{788629AF-89BB-40CC-825C-44170578E2CC}]
10/07/2008 14:45 26112 --a------ C:\WINDOWS\system32\qoMcbAsQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5C4454E-D035-48EC-87B9-B113D3EF8CA0}]
13/07/2008 23:27 320000 --a------ C:\WINDOWS\system32\rqRKBSLd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [13/05/2004 16:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [14/05/2004 06:35]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [09/12/2004 19:58]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15/04/2008 09:09]
"Prolific_PLUtil"="C:\Program Files\Prolific\USB Flash Disk Utility\PLBkMon.exe" [18/02/2004 18:26]
"PLFFAP"="C:\WINDOWS\system32\HotfixQ0306270.exe" [05/08/2003 10:43]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [28/06/2006 18:01]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 22:32]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/07/2008 09:05]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [19/06/2008 16:48]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/08/2004 11:00]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06]
"a04c589b"="C:\WINDOWS\system32\rurkvboq.dll" [14/07/2008 00:42]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [14/10/2005 14:49]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [14/10/2005 14:46]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [14/10/2005 14:50]
"BMa37f6b07"="C:\WINDOWS\system32\oqdebjri.dll" [13/07/2008 23:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [30/11/2005 20:31]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [28/06/2005 21:41:21]
Monitor Apache Servers.lnk - C:\Apache2\bin\ApacheMonitor.exe [10/02/2005 06:12:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{788629AF-89BB-40CC-825C-44170578E2CC}"= C:\WINDOWS\system32\qoMcbAsQ.dll [10/07/2008 14:45 26112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMcbAsQ]
qoMcbAsQ.dll 10/07/2008 14:45 26112 C:\WINDOWS\system32\qoMcbAsQ.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRKBSLd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a04c589b]
rundll32.exe "C:\WINDOWS\system32\duqtnphw.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlarmWiz]
C:\Program Files\AlarmWiz\alarmwiz.exe startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMa37f6b07]
Rundll32.exe "C:\WINDOWS\system32\hhxkraex.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
"C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
"C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
C:\Program Files\TGTSoft\StyleXP\Skins\Glass2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
c:\program files\n-case\msbb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
C:\Program Files\Rainlendar2\Rainlendar2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\valve\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"bgsvcgen"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Setup.exe
*Newly Created Service* - PAVBOOT
-- End of Deckard's System Scanner: finished at 2008-07-14 16:51:24 ------------