Thread: Suspected Virus/trojan/worm
View Single Post
Old 11-25-2006, 09:26 AM   #7 (permalink)
nicdonati
Registered User
 
Join Date: Nov 2006
Posts: 105
OS: XP


Hi,

Here is the combo.exe log file

Nic - 06-11-25 16:04:01.55 Service Pack 1
ComboFix 06.11.22W - Running from: "D:\Documents and Settings\Nic\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\system32\regedit.com
D:\WINDOWS\system32\wnstssu.exe
d:\pagefile.pif
d:\autorun.inf
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
D:\Program Files\INSTALL.LOG
D:\Program Files\Internet Explorer\PLUGINS\system.jmp
D:\autorun.inf
D:\pagefile.pif
D:\WINDOWS\1.com
D:\WINDOWS\exeroute.exe
D:\WINDOWS\explorer.com
D:\WINDOWS\finder.com
D:\WINDOWS\logo1_.exe
D:\WINDOWS\winlogon.exe
D:\WINDOWS\debug\debugprogram.exe
D:\WINDOWS\system32\command.pif
D:\WINDOWS\system32\dllwm.dll
D:\WINDOWS\system32\dxdiag.com
D:\WINDOWS\system32\exmple.dll
D:\WINDOWS\system32\finder.com
D:\WINDOWS\system32\iexp_log.txt
D:\WINDOWS\system32\msconfig.com
D:\WINDOWS\system32\regedit.com
D:\WINDOWS\system32\rundll32.com
D:\WINDOWS\system32\sexmple.exe
D:\WINDOWS\system32\wldll.dll
D:\WINDOWS\system32\ztdll.dll
D:\Program Files\internet explorer\iexplore.com
D:\Program Files\Common Files\iexplore.pif
D:\WINDOWS\IEXPL0RE.exe
D:\WINDOWS\system32\aelupsvc32.dll
D:\WINDOWS\system32\drivers\wsfit32.sys

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\qoobox\purity\WINDOWS\WNSXS~1
D:\qoobox\purity\WINDOWS\system32\WNSXS~1
D:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1
D:\qoobox\purity\Program Files\ASEMBL~1
D:\qoobox\purity\Documents and Settings\Nic\Application Data\CROSOF~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\YMANTE~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\CROSOF~1.NET
D:\qoobox\purity\Documents and Settings\Nic\My Documents\SMBOLS~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-25 to 2006-11-25 ))))))))))))))))))))))))))))))))))


2006-11-25 16:09 <DIR> d-------- D:\WINDOWS\erdnt
2006-11-25 01:10 35,960 -r-hs---- D:\WINDOWS\SERVICES.EXE
2006-11-23 16:16 68,608 --a------ D:\WINDOWS\system32\locator.exe
2006-11-23 16:16 67,584 --a------ D:\WINDOWS\system32\magnify.exe
2006-11-23 16:16 544,256 --a------ D:\WINDOWS\system32\crypt32.dll
2006-11-23 16:16 532,480 --a------ D:\WINDOWS\system32\rpcrt4.dll
2006-11-23 16:16 53,760 --a------ D:\WINDOWS\system32\cryptsvc.dll
2006-11-23 16:16 51,200 --a------ D:\WINDOWS\system32\narrator.exe
2006-11-23 16:16 37,888 --a------ D:\WINDOWS\system32\hhsetup.dll
2006-11-23 16:16 316,928 --a------ D:\WINDOWS\system32\zipfldr.dll
2006-11-23 16:16 260,608 --a------ D:\WINDOWS\system32\rpcss.dll
2006-11-23 16:16 238,080 --a------ D:\WINDOWS\system32\newdev.dll
2006-11-23 16:16 226,816 --a------ D:\WINDOWS\system32\srrstr.dll
2006-11-23 16:16 212,480 --a------ D:\WINDOWS\system32\osk.exe
2006-11-23 16:16 179,200 --a------ D:\WINDOWS\system32\accwiz.exe
2006-11-23 16:16 143,872 --a------ D:\WINDOWS\system32\itircl.dll
2006-11-23 16:16 125,440 --a------ D:\WINDOWS\system32\shmedia.dll
2006-11-23 16:16 122,368 --a------ D:\WINDOWS\system32\itss.dll
2006-11-23 16:16 10,752 --a------ D:\WINDOWS\hh.exe
2006-11-23 16:16 1,172,992 --a------ D:\WINDOWS\system32\ole32.dll
2006-11-23 16:12 31,744 --a------ D:\WINDOWS\system32\rundll32.exe
2006-11-23 16:08 <DIR> d--hs---- D:\FOUND.000
2006-11-23 15:47 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2006-11-23 15:47 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2006-11-23 15:47 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2006-11-23 15:47 46,352 --a------ D:\WINDOWS\setdebug.exe
2006-11-23 15:47 404,752 --a------ D:\WINDOWS\system32\javart.dll
2006-11-23 15:47 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2006-11-23 15:47 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2006-11-23 15:47 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2006-11-23 15:47 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2006-11-23 15:47 172,304 --a------ D:\WINDOWS\system32\jview.exe
2006-11-23 15:47 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2006-11-23 15:47 171,280 --a------ D:\WINDOWS\system32\jit.dll
2006-11-23 15:47 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2006-11-23 15:47 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2006-11-23 15:47 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedon.reg
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2006-11-23 15:46 528,896 --a------ D:\WINDOWS\system32\user32.dll
2006-11-23 15:46 46,208 --a------ D:\WINDOWS\system32\drivers\raspptp.sys
2006-11-23 15:46 42,485 --a------ D:\WINDOWS\system32\r1ft7.dll
2006-11-23 15:46 392,576 --a------ D:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-23 15:46 322,048 --a------ D:\WINDOWS\system32\drivers\srv.sys
2006-11-23 15:46 272,896 --a------ D:\WINDOWS\system32\winsrv.dll
2006-11-23 15:46 1,949,440 --a------ D:\WINDOWS\system32\ntkrnlpa.exe
2006-11-23 15:46 1,925,760 --a------ D:\WINDOWS\system32\ntoskrnl.exe
2006-11-23 15:46 1,694,336 --a------ D:\WINDOWS\system32\win32k.sys
2006-11-23 15:37 32,256 --a------ D:\WINDOWS\system32\msgsvc.dll
2006-11-23 15:36 676,864 --a------ D:\WINDOWS\system32\sxs.dll
2006-11-23 15:35 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2006-11-23 15:35 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2006-11-23 15:35 593,408 --------- D:\WINDOWS\system32\xpsp2res.dll
2006-11-23 15:35 331,776 --a------ D:\WINDOWS\system32\winhttp.dll
2006-11-23 15:35 260,096 --a------ D:\WINDOWS\system32\mstask.dll
2006-11-23 15:35 172,544 --a------ D:\WINDOWS\system32\schedsvc.dll
2006-11-23 15:35 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 15:35 158,720 --------- D:\WINDOWS\system32\xpob2res.dll
2006-11-23 15:35 10,752 --a------ D:\WINDOWS\system32\mstinit.exe
2006-11-23 15:35 <DIR> d-------- D:\WINDOWS\system32\bits
2006-11-23 15:05 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2006-11-23 15:05 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2006-11-23 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Lavasoft
2006-11-23 14:07 60,717 --a------ D:\WINDOWS\system32\schost.exe
2006-11-22 23:52 86,016 --a------ D:\WINDOWS\system32\WSD_SOCK32.dll
2006-11-22 23:52 45,056 --a------ D:\WINDOWS\system32\XpIcfOpt.dll
2006-11-21 18:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-21 16:51 0 --a------ D:\WINDOWS\system32\interest.exe
2006-11-21 16:41 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\McAfee
2006-11-21 12:19 <DIR> d-------- D:\Program Files\RegCleaner
2006-11-21 11:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Uniblue
2006-11-21 10:49 229,376 -ra------ D:\WINDOWS\system32\atiiiexx.dll
2006-11-21 10:25 <DIR> d-------- D:\WINDOWS\Favorites
2006-11-21 00:20 31,744 --a------ D:\WINDOWS\system32\wao.exe
2006-11-20 22:45 182,880 --a------ D:\WINDOWS\system32\iuengine.dll
2006-11-20 22:06 <DIR> d-------- D:\WINDOWS\Prefetch
2006-11-20 21:48 99,328 --a------ D:\WINDOWS\system32\irftp.exe
2006-11-20 21:48 78,336 --a------ D:\WINDOWS\system32\irmon.dll
2006-11-20 21:48 7,680 --a------ D:\WINDOWS\system32\wshirda.dll
2006-11-20 21:48 55,296 --a------ D:\WINDOWS\system32\drivers\irda.sys
2006-11-20 21:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-11-20 21:43 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-20 21:32 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys
2006-11-20 21:30 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2006-11-20 21:30 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2006-11-20 21:19 73,728 --a------ D:\WINDOWS\smcfg.exe
2006-11-20 21:19 607,732 --a------ D:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\slserv.exe
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\coinst.dll
2006-11-20 21:19 42,296 --a------ D:\WINDOWS\system32\winddx.sys
2006-11-20 21:19 413,696 --a------ D:\WINDOWS\sllights.exe
2006-11-20 21:19 369,936 --a------ D:\WINDOWS\system32\drivers\slntamr.sys
2006-11-20 21:19 33,028 --a------ D:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-20 21:19 2,383,460 --a------ D:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-20 21:19 196,608 --a------ D:\WINDOWS\system32\slextspk.dll
2006-11-20 21:19 175,160 --a------ D:\WINDOWS\system32\drivers\slnthal.sys
2006-11-20 21:19 172,708 --a------ D:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-20 21:19 163,840 --a------ D:\WINDOWS\system32\minirec.exe
2006-11-20 21:19 151,552 --a------ D:\WINDOWS\system32\amr_cpl.dll
2006-11-20 21:19 1,438,556 --a------ D:\WINDOWS\system32\drivers\v90drv.sys
2006-11-20 21:18 <DIR> d-------- D:\WINDOWS\setup.pss
2006-11-20 18:49 <DIR> d-------- D:\Program Files\SiteAdvisor
2006-11-20 18:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\SiteAdvisor
2006-11-20 18:47 84,744 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys
2006-11-20 18:47 37,800 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys
2006-11-20 18:47 33,896 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys
2006-11-20 18:47 31,560 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys
2006-11-20 18:47 161,768 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys
2006-11-20 18:47 104,024 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee.com
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee
2006-11-20 18:46 <DIR> d-------- D:\Program Files\Common Files\McAfee
2006-11-20 18:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2006-11-20 16:55 <DIR> d-------- D:\WINDOWS\Intel
2006-11-20 11:02 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-20 10:57 42,485 --a------ D:\WINDOWS\system32\drivers\cq4.sys
2006-11-19 23:39 83,487 --a------ D:\WINDOWS\system32\test3.exe
2006-11-19 23:39 <DIR> d-------- D:\Program Files\test
2006-11-19 23:38 558,080 --a------ D:\WINDOWS\system32\advapi.dll
2006-11-19 23:31 <DIR> d-------- D:\WINDOWS\Download
2006-11-19 23:30 39,936 --a------ D:\WINDOWS\rxdll.dll
2006-11-19 23:30 25,772 --a------ D:\WINDOWS\RichDll.dll
2006-11-19 23:30 <DIR> d-------- D:\WINDOWS\uninstall
2006-11-19 23:30 <DIR> d-------- D:\WINDOWS\down
2006-11-18 12:03 <DIR> d-------- D:\ppmaterecord
2006-11-18 12:03 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\PPMate
2006-11-17 19:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2006-11-17 01:23 <DIR> d-------- D:\Program Files\Sign Recognition Test CDROM
2006-11-06 20:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\My Games
2006-11-06 20:21 <DIR> d---s---- D:\Program Files\Xfire
2006-11-06 20:21 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Xfire
2006-11-06 19:23 44,032 --a------ D:\WINDOWS\system32\msxml3r.dll
2006-11-06 19:23 1,129,472 --a------ D:\WINDOWS\system32\msxml3.dll
2006-11-06 18:16 <DIR> d-------- D:\Program Files\Firaxis Games
2006-11-06 18:08 <DIR> d-------- D:\Program Files\PowerISO
2006-11-06 17:59 577,536 ---h----- D:\WINDOWS\system32\bqzkkteezqn.exe
2006-11-06 17:57 577,536 ---h----- D:\WINDOWS\system32\sgldxwmikif.exe
2006-11-06 17:45 577,536 ---h----- D:\WINDOWS\system32\xgmusmximki.exe
2006-11-06 17:44 577,536 ---h----- D:\WINDOWS\system32\winupdaters.exe
2006-11-06 17:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2006-11-03 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Sports Interactive
2006-10-31 12:56 <DIR> d-------- D:\Program Files\Sports Interactive
2006-10-31 05:42 503,808 --a------ D:\WINDOWS\system32\xreglib.dll
2006-10-30 23:22 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Bitdefender
2006-10-30 23:11 <DIR> d-------- D:\Program Files\Softwin
2006-10-30 23:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2006-10-30 23:10 <DIR> d-------- D:\Program Files\Common Files\Softwin
2006-10-30 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-10-30 23:06 684,032 --a------ D:\WINDOWS\system32\libeay32.dll
2006-10-30 23:06 155,648 --a------ D:\WINDOWS\system32\ssleay32.dll
2006-10-29 19:47 <DIR> d-------- D:\Program Files\PCPitstop
2006-10-29 06:24 <DIR> d-------- D:\Program Files\TVAnts
2006-10-29 06:23 <DIR> d-------- D:\Program Files\PPStream
2006-10-29 06:23 <DIR> d-------- D:\Program Files\PPMate
2006-10-29 06:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\ppstream


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-17 01:22 737280 --a------ D:\WINDOWS\iun6002.exe
2006-10-18 08:39 2139086 --a------ D:\WINDOWS\soft.exe
2006-10-03 21:53 -------- d-------- D:\Program Files\LitexMedia
2006-09-21 20:39 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2006-09-21 01:50 0 --a------ D:\Documents and Settings\Nic\Application Data\dm.ini
2006-09-16 10:16 115159 --a------ D:\WINDOWS\EliottEU2.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Registry Cleaner"="\"D:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
"BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\""
"wao.exe"="D:\\WINDOWS\\System32\\wao.exe D:\\WINDOWS\\System32\\drivers\\cq4.sys Rundll32"
"Dseh"="\"D:\\WINDOWS\\WNSXS~1\\userinit.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QKeys"="\"D:\\Program Files\\QKeys\\QKeys.EXE\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SCDEmuApp.exe"="\"D:\\Program Files\\PowerISO\\SCDEmuApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"WinampAgent"="\"D:\\Program Files\\Winamp3\\winampa.exe\""
"SiteAdvisor"="D:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"Microsoft WindowsUpdaters"="WINUPDATER.EXE"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"1f"="D:\\WINDOWS\\System32\\rundll32.exe r1ft7.dll Rundll32"
"wl"="D:\\WINDOWS\\Download\\svhost32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"NiceMs"="D:\\Program Files\\Internet Explorer\\PLUGINS\\temp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\McQcTask.job
D:\WINDOWS\tasks\McDefragTask.job

Completion time: 06-11-25 16:11:12.59
D:\ComboFix.txt ... 06-11-25 16:11


This is the SREng.com log file

2006-11-25,16:18:53

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Registry Cleaner><"D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"> [N/A]
<BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceMs><D:\Program Files\Internet Explorer\PLUGINS\temp.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan]
<ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A]
<SiteAdvisor><D:\Program Files\SiteAdvisor\4608\SiteAdv.exe> [(Verified)McAfee, Inc.]
<NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Microsoft WindowsUpdaters><WINUPDATER.EXE> [N/A]
<iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
<Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]

==================================
Startup Folders
[Photo Loader supervisory]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N>
[Adobe Acrobat Speed Launcher]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[McAfee E-mail Proxy / Emproxy]
<D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[InstallDriver Table Manager / IDriverT]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[McAfee HackerWatch Service / McAfee HackerWatch Service]
<"D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[McAfee Log Manager / McLogManagerService]
<D:\PROGRA~1\McAfee\MSC\mclogsrv.exe><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr]
<D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc]
<"d:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr]
<D:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector]
<d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Task Scheduler / mctskshd.exe]
<D:\PROGRA~1\McAfee\MSC\mctskshd.exe><McAfee, Inc.>
[McAfee User Manager / mcusrmgr]
<D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService]
<"D:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[SiteAdvisor Service / SiteAdvisor Service]
<D:\Program Files\SiteAdvisor\4608\SAService.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[bdfdll / bdfdll]
<\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV]
<\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[Cdr4_xp / Cdr4_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Dual-Mode DSC(2770) / DCamUSBSQTECH]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[dvd_2K / dvd_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[McAfee Inc. / mfeavfk]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mmc_2K / mmc_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[MP3Driver / MP3Driver]
<D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A>
[MPFP / MPFP]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mtlmnt5 / Mtlmnt5]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<System32\DRIVERS\Mtlstrm.sys><>
[NSC Infrared Device Driver / NSCIRDA]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NtMtlFax / NtMtlFax]
<System32\DRIVERS\NtMtlFax.sys><>
[NTSIM / NTSIM]
<\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[SCDEmu / SCDEmu]
<D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLink AMR_PCI Driver / Slntamr]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[tmcomm / tmcomm]
<\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.>
[UdfReadr_xp / UdfReadr_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
[V90drv / V90drv]
<System32\DRIVERS\v90drv.sys><>
[VIA AGP Filter / viaagp1]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A>
[VIA USB Host Controller Lower Filter / vulfnths]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <d:\program files\mcafee\virusscan\scriptsn.dll, McAfee, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, N/A>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Convert link target to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
Running Processes
[PID: 636][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 700][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 724][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 772][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 956][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1220][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1296][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1368][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\Program Files\Internet Explorer\PLUGINS\sb.dll] [N/A, N/A]
[PID: 1544][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1640][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1652][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A]
[PID: 1692][D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.0.163.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1752][D:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[PID: 1796][D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1872][d:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[PID: 1892][D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[PID: 1908][D:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[d:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 8.0.198.0]
[D:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,0,169,0]
[d:\program files\common files\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,0,198,0]
[d:\program files\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,1,123,0]
[d:\program files\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,1,123,0]
[PID: 1984][d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,0,198,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1996][D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 2040][D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 260][D:\PROGRA~1\McAfee\MSC\mctskshd.exe] [McAfee, Inc., 7,1,133,0]
[PID: 496][D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 572][D:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.0.198.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 696][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][D:\Program Files\SiteAdvisor\4608\SAService.exe] [N/A, N/A]
[PID: 1212][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1960][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 2100][d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe] [McAfee, Inc., 11,0,205,0]
[D:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 532][D:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 1156][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251]
[PID: 1716][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[PID: 1576][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 1964][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 1800][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1]
[PID: 1784][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 2012][D:\Program Files\SiteAdvisor\4608\SiteAdv.exe] [McAfee, Inc., 1.6.0.23]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[PID: 2084][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 2232][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 2268][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2312][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200]
[PID: 2400][D:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2456][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[PID: 2412][D:\WINDOWS\System32\wao.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2516][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 3028][d:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,1,133,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1352][d:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\Documents and Settings\Nic\Desktop\SREng.com] [Smallfrogs Studio, 2.2.6.605]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================


And this is the HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:20:20, on 25/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\QKeys\QKeys.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\BitLord\BitLord.exe
C:\HJT\HijackThis.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\program files\mcafee\msc\mcuimgr.exe
D:\WINDOWS\System32\cmd.exe
D:\WINDOWS\Logo1_.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft WindowsUpdaters] WINUPDATER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



Ok. Thanks so far! I ran HJT in normal mode after i had done the other 2 scans. My apps are working again... Phew! and about safe mode i will just restart my computer now and watch carefully and record what it says and i will post my findings in the next post ok.
nicdonati is offline