Thread: Hijackthis log: TROJANS
View Single Post
Old 11-28-2006, 08:20 PM   #6 (permalink)
kmac182
Registered User
 
Join Date: Nov 2006
Posts: 11
OS: windows XP


Combofix:

Kendall - 06-11-28 19:08:29.12 Service Pack 2
ComboFix 06.11.28W - Running from: "C:\Documents and Settings\Kendall\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 18:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-28 18:36 <DIR> d-------- C:\WINDOWS\LastGood
2006-11-28 18:15 <DIR> d-------- C:\WINDOWS\temp
2006-11-28 17:37 88,340 --a------ C:\WINDOWS\system32\yykdqmjx.exe
2006-11-28 17:31 88,340 --a------ C:\WINDOWS\system32\kblaikyl.exe
2006-11-28 17:31 132,116 --a------ C:\WINDOWS\system32\qgtjrryr.dll
2006-11-27 17:31 88,340 --a------ C:\WINDOWS\system32\klkctdcn.exe
2006-11-27 17:26 88,340 --a------ C:\WINDOWS\system32\csnrguem.exe
2006-11-27 17:26 42,516 --a------ C:\WINDOWS\system32\homsiuel.dll
2006-11-27 17:26 132,116 --a------ C:\WINDOWS\system32\hjpopuet.dll
2006-11-27 17:26 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-26 18:36 <DIR> d-------- C:\WINDOWS\pss
2006-11-26 18:35 218,112 --a------ C:\kmac.exe
2006-11-24 17:20 132,116 --a------ C:\WINDOWS\system32\oxkuvpqq.dll
2006-11-23 17:14 38,420 --a------ C:\WINDOWS\system32\verpbdqy.dll
2006-11-23 17:14 132,116 --a------ C:\WINDOWS\system32\vnlcqvpm.dll
2006-11-19 17:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-19 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-19 17:03 5,037,072 --a------ C:\spybotsd14.exe
2006-11-15 23:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 23:55 <DIR> d-------- C:\7256fbfbf1f5068a0b3bb1
2006-11-15 17:52 <DIR> d-------- C:\Program Files\AOL Pictures
2006-11-14 19:14 <DIR> d--h----- C:\Program Files\Zero G Registry
2006-11-14 19:14 <DIR> d-------- C:\Program Files\Rosetta Stone
2006-11-14 19:13 <DIR> d--h----- C:\Documents and Settings\Kendall\InstallAnywhere
2006-11-10 06:58 110,612 --a------ C:\WINDOWS\system32\ldrdfjnd.exe
2006-11-09 16:49 110,612 --a------ C:\WINDOWS\system32\ujgtqyai.exe
2006-11-09 15:47 110,612 --a------ C:\WINDOWS\system32\btanamwt.exe
2006-11-08 19:47 110,612 --a------ C:\WINDOWS\system32\idhsgfvs.exe
2006-11-07 19:44 118,804 --a------ C:\WINDOWS\system32\yjmbhewi.dll
2006-11-06 13:11 110,612 --a------ C:\WINDOWS\system32\grpuuwmv.exe
2006-11-05 16:45 110,612 --a------ C:\WINDOWS\system32\pycvgaed.exe
2006-11-05 16:43 110,612 --a------ C:\WINDOWS\system32\sidriopw.exe
2006-11-05 10:45 110,612 --a------ C:\WINDOWS\system32\knxhetvn.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 10:16 110,612 --a------ C:\WINDOWS\system32\gowtiskk.exe
2006-11-03 21:51 110,612 --a------ C:\WINDOWS\system32\bbwhxclh.exe
2006-11-03 21:30 110,612 --a------ C:\WINDOWS\system32\woptkjdj.exe
2006-11-03 21:27 110,612 --a------ C:\WINDOWS\system32\ibtvuavg.exe
2006-11-03 13:12 110,612 --a------ C:\WINDOWS\system32\fmadnhbo.exe
2006-11-02 15:59 60,436 --a------ C:\WINDOWS\system32\enajoyma.dll
2006-11-02 15:59 110,612 --a------ C:\WINDOWS\system32\fwehymsw.exe
2006-10-31 19:45 118,804 --a------ C:\WINDOWS\system32\uuarivno.dll
2006-10-30 12:38 <DIR> dr-h----- C:\Documents and Settings\Kendall\Recent
2006-10-30 12:37 <DIR> d-------- C:\Program Files\Common Files\Java
2006-10-29 12:21 <DIR> d-------- C:\Program Files\NETGEAR
2006-10-28 21:26 <DIR> d-------- C:\Documents and Settings\Kendall\Application Data\Business Logic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 18:57 -------- d-------- C:\Program Files\QuickTime
2006-11-28 18:54 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 18:54 -------- d-------- C:\Program Files\GoogleAFE
2006-11-28 18:54 -------- d-------- C:\Program Files\Dell Support
2006-11-28 18:51 -------- d-------- C:\Program Files\America Online 9.0a
2006-11-28 18:51 -------- d-------- C:\Program Files\AIM
2006-11-27 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-03 14:12 6164 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-03 14:12 56 -r-hs---- C:\WINDOWS\system32\CC3DA89CEB.sys
2006-10-31 22:20 -------- d-------- C:\Program Files\VSToolbar
2006-10-30 19:12 -------- d-------- C:\Documents and Settings\Kendall\Application Data\AdobeUM
2006-10-29 17:36 -------- d-------- C:\Program Files\Java
2006-10-29 17:36 -------- d-------- C:\Program Files\Common Files
2006-10-29 12:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 10:27 -------- d---s---- C:\Documents and Settings\Kendall\Application Data\Microsoft
2006-10-28 14:29 908 --a------ C:\Documents and Settings\Kendall\Application Data\wklnhst.dat
2006-10-24 21:36 45525 --a------ C:\WINDOWS\system32\baialjvc.dll
2006-10-22 20:05 -------- d-------- C:\Documents and Settings\Kendall\Application Data\TPSEE
2006-10-22 14:37 67604 --a------ C:\WINDOWS\system32\cpaeuryr.exe
2006-10-19 10:09 -------- d-------- C:\Program Files\AOL
2006-10-19 09:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-17 21:37 45525 --a------ C:\WINDOWS\system32\rmgdlnjf.dll
2006-10-16 17:29 45525 --a------ C:\WINDOWS\system32\jhtqjylu.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 02:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-12 16:05 98324 --a------ C:\WINDOWS\system32\twgmqmyi.dll
2006-10-09 17:30 45525 --a------ C:\WINDOWS\system32\vhbwqdmy.dll
2006-10-03 09:43 86036 --a------ C:\WINDOWS\system32\omxwbojf.dll
2006-10-02 17:11 45525 --a------ C:\WINDOWS\system32\eetacftp.dll
2006-10-01 09:03 45525 --a------ C:\WINDOWS\system32\ylywwdem.dll
2006-09-28 19:28 -------- d-------- C:\Program Files\CleanUp!
2006-09-26 20:24 45525 --a------ C:\WINDOWS\system32\vctpwxvw.dll
2006-09-26 19:12 103984 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-09-25 18:23 143380 --a------ C:\WINDOWS\system32\rpiufprr.exe
2006-09-19 20:25 106516 --a------ C:\WINDOWS\system32\qseybitq.dll
2006-09-19 07:38 86068 --a------ C:\WINDOWS\system32\uhvyblbu.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 20:26 106516 --a------ C:\WINDOWS\system32\bqsnaewd.dll
2006-09-11 09:37 106516 --a------ C:\WINDOWS\system32\vbjevdpj.dll
2006-09-10 15:05 106516 --a------ C:\WINDOWS\system32\stbnvxql.dll
2006-09-10 12:19 106516 --a------ C:\WINDOWS\system32\avwylkwv.dll
2006-09-10 09:26 106516 --a------ C:\WINDOWS\system32\hrjrnqba.dll
2006-09-09 08:59 106516 --a------ C:\WINDOWS\system32\gkhljwmf.dll
2006-09-08 08:41 106516 --a------ C:\WINDOWS\system32\swhcdobs.dll
2006-09-07 10:12 106516 --a------ C:\WINDOWS\system32\pnjyccxt.dll
2006-09-06 20:50 106516 --a------ C:\WINDOWS\system32\nhkryunc.dll
2006-09-06 20:22 106516 --a------ C:\WINDOWS\system32\dwqjtmbm.dll
2006-09-05 18:53 106516 --a------ C:\WINDOWS\system32\dmllrglk.dll
2006-09-04 08:31 106516 --a------ C:\WINDOWS\system32\whdccbvc.dll
2006-09-03 09:32 102420 --a------ C:\WINDOWS\system32\meuufksp.dll
2006-09-02 14:56 102420 --a------ C:\WINDOWS\system32\pxodrrkm.dll
2006-09-02 07:29 102420 --a------ C:\WINDOWS\system32\luxvwyxm.dll
2006-09-01 09:35 102420 --a------ C:\WINDOWS\system32\rkkuccre.dll
2006-08-29 07:29 13844 --a------ C:\WINDOWS\system32\iwjriqvp.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1146885179\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"DropBoxUtility"="\"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe\" /s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-11-28 19:10:55.84
C:\ComboFix.txt ... 06-11-28 19:10
C:\ComboFix2.txt ... 06-11-28 18:27









Combofix2:

Kendall - 06-11-28 19:08:29.12 Service Pack 2
ComboFix 06.11.28W - Running from: "C:\Documents and Settings\Kendall\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 18:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-28 18:36 <DIR> d-------- C:\WINDOWS\LastGood
2006-11-28 18:15 <DIR> d-------- C:\WINDOWS\temp
2006-11-28 17:37 88,340 --a------ C:\WINDOWS\system32\yykdqmjx.exe
2006-11-28 17:31 88,340 --a------ C:\WINDOWS\system32\kblaikyl.exe
2006-11-28 17:31 132,116 --a------ C:\WINDOWS\system32\qgtjrryr.dll
2006-11-27 17:31 88,340 --a------ C:\WINDOWS\system32\klkctdcn.exe
2006-11-27 17:26 88,340 --a------ C:\WINDOWS\system32\csnrguem.exe
2006-11-27 17:26 42,516 --a------ C:\WINDOWS\system32\homsiuel.dll
2006-11-27 17:26 132,116 --a------ C:\WINDOWS\system32\hjpopuet.dll
2006-11-27 17:26 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-26 18:36 <DIR> d-------- C:\WINDOWS\pss
2006-11-26 18:35 218,112 --a------ C:\kmac.exe
2006-11-24 17:20 132,116 --a------ C:\WINDOWS\system32\oxkuvpqq.dll
2006-11-23 17:14 38,420 --a------ C:\WINDOWS\system32\verpbdqy.dll
2006-11-23 17:14 132,116 --a------ C:\WINDOWS\system32\vnlcqvpm.dll
2006-11-19 17:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-19 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-19 17:03 5,037,072 --a------ C:\spybotsd14.exe
2006-11-15 23:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-15 23:55 <DIR> d-------- C:\7256fbfbf1f5068a0b3bb1
2006-11-15 17:52 <DIR> d-------- C:\Program Files\AOL Pictures
2006-11-14 19:14 <DIR> d--h----- C:\Program Files\Zero G Registry
2006-11-14 19:14 <DIR> d-------- C:\Program Files\Rosetta Stone
2006-11-14 19:13 <DIR> d--h----- C:\Documents and Settings\Kendall\InstallAnywhere
2006-11-10 06:58 110,612 --a------ C:\WINDOWS\system32\ldrdfjnd.exe
2006-11-09 16:49 110,612 --a------ C:\WINDOWS\system32\ujgtqyai.exe
2006-11-09 15:47 110,612 --a------ C:\WINDOWS\system32\btanamwt.exe
2006-11-08 19:47 110,612 --a------ C:\WINDOWS\system32\idhsgfvs.exe
2006-11-07 19:44 118,804 --a------ C:\WINDOWS\system32\yjmbhewi.dll
2006-11-06 13:11 110,612 --a------ C:\WINDOWS\system32\grpuuwmv.exe
2006-11-05 16:45 110,612 --a------ C:\WINDOWS\system32\pycvgaed.exe
2006-11-05 16:43 110,612 --a------ C:\WINDOWS\system32\sidriopw.exe
2006-11-05 10:45 110,612 --a------ C:\WINDOWS\system32\knxhetvn.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 10:16 110,612 --a------ C:\WINDOWS\system32\gowtiskk.exe
2006-11-03 21:51 110,612 --a------ C:\WINDOWS\system32\bbwhxclh.exe
2006-11-03 21:30 110,612 --a------ C:\WINDOWS\system32\woptkjdj.exe
2006-11-03 21:27 110,612 --a------ C:\WINDOWS\system32\ibtvuavg.exe
2006-11-03 13:12 110,612 --a------ C:\WINDOWS\system32\fmadnhbo.exe
2006-11-02 15:59 60,436 --a------ C:\WINDOWS\system32\enajoyma.dll
2006-11-02 15:59 110,612 --a------ C:\WINDOWS\system32\fwehymsw.exe
2006-10-31 19:45 118,804 --a------ C:\WINDOWS\system32\uuarivno.dll
2006-10-30 12:38 <DIR> dr-h----- C:\Documents and Settings\Kendall\Recent
2006-10-30 12:37 <DIR> d-------- C:\Program Files\Common Files\Java
2006-10-29 12:21 <DIR> d-------- C:\Program Files\NETGEAR
2006-10-28 21:26 <DIR> d-------- C:\Documents and Settings\Kendall\Application Data\Business Logic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 18:57 -------- d-------- C:\Program Files\QuickTime
2006-11-28 18:54 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 18:54 -------- d-------- C:\Program Files\GoogleAFE
2006-11-28 18:54 -------- d-------- C:\Program Files\Dell Support
2006-11-28 18:51 -------- d-------- C:\Program Files\America Online 9.0a
2006-11-28 18:51 -------- d-------- C:\Program Files\AIM
2006-11-27 20:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-03 14:12 6164 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-03 14:12 56 -r-hs---- C:\WINDOWS\system32\CC3DA89CEB.sys
2006-10-31 22:20 -------- d-------- C:\Program Files\VSToolbar
2006-10-30 19:12 -------- d-------- C:\Documents and Settings\Kendall\Application Data\AdobeUM
2006-10-29 17:36 -------- d-------- C:\Program Files\Java
2006-10-29 17:36 -------- d-------- C:\Program Files\Common Files
2006-10-29 12:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 10:27 -------- d---s---- C:\Documents and Settings\Kendall\Application Data\Microsoft
2006-10-28 14:29 908 --a------ C:\Documents and Settings\Kendall\Application Data\wklnhst.dat
2006-10-24 21:36 45525 --a------ C:\WINDOWS\system32\baialjvc.dll
2006-10-22 20:05 -------- d-------- C:\Documents and Settings\Kendall\Application Data\TPSEE
2006-10-22 14:37 67604 --a------ C:\WINDOWS\system32\cpaeuryr.exe
2006-10-19 10:09 -------- d-------- C:\Program Files\AOL
2006-10-19 09:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-17 21:37 45525 --a------ C:\WINDOWS\system32\rmgdlnjf.dll
2006-10-16 17:29 45525 --a------ C:\WINDOWS\system32\jhtqjylu.dll
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 02:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-12 16:05 98324 --a------ C:\WINDOWS\system32\twgmqmyi.dll
2006-10-09 17:30 45525 --a------ C:\WINDOWS\system32\vhbwqdmy.dll
2006-10-03 09:43 86036 --a------ C:\WINDOWS\system32\omxwbojf.dll
2006-10-02 17:11 45525 --a------ C:\WINDOWS\system32\eetacftp.dll
2006-10-01 09:03 45525 --a------ C:\WINDOWS\system32\ylywwdem.dll
2006-09-28 19:28 -------- d-------- C:\Program Files\CleanUp!
2006-09-26 20:24 45525 --a------ C:\WINDOWS\system32\vctpwxvw.dll
2006-09-26 19:12 103984 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-09-25 18:23 143380 --a------ C:\WINDOWS\system32\rpiufprr.exe
2006-09-19 20:25 106516 --a------ C:\WINDOWS\system32\qseybitq.dll
2006-09-19 07:38 86068 --a------ C:\WINDOWS\system32\uhvyblbu.dll
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 20:26 106516 --a------ C:\WINDOWS\system32\bqsnaewd.dll
2006-09-11 09:37 106516 --a------ C:\WINDOWS\system32\vbjevdpj.dll
2006-09-10 15:05 106516 --a------ C:\WINDOWS\system32\stbnvxql.dll
2006-09-10 12:19 106516 --a------ C:\WINDOWS\system32\avwylkwv.dll
2006-09-10 09:26 106516 --a------ C:\WINDOWS\system32\hrjrnqba.dll
2006-09-09 08:59 106516 --a------ C:\WINDOWS\system32\gkhljwmf.dll
2006-09-08 08:41 106516 --a------ C:\WINDOWS\system32\swhcdobs.dll
2006-09-07 10:12 106516 --a------ C:\WINDOWS\system32\pnjyccxt.dll
2006-09-06 20:50 106516 --a------ C:\WINDOWS\system32\nhkryunc.dll
2006-09-06 20:22 106516 --a------ C:\WINDOWS\system32\dwqjtmbm.dll
2006-09-05 18:53 106516 --a------ C:\WINDOWS\system32\dmllrglk.dll
2006-09-04 08:31 106516 --a------ C:\WINDOWS\system32\whdccbvc.dll
2006-09-03 09:32 102420 --a------ C:\WINDOWS\system32\meuufksp.dll
2006-09-02 14:56 102420 --a------ C:\WINDOWS\system32\pxodrrkm.dll
2006-09-02 07:29 102420 --a------ C:\WINDOWS\system32\luxvwyxm.dll
2006-09-01 09:35 102420 --a------ C:\WINDOWS\system32\rkkuccre.dll
2006-08-29 07:29 13844 --a------ C:\WINDOWS\system32\iwjriqvp.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1146885179\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"DropBoxUtility"="\"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe\" /s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-11-28 19:10:55.84
C:\ComboFix.txt ... 06-11-28 19:10
C:\ComboFix2.txt ... 06-11-28 18:27






Panda Results:

Incident Status Location

Adware:Adware/AdwareShooter Not disinfected C:\WINDOWS\Config\svsva.dll
Possible Virus. Not disinfected C:\dell\Utilities\DSR\demo\DEMO.EXE
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kendall\Application Data\Mozilla\Firefox\Profiles\pauky5t6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kendall\Application Data\Mozilla\Firefox\Profiles\pauky5t6.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kendall\Application Data\Mozilla\Firefox\Profiles\pauky5t6.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kendall\Application Data\Mozilla\Firefox\Profiles\pauky5t6.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kendall\Application Data\Mozilla\Firefox\Profiles\pauky5t6.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@fastclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@go[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@stats1.reliablestats[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@winantivirus[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@www.systemdoctor[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kendall\Cookies\kendall@zedo[2].txt
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\aqducosp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\arelpjgk.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\avwylkwv.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\baialjvc.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\bbwhxclh.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bqsnaewd.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\btanamwt.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\ckdwgukx.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\cpaeuryr.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\csnrguem.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dmllrglk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dwqjtmbm.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\eetacftp.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\eipujlbj.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\enajoyma.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\fmadnhbo.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\fwehymsw.exe
Adware:Adware/Popuper Not disinfected C:\WINDOWS\system32\gevyvafo.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gkhljwmf.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\gowtiskk.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\grpuuwmv.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\gudgcxyi.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\hjpopuet.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hrjrnqba.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ibtvuavg.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\idhsgfvs.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\iwjriqvp.exe
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\jhtqjylu.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\kblaikyl.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\kctolslc.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\klkctdcn.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\knxhetvn.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ldrdfjnd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\luxvwyxm.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\lydkuwtt.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\meuufksp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nhkryunc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\omxwbojf.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\oxkuvpqq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pnjyccxt.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pxodrrkm.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\pycvgaed.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qseybitq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\rkkuccre.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\rmbxinde.exe
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\rmgdlnjf.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\rphswidr.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\rpiufprr.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\sidriopw.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\stbnvxql.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\swhcdobs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\twgmqmyi.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\ufolmtnm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\uhvyblbu.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\ujgtqyai.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vbjevdpj.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\vctpwxvw.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\verpbdqy.dll
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\vhbwqdmy.dll
Possible Virus. Not disinfected C:\WINDOWS\system32\vnlcqvpm.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\vruynixm.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\whdccbvc.dll
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\woptkjdj.exe
Potentially unwanted tool:Application/WinFixer2006 Not disinfected C:\WINDOWS\system32\ylywwdem.dll
Adware:Adware/SecurityError Not disinfected C:\WINDOWS\system32\yqmlgeqt.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\yykdqmjx.exe




New Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:39 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\1146885179\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1146885179\ee\aolsoftware.exe
c:\program files\common files\aol\1146885179\ee\AOLOpenRide.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Kendall\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146885179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.4.0.4.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
kmac182 is offline