Tech Support Forum - View Single Post

Smiley!RU · 10-02-2006, 07:24 PM

Thank you so much!!!! I think I followed all the directions. So here's hoping.
Lauri Friedman - 06-10-02 19:24:36.25 Service Pack 2

Combofix #1

ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Lauri Friedman\desktop"
Command switches used :: /v pmkhg aaephdhc vtuurrr bdtvmmg oziachd wdtypq qhnazte jxjralh yrynacj yrfkvun qdjwten wbobtal

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\aaephdhc.dll
C:\WINDOWS\system32\bdtvmmg.dll
C:\WINDOWS\system32\oziachd.dll
C:\WINDOWS\system32\wdtypq.dll
C:\WINDOWS\system32\qhnazte.dll
C:\WINDOWS\system32\jxjralh.dll
C:\WINDOWS\system32\yrynacj.dll
C:\WINDOWS\system32\yrfkvun.dll
C:\WINDOWS\system32\qdjwten.dll
C:\WINDOWS\system32\wbobtal.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.bak2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ghkmp.tmp

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\outlook
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3CA55C44-08CD-1033-0913-020403020001}
C:\Program Files\Common Files\{3CA55C44-08CE-1033-0913-020403020001}

((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))

2006-10-01 18:39 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2006-10-01 17:37 94,208 --a------ C:\WINDOWS\system32\sckojod.dll
2006-10-01 17:37 72,704 --a------ C:\WINDOWS\system32\xixoodd.dll
2006-09-30 15:07 94,208 --a------ C:\WINDOWS\system32\gipvamn.dll
2006-09-30 07:42 93,696 --a------ C:\WINDOWS\system32\ghyklvm.dll
2006-09-30 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-28 13:01 93,696 --a------ C:\WINDOWS\system32\zqxdreb.dll
2006-09-28 11:10 94,208 --a------ C:\WINDOWS\system32\gjzcygd.dll
2006-09-28 09:59 45,525 --a------ C:\WINDOWS\system32\fumsjwle.dll
2006-09-28 09:59 143,380 --a------ C:\WINDOWS\system32\ykjoujdv.exe
2006-09-28 09:10 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-28 09:08 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-28 09:08 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-28 09:04 93,696 --a------ C:\WINDOWS\system32\vrpjlwl.dll
2006-09-27 21:59 94,208 --a------ C:\WINDOWS\system32\asxgtee.dll
2006-09-27 09:18 93,696 --a------ C:\WINDOWS\system32\llcljnl.dll
2006-09-27 09:18 37,189 ---hs---- C:\WINDOWS\system32\fccbxvt.dll
2006-09-26 20:43 93,696 --a------ C:\WINDOWS\system32\aduoswl.dll
2006-09-26 15:40 4 --a------ C:\WINDOWS\system32\micro.dll
2006-09-26 15:07 4 --a------ C:\WINDOWS\system32\mjcrost.dll
2006-09-26 14:15 45,525 --a------ C:\WINDOWS\system32\tqoomify.dll
2006-09-26 14:15 143,380 --a------ C:\WINDOWS\system32\uxrwqlob.exe
2006-09-26 14:01 93,696 --a------ C:\WINDOWS\system32\ixfivgg.dll
2006-09-26 12:30 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll
2006-09-26 12:28 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-26 12:28 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-26 12:28 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 13:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 13:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-17 22:49 163,599 --a------ C:\WINDOWS\psuninst2.exe
2006-09-17 22:09 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-09-17 22:09 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-09-14 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-14 19:16 32,304 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-09-14 19:16 25,136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-09-14 19:16 103,984 --a------ C:\WINDOWS\system32\AOLDial.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-02 19:25 -------- d-------- C:\Program Files\Common Files
2006-10-01 18:39 -------- d-------- C:\Program Files\mcafee.com
2006-10-01 15:02 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AOL
2006-09-30 07:36 -------- d-------- C:\Program Files\AOL
2006-09-30 07:32 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-28 11:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-28 11:01 -------- d-------- C:\Program Files\Symantec
2006-09-28 11:01 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-27 20:05 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-26 15:46 -------- d-------- C:\Program Files\DVD Shrink
2006-09-26 15:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-09-26 14:23 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\SearchToolbarCorp
2006-09-26 14:15 -------- d-------- C:\Program Files\VSToolbar
2006-09-26 12:30 -------- d-------- C:\Program Files\Super DVD Copy
2006-09-26 12:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-26 11:20 -------- d-------- C:\Program Files\DivX
2006-09-23 12:13 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\acccore
2006-09-20 15:26 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AdobeUM
2006-09-20 15:24 -------- d-------- C:\Program Files\Fish Aquarium 3D Screensaver
2006-09-17 22:13 -------- d---s---- C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft
2006-09-17 22:10 2508 --a------ C:\Documents and Settings\Lauri Friedman\Application Data\$_hpcst$.hpc
2006-09-17 22:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-13 20:21 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 01:33 -------- d-------- C:\Program Files\BearShare
2006-09-05 19:53 -------- d-------- C:\Program Files\America Online 9.0
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 11:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-11 23:30 -------- d-------- C:\Program Files\Internet Explorer
2006-08-11 12:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 12:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 12:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 12:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 12:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 12:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 12:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 12:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 12:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 12:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 12:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 12:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\judi\\EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P30 \"\\\\judi\\EPSON Stylus C66 Series\" /M \"Stylus C66\" /EF \"HKCU\""
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~3\\wcescomm.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"AOL Fast Start"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"Auto EPSON Stylus C66 Series on judi"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P36 \"Auto EPSON Stylus C66 Series on judi\" /O12 \"\\\\JUDI\\Epson\" /M \"Stylus C66\""
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce"
"aduoswl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\aduoswl.dll,iihnsh"
"llcljnl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\llcljnl.dll,gnhurwd"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"asxgtee.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\asxgtee.dll,vjyuxvd"
"vrpjlwl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\vrpjlwl.dll,cjhiytd"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"gjzcygd.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gjzcygd.dll,vvjante"
"zqxdreb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\zqxdreb.dll,wviaqgb"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\SSCRun.exe"
"ghyklvm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ghyklvm.dll,zmtsglb"
"gipvamn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gipvamn.dll,mmkwvrd"
"sckojod.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\sckojod.dll,xuqdex"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoDriveAutoRun"=hex:ff,ff,ff,03

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000001
"BackupNoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLSPScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus C66 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2S1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P23 \"EPSON Stylus C66 Series\" /O5 \"LPT1:\" /M \"Stylus C66\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sscRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSCRun"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkhf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (LAURI-Lauri Friedman).job

Completion time: Mon 10/02/2006 19:27:16.37
ComboFix.txt

Rapport

SmitFraudFix v2.104

Scan done at 19:38:23.34, Mon 10/02/2006
Run from C:\Documents and Settings\Lauri Friedman\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk Deleted
C:\DOCUME~1\LAURIF~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Combo Fix #2

Lauri Friedman - 06-10-02 19:48:50.87 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Lauri Friedman\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))

2006-10-02 19:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-02 19:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-02 19:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-02 19:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-01 18:39 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2006-10-01 17:37 94,208 --a------ C:\WINDOWS\system32\sckojod.dll
2006-10-01 17:37 72,704 --a------ C:\WINDOWS\system32\xixoodd.dll
2006-09-30 15:07 94,208 --a------ C:\WINDOWS\system32\gipvamn.dll
2006-09-30 07:42 93,696 --a------ C:\WINDOWS\system32\ghyklvm.dll
2006-09-30 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-09-28 13:01 93,696 --a------ C:\WINDOWS\system32\zqxdreb.dll
2006-09-28 11:10 94,208 --a------ C:\WINDOWS\system32\gjzcygd.dll
2006-09-28 09:59 45,525 --a------ C:\WINDOWS\system32\fumsjwle.dll
2006-09-28 09:59 143,380 --a------ C:\WINDOWS\system32\ykjoujdv.exe
2006-09-28 09:10 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-28 09:08 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-28 09:08 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-28 09:04 93,696 --a------ C:\WINDOWS\system32\vrpjlwl.dll
2006-09-27 21:59 94,208 --a------ C:\WINDOWS\system32\asxgtee.dll
2006-09-27 09:18 93,696 --a------ C:\WINDOWS\system32\llcljnl.dll
2006-09-27 09:18 37,189 ---hs---- C:\WINDOWS\system32\fccbxvt.dll
2006-09-26 20:43 93,696 --a------ C:\WINDOWS\system32\aduoswl.dll
2006-09-26 15:40 4 --a------ C:\WINDOWS\system32\micro.dll
2006-09-26 15:07 4 --a------ C:\WINDOWS\system32\mjcrost.dll
2006-09-26 14:15 45,525 --a------ C:\WINDOWS\system32\tqoomify.dll
2006-09-26 14:15 143,380 --a------ C:\WINDOWS\system32\uxrwqlob.exe
2006-09-26 14:01 93,696 --a------ C:\WINDOWS\system32\ixfivgg.dll
2006-09-26 12:30 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll
2006-09-26 12:28 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-26 12:28 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-26 12:28 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-09-18 13:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-09-18 13:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-17 22:49 163,599 --a------ C:\WINDOWS\psuninst2.exe
2006-09-17 22:09 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-09-17 22:09 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-09-14 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-14 19:16 32,304 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-09-14 19:16 25,136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-09-14 19:16 103,984 --a------ C:\WINDOWS\system32\AOLDial.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-02 19:25 -------- d-------- C:\Program Files\Common Files
2006-10-01 18:39 -------- d-------- C:\Program Files\mcafee.com
2006-10-01 15:02 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AOL
2006-09-30 07:36 -------- d-------- C:\Program Files\AOL
2006-09-30 07:32 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-28 11:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-28 11:01 -------- d-------- C:\Program Files\Symantec
2006-09-28 11:01 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-27 20:05 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-26 15:46 -------- d-------- C:\Program Files\DVD Shrink
2006-09-26 15:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-09-26 14:23 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\SearchToolbarCorp
2006-09-26 14:15 -------- d-------- C:\Program Files\VSToolbar
2006-09-26 12:30 -------- d-------- C:\Program Files\Super DVD Copy
2006-09-26 12:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-26 11:20 -------- d-------- C:\Program Files\DivX
2006-09-23 12:13 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\acccore
2006-09-20 15:26 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AdobeUM
2006-09-20 15:24 -------- d-------- C:\Program Files\Fish Aquarium 3D Screensaver
2006-09-17 22:13 -------- d---s---- C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft
2006-09-17 22:10 2508 --a------ C:\Documents and Settings\Lauri Friedman\Application Data\$_hpcst$.hpc
2006-09-17 22:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-13 20:21 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-08 01:33 -------- d-------- C:\Program Files\BearShare
2006-09-05 19:53 -------- d-------- C:\Program Files\America Online 9.0
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 11:07 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-11 23:30 -------- d-------- C:\Program Files\Internet Explorer
2006-08-11 12:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-08-11 12:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-08-11 12:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-08-11 12:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-08-11 12:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 12:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-08-11 12:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-08-11 12:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-08-11 12:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-08-11 12:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-11 12:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-08-11 12:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\judi\\EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P30 \"\\\\judi\\EPSON Stylus C66 Series\" /M \"Stylus C66\" /EF \"HKCU\""
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~3\\wcescomm.exe\""
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"AOL Fast Start"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
"EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
"Auto EPSON Stylus C66 Series on judi"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P36 \"Auto EPSON Stylus C66 Series on judi\" /O12 \"\\\\JUDI\\Epson\" /M \"Stylus C66\""
"MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce"
"aduoswl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\aduoswl.dll,iihnsh"
"llcljnl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\llcljnl.dll,gnhurwd"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"asxgtee.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\asxgtee.dll,vjyuxvd"
"vrpjlwl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\vrpjlwl.dll,cjhiytd"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"gjzcygd.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gjzcygd.dll,vvjante"
"zqxdreb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\zqxdreb.dll,wviaqgb"
"AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe"
"sscRun"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\SSCRun.exe"
"ghyklvm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ghyklvm.dll,zmtsglb"
"gipvamn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gipvamn.dll,mmkwvrd"
"sckojod.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\sckojod.dll,xuqdex"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoDriveAutoRun"=hex:ff,ff,ff,03

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000001
"BackupNoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ANIWZCS2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WZCSLDR2"
"hkey"="HKLM"
"command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLSPScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus C66 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I2S1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P23 \"EPSON Stylus C66 Series\" /O5 \"LPT1:\" /M \"Stylus C66\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sscRun]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSCRun"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkhf

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Update Check (LAURI-Lauri Friedman).job

Completion time: Mon 10/02/2006 19:49:28.48
ComboFix.txt
ComboFix2.txt

Panda

Incident Status Location

Adware:adware/commandertoolbar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/ipbill Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@ad.yieldmanager[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@as-us.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@belnk[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@c.enhance[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@dist.belnk[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@drivecleaner[2].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@malwarewipe[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@microsoftwga.112.2o7[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@target[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@www.drivecleaner[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lauri Friedman\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fccbxvt.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 8:24:06 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\AOL\1133585381\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Common Files\AOL\1133585381\ee\aolsoftware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1133585381\ee\SSCEvtHdlr.exe
C:\Documents and Settings\Lauri Friedman\Desktop\Hijack This\Smiley!RU.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/main/tellmemore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44D21278-3586-87D8-CC58-0B815CF89524} - C:\WINDOWS\system32\xixoodd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll (file missing)
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus C66 Series on judi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P36 "Auto EPSON Stylus C66 Series on judi" /O12 "\\JUDI\Epson" /M "Stylus C66"
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133585381\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [aduoswl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\aduoswl.dll,iihnsh
O4 - HKLM\..\Run: [llcljnl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\llcljnl.dll,gnhurwd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [asxgtee.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\asxgtee.dll,vjyuxvd
O4 - HKLM\..\Run: [vrpjlwl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\vrpjlwl.dll,cjhiytd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gjzcygd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gjzcygd.dll,vvjante
O4 - HKLM\..\Run: [zqxdreb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zqxdreb.dll,wviaqgb
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1133585381\ee\SSCRun.exe
O4 - HKLM\..\Run: [ghyklvm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ghyklvm.dll,zmtsglb
O4 - HKLM\..\Run: [gipvamn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gipvamn.dll,mmkwvrd
O4 - HKLM\..\Run: [sckojod.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sckojod.dll,xuqdex
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [\\judi\EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P30 "\\judi\EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/1,0,1,0/McUpdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O20 - Winlogon Notify: awtsqpn - awtsqpn.dll (file missing)
O20 - Winlogon Notify: nnnmkhf - nnnmkhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

10-02-2006, 07:24 PM	#4 (permalink)
Smiley!RU Registered User Join Date: Sep 2006 Posts: 5 OS: xp `	Next posting Thank you so much!!!! I think I followed all the directions. So here's hoping. Lauri Friedman - 06-10-02 19:24:36.25 Service Pack 2 Combofix #1 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Lauri Friedman\desktop" Command switches used :: /v pmkhg aaephdhc vtuurrr bdtvmmg oziachd wdtypq qhnazte jxjralh yrynacj yrfkvun qdjwten wbobtal (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\aaephdhc.dll C:\WINDOWS\system32\bdtvmmg.dll C:\WINDOWS\system32\oziachd.dll C:\WINDOWS\system32\wdtypq.dll C:\WINDOWS\system32\qhnazte.dll C:\WINDOWS\system32\jxjralh.dll C:\WINDOWS\system32\yrynacj.dll C:\WINDOWS\system32\yrfkvun.dll C:\WINDOWS\system32\qdjwten.dll C:\WINDOWS\system32\wbobtal.dll C:\WINDOWS\system32\ghkmp.bak1 C:\WINDOWS\system32\ghkmp.bak2 C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\ghkmp.ini2 C:\WINDOWS\system32\ghkmp.tmp * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\Program Files\outlook C:\WINDOWS\system32\components C:\Program Files\Common Files\{3CA55C44-08CD-1033-0913-020403020001} C:\Program Files\Common Files\{3CA55C44-08CE-1033-0913-020403020001} ((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 )))))))))))))))))))))))))))))))))) 2006-10-01 18:39 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys 2006-10-01 17:37 94,208 --a------ C:\WINDOWS\system32\sckojod.dll 2006-10-01 17:37 72,704 --a------ C:\WINDOWS\system32\xixoodd.dll 2006-09-30 15:07 94,208 --a------ C:\WINDOWS\system32\gipvamn.dll 2006-09-30 07:42 93,696 --a------ C:\WINDOWS\system32\ghyklvm.dll 2006-09-30 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-09-28 13:01 93,696 --a------ C:\WINDOWS\system32\zqxdreb.dll 2006-09-28 11:10 94,208 --a------ C:\WINDOWS\system32\gjzcygd.dll 2006-09-28 09:59 45,525 --a------ C:\WINDOWS\system32\fumsjwle.dll 2006-09-28 09:59 143,380 --a------ C:\WINDOWS\system32\ykjoujdv.exe 2006-09-28 09:10 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2006-09-28 09:08 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-09-28 09:08 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-28 09:04 93,696 --a------ C:\WINDOWS\system32\vrpjlwl.dll 2006-09-27 21:59 94,208 --a------ C:\WINDOWS\system32\asxgtee.dll 2006-09-27 09:18 93,696 --a------ C:\WINDOWS\system32\llcljnl.dll 2006-09-27 09:18 37,189 ---hs---- C:\WINDOWS\system32\fccbxvt.dll 2006-09-26 20:43 93,696 --a------ C:\WINDOWS\system32\aduoswl.dll 2006-09-26 15:40 4 --a------ C:\WINDOWS\system32\micro.dll 2006-09-26 15:07 4 --a------ C:\WINDOWS\system32\mjcrost.dll 2006-09-26 14:15 45,525 --a------ C:\WINDOWS\system32\tqoomify.dll 2006-09-26 14:15 143,380 --a------ C:\WINDOWS\system32\uxrwqlob.exe 2006-09-26 14:01 93,696 --a------ C:\WINDOWS\system32\ixfivgg.dll 2006-09-26 12:30 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll 2006-09-26 12:28 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2006-09-26 12:28 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2006-09-26 12:28 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-09-18 13:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-09-18 13:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-17 22:49 163,599 --a------ C:\WINDOWS\psuninst2.exe 2006-09-17 22:09 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2006-09-17 22:09 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2006-09-14 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe 2006-09-14 19:16 32,304 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys 2006-09-14 19:16 25,136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys 2006-09-14 19:16 103,984 --a------ C:\WINDOWS\system32\AOLDial.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-02 19:25 -------- d-------- C:\Program Files\Common Files 2006-10-01 18:39 -------- d-------- C:\Program Files\mcafee.com 2006-10-01 15:02 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AOL 2006-09-30 07:36 -------- d-------- C:\Program Files\AOL 2006-09-30 07:32 -------- d-------- C:\Program Files\Common Files\AOL 2006-09-28 11:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-09-28 11:01 -------- d-------- C:\Program Files\Symantec 2006-09-28 11:01 -------- d-------- C:\Program Files\Norton SystemWorks 2006-09-27 20:05 -------- d-------- C:\Program Files\Common Files\Ahead 2006-09-26 15:46 -------- d-------- C:\Program Files\DVD Shrink 2006-09-26 15:07 -------- d-------- C:\Program Files\Ultimate Cleaner 2006-09-26 14:23 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\SearchToolbarCorp 2006-09-26 14:15 -------- d-------- C:\Program Files\VSToolbar 2006-09-26 12:30 -------- d-------- C:\Program Files\Super DVD Copy 2006-09-26 12:03 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-26 11:20 -------- d-------- C:\Program Files\DivX 2006-09-23 12:13 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\acccore 2006-09-20 15:26 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AdobeUM 2006-09-20 15:24 -------- d-------- C:\Program Files\Fish Aquarium 3D Screensaver 2006-09-17 22:13 -------- d---s---- C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft 2006-09-17 22:10 2508 --a------ C:\Documents and Settings\Lauri Friedman\Application Data\$_hpcst$.hpc 2006-09-17 22:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-13 20:21 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-08 01:33 -------- d-------- C:\Program Files\BearShare 2006-09-05 19:53 -------- d-------- C:\Program Files\America Online 9.0 2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-14 11:07 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-11 23:30 -------- d-------- C:\Program Files\Internet Explorer 2006-08-11 12:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-08-11 12:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-08-11 12:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2006-08-11 12:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2006-08-11 12:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-08-11 12:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2006-08-11 12:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2006-08-11 12:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2006-08-11 12:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2006-08-11 12:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2006-08-11 12:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2006-08-11 12:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\\\judi\\EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P30 \"\\\\judi\\EPSON Stylus C66 Series\" /M \"Stylus C66\" /EF \"HKCU\"" "H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~3\\wcescomm.exe\"" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" "AOL Fast Start"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe" "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe" "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe" "Auto EPSON Stylus C66 Series on judi"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P36 \"Auto EPSON Stylus C66 Series on judi\" /O12 \"\\\\JUDI\\Epson\" /M \"Stylus C66\"" "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce" "aduoswl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\aduoswl.dll,iihnsh" "llcljnl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\llcljnl.dll,gnhurwd" "NWEReboot"="" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe" "asxgtee.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\asxgtee.dll,vjyuxvd" "vrpjlwl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\vrpjlwl.dll,cjhiytd" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "gjzcygd.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gjzcygd.dll,vvjante" "zqxdreb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\zqxdreb.dll,wviaqgb" "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe" "sscRun"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\SSCRun.exe" "ghyklvm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ghyklvm.dll,zmtsglb" "gipvamn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gipvamn.dll,mmkwvrd" "sckojod.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\sckojod.dll,xuqdex" "VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,58,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=dword:00000000 "NoViewOnDrive"=dword:00000000 "NoDriveAutoRun"=hex:ff,ff,ff,03 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000001 "BackupNoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOL" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLDial" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLSPScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSP Scheduler" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus C66 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_S4I2S1" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P23 \"EPSON Stylus C66 Series\" /O5 \"LPT1:\" /M \"Stylus C66\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sscRun] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSCRun" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkhf HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee.com Update Check (LAURI-Lauri Friedman).job Completion time: Mon 10/02/2006 19:27:16.37 ComboFix.txt Rapport SmitFraudFix v2.104 Scan done at 19:38:23.34, Mon 10/02/2006 Run from C:\Documents and Settings\Lauri Friedman\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk Deleted C:\DOCUME~1\LAURIF~1\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Combo Fix #2 Lauri Friedman - 06-10-02 19:48:50.87 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Lauri Friedman\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 )))))))))))))))))))))))))))))))))) 2006-10-02 19:35 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-10-02 19:35 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-10-02 19:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-10-02 19:35 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-10-01 18:39 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys 2006-10-01 17:37 94,208 --a------ C:\WINDOWS\system32\sckojod.dll 2006-10-01 17:37 72,704 --a------ C:\WINDOWS\system32\xixoodd.dll 2006-09-30 15:07 94,208 --a------ C:\WINDOWS\system32\gipvamn.dll 2006-09-30 07:42 93,696 --a------ C:\WINDOWS\system32\ghyklvm.dll 2006-09-30 07:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-09-28 13:01 93,696 --a------ C:\WINDOWS\system32\zqxdreb.dll 2006-09-28 11:10 94,208 --a------ C:\WINDOWS\system32\gjzcygd.dll 2006-09-28 09:59 45,525 --a------ C:\WINDOWS\system32\fumsjwle.dll 2006-09-28 09:59 143,380 --a------ C:\WINDOWS\system32\ykjoujdv.exe 2006-09-28 09:10 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2006-09-28 09:08 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-09-28 09:08 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-28 09:04 93,696 --a------ C:\WINDOWS\system32\vrpjlwl.dll 2006-09-27 21:59 94,208 --a------ C:\WINDOWS\system32\asxgtee.dll 2006-09-27 09:18 93,696 --a------ C:\WINDOWS\system32\llcljnl.dll 2006-09-27 09:18 37,189 ---hs---- C:\WINDOWS\system32\fccbxvt.dll 2006-09-26 20:43 93,696 --a------ C:\WINDOWS\system32\aduoswl.dll 2006-09-26 15:40 4 --a------ C:\WINDOWS\system32\micro.dll 2006-09-26 15:07 4 --a------ C:\WINDOWS\system32\mjcrost.dll 2006-09-26 14:15 45,525 --a------ C:\WINDOWS\system32\tqoomify.dll 2006-09-26 14:15 143,380 --a------ C:\WINDOWS\system32\uxrwqlob.exe 2006-09-26 14:01 93,696 --a------ C:\WINDOWS\system32\ixfivgg.dll 2006-09-26 12:30 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll 2006-09-26 12:28 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2006-09-26 12:28 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2006-09-26 12:28 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2006-09-26 12:28 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-09-18 13:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-09-18 13:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-17 22:49 163,599 --a------ C:\WINDOWS\psuninst2.exe 2006-09-17 22:09 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2006-09-17 22:09 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2006-09-14 23:55 306,688 --a------ C:\WINDOWS\IsUninst.exe 2006-09-14 19:16 32,304 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys 2006-09-14 19:16 25,136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys 2006-09-14 19:16 103,984 --a------ C:\WINDOWS\system32\AOLDial.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-02 19:25 -------- d-------- C:\Program Files\Common Files 2006-10-01 18:39 -------- d-------- C:\Program Files\mcafee.com 2006-10-01 15:02 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AOL 2006-09-30 07:36 -------- d-------- C:\Program Files\AOL 2006-09-30 07:32 -------- d-------- C:\Program Files\Common Files\AOL 2006-09-28 11:02 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-09-28 11:01 -------- d-------- C:\Program Files\Symantec 2006-09-28 11:01 -------- d-------- C:\Program Files\Norton SystemWorks 2006-09-27 20:05 -------- d-------- C:\Program Files\Common Files\Ahead 2006-09-26 15:46 -------- d-------- C:\Program Files\DVD Shrink 2006-09-26 15:07 -------- d-------- C:\Program Files\Ultimate Cleaner 2006-09-26 14:23 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\SearchToolbarCorp 2006-09-26 14:15 -------- d-------- C:\Program Files\VSToolbar 2006-09-26 12:30 -------- d-------- C:\Program Files\Super DVD Copy 2006-09-26 12:03 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-26 11:20 -------- d-------- C:\Program Files\DivX 2006-09-23 12:13 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\acccore 2006-09-20 15:26 -------- d-------- C:\Documents and Settings\Lauri Friedman\Application Data\AdobeUM 2006-09-20 15:24 -------- d-------- C:\Program Files\Fish Aquarium 3D Screensaver 2006-09-17 22:13 -------- d---s---- C:\Documents and Settings\Lauri Friedman\Application Data\Microsoft 2006-09-17 22:10 2508 --a------ C:\Documents and Settings\Lauri Friedman\Application Data\$_hpcst$.hpc 2006-09-17 22:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-13 20:21 -------- d-------- C:\Program Files\Common Files\ODBC 2006-09-08 01:33 -------- d-------- C:\Program Files\BearShare 2006-09-05 19:53 -------- d-------- C:\Program Files\America Online 9.0 2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-14 11:07 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-11 23:30 -------- d-------- C:\Program Files\Internet Explorer 2006-08-11 12:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-08-11 12:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-08-11 12:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2006-08-11 12:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2006-08-11 12:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-08-11 12:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2006-08-11 12:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2006-08-11 12:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2006-08-11 12:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2006-08-11 12:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2006-08-11 12:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2006-08-11 12:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\\\judi\\EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P30 \"\\\\judi\\EPSON Stylus C66 Series\" /M \"Stylus C66\" /EF \"HKCU\"" "H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~3\\wcescomm.exe\"" "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" "AOL Fast Start"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe" "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe" "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe" "Auto EPSON Stylus C66 Series on judi"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P36 \"Auto EPSON Stylus C66 Series on judi\" /O12 \"\\\\JUDI\\Epson\" /M \"Stylus C66\"" "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce" "aduoswl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\aduoswl.dll,iihnsh" "llcljnl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\llcljnl.dll,gnhurwd" "NWEReboot"="" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe" "asxgtee.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\asxgtee.dll,vjyuxvd" "vrpjlwl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\vrpjlwl.dll,cjhiytd" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "gjzcygd.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gjzcygd.dll,vvjante" "zqxdreb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\zqxdreb.dll,wviaqgb" "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe" "sscRun"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\SSCRun.exe" "ghyklvm.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ghyklvm.dll,zmtsglb" "gipvamn.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\gipvamn.dll,mmkwvrd" "sckojod.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\sckojod.dll,xuqdex" "VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\"" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=dword:00000000 "NoViewOnDrive"=dword:00000000 "NoDriveAutoRun"=hex:ff,ff,ff,03 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000001 "BackupNoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ANIWZCS2Service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WZCSLDR2" "hkey"="HKLM" "command"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOL" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\AMERIC~1.0\\AOL.EXE\" -b" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLDial" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLSPScheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSP Scheduler" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscAntiSpywarePlugin\\ver1_10_3_1\\AOLSP Scheduler.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EPSON Stylus C66 Series] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="E_S4I2S1" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2S1.EXE /P23 \"EPSON Stylus C66 Series\" /O5 \"LPT1:\" /M \"Stylus C66\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLSoftware" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\AOLSoftware.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RoxioDragToDisc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DrgToDsc" "hkey"="HKLM" "command"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sscRun] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SSCRun" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1133585381\\ee\\services\\sscFirewallPlugin\\ver1_10_3_1\\SSCRun.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqpn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkhf HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee.com Update Check (LAURI-Lauri Friedman).job Completion time: Mon 10/02/2006 19:49:28.48 ComboFix.txt ComboFix2.txt Panda Incident Status Location Adware:adware/commandertoolbar Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Adware:adware/ipbill Not disinfected Windows Registry Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Spyware:spyware/media-motor Not disinfected Windows Registry Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@ad.yieldmanager[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@as-us.falkag[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@belnk[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@c.enhance[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@cgi-bin[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@com[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@did-it[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@dist.belnk[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@drivecleaner[2].txt Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@malwarewipe[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@microsoftwga.112.2o7[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@stats.drivecleaner[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@stats1.reliablestats[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@target[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@www.drivecleaner[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@yadro[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Lauri Friedman\Cookies\lauri friedman@zedo[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Lauri Friedman\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fccbxvt.dll Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Hijack this Logfile of HijackThis v1.99.1 Scan saved at 8:24:06 PM, on 10/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\mcafee.com\personal firewall\MPfTray.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\AOL\1133585381\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE C:\PROGRA~1\MICROS~3\wcescomm.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AMERIC~1.0\waol.exe C:\WINDOWS\system32\SAgent4.exe C:\Program Files\Common Files\AOL\1133585381\ee\aolsoftware.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\AMERIC~1.0\shellmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\AOL\1133585381\ee\SSCEvtHdlr.exe C:\Documents and Settings\Lauri Friedman\Desktop\Hijack This\Smiley!RU.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/main/tellmemore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {44D21278-3586-87D8-CC58-0B815CF89524} - C:\WINDOWS\system32\xixoodd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\system32\winvbie.dll (file missing) O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [Auto EPSON Stylus C66 Series on judi] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P36 "Auto EPSON Stylus C66 Series on judi" /O12 "\\JUDI\Epson" /M "Stylus C66" O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133585381\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce O4 - HKLM\..\Run: [aduoswl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\aduoswl.dll,iihnsh O4 - HKLM\..\Run: [llcljnl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\llcljnl.dll,gnhurwd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [asxgtee.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\asxgtee.dll,vjyuxvd O4 - HKLM\..\Run: [vrpjlwl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\vrpjlwl.dll,cjhiytd O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [gjzcygd.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gjzcygd.dll,vvjante O4 - HKLM\..\Run: [zqxdreb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zqxdreb.dll,wviaqgb O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1133585381\ee\SSCRun.exe O4 - HKLM\..\Run: [ghyklvm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ghyklvm.dll,zmtsglb O4 - HKLM\..\Run: [gipvamn.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\gipvamn.dll,mmkwvrd O4 - HKLM\..\Run: [sckojod.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\sckojod.dll,xuqdex O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKCU\..\Run: [\\judi\EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P30 "\\judi\EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/1,0,1,0/McUpdatePortal.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab O20 - Winlogon Notify: awtsqpn - awtsqpn.dll (file missing) O20 - Winlogon Notify: nnnmkhf - nnnmkhf.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1133585381\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe