I read a thread from the resolved area and proceeded to follow some f the steps. I ran Hijackthis before I started and is posted below. I next ran ComboFix.exe and have included that log and a fresh HJT log. Please advise as to any further stps required.
Before HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:10 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\KENSIN~1\Keyboard\Ikeymain.exe
C:\WINDOWS\system32\explorer32\WinsysMngr32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
F:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NielsenNetratings\bin\insight.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wmgvhgup.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Internet Explorer\iexplore.exe
f:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;setup.msn.com;memberservices.msn.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinLoad32] C:\WINDOWS\system32\Winload32.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Family\Desktop\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kenkeybd] C:\PROGRA~1\KENSIN~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [KenMouse] C:\PROGRA~1\KENSIN~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Pop-Up Stopper] "F:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mgvehrmc.dll",forkonce
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Nielsen NetRatings.lnk = C:\Program Files\NielsenNetratings\bin\insight.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...Szed029IJUS_ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/sof...iveXPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9307 bytes
ComboFix Log:
"admin" - 2007-07-20 0:55:28 - ComboFix 07-07-19.8 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\clkdvenk.dll
C:\WINDOWS\system32\fwlljllp.dll
C:\WINDOWS\system32\jytarcgr.dll
C:\WINDOWS\system32\lsuvmrql.dll
C:\WINDOWS\system32\mgvehrmc.dll
C:\WINDOWS\system32\osttycux.dll
C:\WINDOWS\system32\pqmuyljp.dll
C:\WINDOWS\system32\srthqodl.dll
C:\WINDOWS\system32\uqsqlllh.dll
C:\WINDOWS\system32\vpulqpje.dll
C:\WINDOWS\system32\wihacdkn.dll
C:\WINDOWS\system32\xwkbyqyd.dll
C:\WINDOWS\system32\yvmureht.dll
C:\WINDOWS\system32\axybdoik.exe
C:\WINDOWS\system32\keuwfjtk.exe
C:\WINDOWS\system32\mlknfddt.exe
C:\WINDOWS\system32\qplcbhin.exe
C:\WINDOWS\system32\qywtskxc.exe
C:\WINDOWS\system32\vhoemrhv.exe
C:\WINDOWS\system32\wmgvhgup.exe
C:\WINDOWS\system32\yjosqkgl.exe
C:\WINDOWS\system32\crheukbu.dll
C:\WINDOWS\system32\egkuttfg.dll
C:\WINDOWS\system32\eueqyncn.dll
C:\WINDOWS\system32\hsnxpevu.dll
C:\WINDOWS\system32\hyeridfn.dll
C:\WINDOWS\system32\kirlnndx.dll
C:\WINDOWS\system32\lwmpbobr.dll
C:\WINDOWS\system32\oxnncoul.dll
C:\WINDOWS\system32\quewgtym.dll
C:\WINDOWS\system32\qxhbwovq.dll
C:\WINDOWS\system32\uqdlprqb.dll
C:\WINDOWS\system32\xmhlymje.dll
C:\WINDOWS\system32\knevdklc.ini
C:\WINDOWS\system32\plljllwf.ini
C:\WINDOWS\system32\rgcratyj.ini
C:\WINDOWS\system32\lqrmvusl.ini
C:\WINDOWS\system32\cmrhevgm.ini
C:\WINDOWS\system32\xucyttso.ini
C:\WINDOWS\system32\pjlyumqp.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\hlllqsqu.ini
C:\WINDOWS\system32\ejpqlupv.ini
C:\WINDOWS\system32\nkdcahiw.ini
C:\WINDOWS\system32\dyqybkwx.ini
C:\WINDOWS\system32\therumvy.ini
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.bak2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\sttss.tmp
C:\WINDOWS\system32\sstts.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\smbols~1
C:\WINDOWS\b136.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\atblmlnj.exe
C:\WINDOWS\system32\djdnqdrr.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\fenbsjqq.exe
C:\WINDOWS\system32\hbkujdvj.exe
C:\WINDOWS\system32\jacgxhyj.exe
C:\WINDOWS\system32\nfwwgyfl.exe
C:\WINDOWS\system32\npthcprv.exe
C:\WINDOWS\system32\ojnrjidl.exe
C:\WINDOWS\system32\qvisitqd.exe
C:\WINDOWS\system32\rujffuce.exe
C:\WINDOWS\system32\smraxafd.exe
C:\WINDOWS\system32\udwryexl.exe
C:\WINDOWS\system32\uevfhfyn.exe
C:\WINDOWS\system32\ulukryfi.exe
C:\WINDOWS\system32\upvqjiqt.exe
C:\WINDOWS\system32\vdgxcplr.exe
C:\WINDOWS\system32\vmhoycep.exe
C:\WINDOWS\system32\x.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))
2007-07-20 01:46 <DIR> d-------- C:\TEMP
2007-07-20 00:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 22:21 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2007-07-19 22:19 <DIR> d-------- C:\Program Files\Network Associates
2007-07-16 00:53 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Uniblue
2007-07-15 21:35 45,056 --a------ C:\WINDOWS\PANIC32.dll
2007-07-15 21:35 40,960 --a------ C:\WINDOWS\PANICNT.dll
2007-07-13 23:42 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-04 03:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-29 23:20 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-06-29 23:20 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-06-29 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-29 23:14 <DIR> d-------- C:\Program Files\McAfee
2007-06-29 22:01 141 --a------ C:\DOCUME~1\admin\3643.bat
2007-06-29 21:58 66,048 --a------ C:\DOCUME~1\admin\x.exe
2007-06-29 21:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-29 18:01 <DIR> d-------- C:\bintheredunthat
2007-06-29 18:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FUNKMAILMEDIASPAM
2007-06-29 17:59 <DIR> d-------- C:\Program Files\BurnBindMath
2007-06-29 17:59 <DIR> d-------- C:\DOCUME~1\Family\APPLIC~1\BurnBindMath
2007-06-24 19:35 <DIR> d-------- C:\DOCUME~1\Family\APPLIC~1\Talkback
2007-06-23 18:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-06-23 18:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-21 21:13 <DIR> d-------- C:\WINDOWS\wqkz
2007-06-21 21:13 <DIR> d-------- C:\Program Files\Common Files\wqkz
2007-06-21 20:58 <DIR> d--hs---- C:\WINDOWS\RElWMDg
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-20 03:20:10 -------- d-----w C:\Program Files\Common Files\Network Associates
2007-07-20 03:12:26 -------- d-----w C:\Program Files\ItsDeductible2005
2007-07-20 03:11:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 14:21:05 -------- d-----w C:\Program Files\Common Files\Logitech
2007-07-04 13:57:13 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-07-04 04:40:57 -------- d-----w C:\Program Files\Yahoo!
2007-06-30 02:08:03 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Lavasoft
2007-06-28 01:43:08 -------- d-----w C:\Program Files\QuickTime
2007-06-28 01:34:34 -------- d-----w C:\Program Files\Apple Software Update
2007-06-25 00:38:21 3,875 -c--a-w C:\WINDOWS\mozver.dat
2007-05-27 23:39:10 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-26 23:54:50 -------- d-----w C:\Program Files\2Wire
2007-05-25 19:56:29 -------- d-----w C:\Program Files\DivX
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-11 04:37:15 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-11 04:37:15 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-25 03:18:49 170,688 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 -c--a-w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 -c--a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-12-07 17:42:03 1,133 -c--a-w C:\Program Files\Common Files\temp.html
1998-12-09 02:53:54 99,840 -c--a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53:54 70,144 -c--a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53:54 48,640 -c--a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53:54 31,744 -c--a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53:54 186,368 -c--a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53:54 17,920 -c--a-w C:\Program Files\Common Files\IRASRIAL.DLL
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\RElWMDg\lH5qgG0.vbs
2006-07-02 13:19:04 1,056 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2007-03-20 16:39 803864 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 17:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2003-05-15 01:03 147456 --a------ C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-07-07 14:06 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-03-19 12:01]
"IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2002-05-03 16:10]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 14:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 04:36]
"AtiPTA"="atiptaxx.exe" [2001-09-27 01:39 C:\WINDOWS\system32\atiptaxx.exe]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-04-11 13:24]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe" []
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" []
"QuickTime Task"="C:\Documents and Settings\Family\Desktop\QuickTime\qttask.exe" []
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" []
"Kenkeybd"="C:\PROGRA~1\KENSIN~1\Keyboard\Ikeymain.exe" [2003-06-10 04:31]
"KenMouse"="C:\PROGRA~1\KENSIN~1\Mouse\Amoumain.exe" []
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 10:43]
"Pop-Up Stopper"="F:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" [2002-07-28 22:51]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-01 07:46]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 14:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
C:\Documents and Settings\admin\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [2006-05-23 20
25]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 23:37:56]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-01 07:46:02]
Nielsen NetRatings.lnk - C:\Program Files\NielsenNetratings\bin\insight.exe [2005-06-27 22:18:30]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2005-02-25 17:19:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-19 12:53 24681 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
rundll32.exe "C:\WINDOWS\system32\uqsqlllh.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
"f:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
*Newly Created Service* - NAIAVTDI1
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}
C:\WINDOWS\Winload3232.exe
Contents of the 'Scheduled Tasks' folder
2007-07-19 01:33:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-20 06:00:00 C:\WINDOWS\tasks\CD29A059D3BA7589.job
**************************************************************************
catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-20 01:47:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags\4\Shell]
"MinPos1024x768(1).x"=dword:ffff8300
"MinPos1024x768(1).y"=dword:ffff8300
"WinPos1024x768(1).left"=dword:00000077
"WinPos1024x768(1).top"=dword:00000000
"WinPos1024x768(1).right"=dword:00000395
"WinPos1024x768(1).bottom"=dword:00000256
"WFlags"=dword:00000000
"ShowCmd"=dword:00000001
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-20 1:50:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-20 01:49
--- E O F ---
Combofix-quarantined-files.txt:
Code:
2006-09-08 17:32 81408 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir
2007-06-05 07:51 123544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\b136.exe.vir
2007-06-21 21:28 32177 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1122OinUninstaller.exe.vir
2007-06-21 21:58 164787 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
2007-06-21 21:58 72832 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
2007-06-29 17:56 66048 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\x.exe.vir
2007-06-29 18:02 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sstts.dll.vir
2007-06-29 18:02 6369 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.bak1.vir
2007-06-29 22:02 1318 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-30 13:43 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\srthqodl.dll.vir
2007-06-30 13:49 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yvmureht.dll.vir
2007-06-30 13:49 999567 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\therumvy.ini.vir
2007-07-03 21:18 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fwlljllp.dll.vir
2007-07-03 21:19 114209 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\plljllwf.ini.vir
2007-07-04 21:07 1852599 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.ini.vir
2007-07-05 18:41 1849023 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.tmp.vir
2007-07-07 14:12 1054457 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lqrmvusl.ini.vir
2007-07-07 14:13 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lsuvmrql.dll.vir
2007-07-09 09:40 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wihacdkn.dll.vir
2007-07-09 22:08 1054181 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nkdcahiw.ini.vir
2007-07-12 16:50 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vdgxcplr.exe.vir
2007-07-13 06:42 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ojnrjidl.exe.vir
2007-07-13 12:21 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\djdnqdrr.exe.vir
2007-07-13 15:30 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nfwwgyfl.exe.vir
2007-07-13 15:32 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eueqyncn.dll.vir
2007-07-13 21:16 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\udwryexl.exe.vir
2007-07-13 21:19 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\egkuttfg.dll.vir
2007-07-13 21:49 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\smraxafd.exe.vir
2007-07-13 21:49 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hsnxpevu.dll.vir
2007-07-13 21:55 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vpulqpje.dll.vir
2007-07-13 22:28 2373834 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ejpqlupv.ini.vir
2007-07-13 22:43 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ulukryfi.exe.vir
2007-07-13 22:49 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oxnncoul.dll.vir
2007-07-14 20:23 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rujffuce.exe.vir
2007-07-15 18:30 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jytarcgr.dll.vir
2007-07-15 18:30 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jacgxhyj.exe.vir
2007-07-15 18:32 1193068 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rgcratyj.ini.vir
2007-07-15 18:33 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vhoemrhv.exe.vir
2007-07-15 18:33 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lwmpbobr.dll.vir
2007-07-15 18:51 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pqmuyljp.dll.vir
2007-07-15 18:51 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hbkujdvj.exe.vir
2007-07-15 18:52 295 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pjlyumqp.ini.vir
2007-07-15 18:54 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\quewgtym.dll.vir
2007-07-15 18:55 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qywtskxc.exe.vir
2007-07-15 21:15 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uevfhfyn.exe.vir
2007-07-15 21:15 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xmhlymje.dll.vir
2007-07-15 21:18 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\osttycux.dll.vir
2007-07-16 00:18 345 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xucyttso.ini.vir
2007-07-16 00:59 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vmhoycep.exe.vir
2007-07-16 01:02 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\clkdvenk.dll.vir
2007-07-16 01:05 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hyeridfn.dll.vir
2007-07-16 01:08 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qplcbhin.exe.vir
2007-07-16 17:39 415 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\knevdklc.ini.vir
2007-07-16 17:42 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kirlnndx.dll.vir
2007-07-16 17:45 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fenbsjqq.exe.vir
2007-07-16 17:48 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axybdoik.exe.vir
2007-07-16 17:51 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uqdlprqb.dll.vir
2007-07-18 08:54 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\yjosqkgl.exe.vir
2007-07-18 08:54 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qvisitqd.exe.vir
2007-07-18 08:57 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\uqsqlllh.dll.vir
2007-07-18 18:40 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\npthcprv.exe.vir
2007-07-18 18:49 1138017 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hlllqsqu.ini.vir
2007-07-18 18:51 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\upvqjiqt.exe.vir
2007-07-18 18:54 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xwkbyqyd.dll.vir
2007-07-18 18:57 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\keuwfjtk.exe.vir
2007-07-18 19:00 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qxhbwovq.dll.vir
2007-07-18 19:45 1154295 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyqybkwx.ini.vir
2007-07-19 22:06 1801085 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.bak2.vir
2007-07-19 22:08 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\atblmlnj.exe.vir
2007-07-19 22:08 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\crheukbu.dll.vir
2007-07-19 22:11 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mgvehrmc.dll.vir
2007-07-19 22:11 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wmgvhgup.exe.vir
2007-07-20 00:54 1130240 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cmrhevgm.ini.vir
2007-07-20 00:56 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mlknfddt.exe.vir
2007-07-20 01:01 1334 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-07-20 01:01 1796176 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sttss.ini2.vir
2007-07-20 01:01 832 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.cf
2007-07-20 01:01 994 --a------ C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf
2007-07-20 01:04 214 --a------ C:\Qoobox\Quarantine\catchme.log
2007-07-20 01:04 54695 --a------ C:\Qoobox\Quarantine\catchme2007-07-20_ 14714.75.zip
Folder PATH listing
Volume serial number is C0FB-B572
C:\QOOBOX
\---Quarantine
| catchme.log
| catchme2007-07-20_ 14714.75.zip
|
+---C
| +---Program Files
| | \---Common Files
| | Yazzle1122OinUninstaller.exe.vir
| |
| \---WINDOWS
| | b136.exe.vir
| | wr.txt.vir
| |
| +---DOWNLO~1
| | UWA7P_0001_N91M0809NetInstaller.exe.vir
| |
| \---system32
| | atblmlnj.exe.vir
| | axybdoik.exe.vir
| | clkdvenk.dll.vir
| | cmrhevgm.ini.vir
| | crheukbu.dll.vir
| | djdnqdrr.exe.vir
| | dyqybkwx.ini.vir
| | egkuttfg.dll.vir
| | ejpqlupv.ini.vir
| | eueqyncn.dll.vir
| | fenbsjqq.exe.vir
| | fwlljllp.dll.vir
| | hbkujdvj.exe.vir
| | hlllqsqu.ini.vir
| | hsnxpevu.dll.vir
| | hyeridfn.dll.vir
| | jacgxhyj.exe.vir
| | jytarcgr.dll.vir
| | keuwfjtk.exe.vir
| | kirlnndx.dll.vir
| | knevdklc.ini.vir
| | lqrmvusl.ini.vir
| | lsuvmrql.dll.vir
| | lwmpbobr.dll.vir
| | mgvehrmc.dll.vir
| | mlknfddt.exe.vir
| | nfwwgyfl.exe.vir
| | nkdcahiw.ini.vir
| | npthcprv.exe.vir
| | ojnrjidl.exe.vir
| | osttycux.dll.vir
| | oxnncoul.dll.vir
| | pjlyumqp.ini.vir
| | plljllwf.ini.vir
| | pqmuyljp.dll.vir
| | qplcbhin.exe.vir
| | quewgtym.dll.vir
| | qvisitqd.exe.vir
| | qxhbwovq.dll.vir
| | qywtskxc.exe.vir
| | rgcratyj.ini.vir
| | rujffuce.exe.vir
| | smraxafd.exe.vir
| | srthqodl.dll.vir
| | sstts.dll.vir
| | sttss.bak1.vir
| | sttss.bak2.vir
| | sttss.ini.vir
| | sttss.ini2.vir
| | sttss.tmp.vir
| | therumvy.ini.vir
| | udwryexl.exe.vir
| | uevfhfyn.exe.vir
| | ulukryfi.exe.vir
| | upvqjiqt.exe.vir
| | uqdlprqb.dll.vir
| | uqsqlllh.dll.vir
| | vdgxcplr.exe.vir
| | vhoemrhv.exe.vir
| | vmhoycep.exe.vir
| | vpulqpje.dll.vir
| | wihacdkn.dll.vir
| | wmgvhgup.exe.vir
| | x.exe.vir
| | xmhlymje.dll.vir
| | xucyttso.ini.vir
| | xwkbyqyd.dll.vir
| | yjosqkgl.exe.vir
| | yvmureht.dll.vir
| |
| \---drivers
| core.cache.dsk.vir
| core.sys.vir
|
\---Registry_backups
LEGACY_CMDSERVICE.reg.cf
LEGACY_CORE.reg.cf
services_core.reg.cf
HJT log after Combofix run:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:46 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\KENSIN~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
F:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NielsenNetratings\bin\insight.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;setup.msn.com;memberservices.msn.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\Family\Desktop\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Kenkeybd] C:\PROGRA~1\KENSIN~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [KenMouse] C:\PROGRA~1\KENSIN~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Pop-Up Stopper] "F:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Nielsen NetRatings.lnk = C:\Program Files\NielsenNetratings\bin\insight.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...Szed029IJUS_ZS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/sof...iveXPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9595 bytes