Rickid

my McAfee notices these on my pc but cant delete them Generic PUP.q and Prcviewer i feel my pc might have some fixing to do so

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-19 19:37:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-07-19 23:37:41 UTC - RP15 - Deckard's System Scanner Restore Point
14: 2008-07-19 20:21:41 UTC - RP14 - Software Distribution Service 3.0
13: 2008-07-19 20:18:21 UTC - RP13 - Software Distribution Service 3.0
12: 2008-07-19 11:40:02 UTC - RP12 - System Checkpoint
11: 2008-07-18 11:08:46 UTC - RP11 - System Checkpoint


-- First Restore Point --
1: 2008-07-17 08:24:07 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-19 19:39:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner.RickCPU\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1171B342-D7D0-482F-9CE7-FC76DDDBA5E5} - (no file)
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\nnnlifFw.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {67393FF6-CD5E-4C1D-9C71-4115884EE1D9} - C:\WINDOWS\system32\wvUkJyYq.dll (file missing)
O2 - BHO: (no name) - {84C5C8CA-113F-49C0-AFB2-8CA41CB57004} - C:\WINDOWS\system32\geBuSkHb.dll (file missing)
O2 - BHO: (no name) - {9EB7A821-FB1C-4A79-9D24-9B700C30862A} - (no file)
O2 - BHO: (no name) - {C303EE01-B7F5-4FAE-ACF0-A1956DE432BC} - (no file)
O2 - BHO: (no name) - {F94B93F9-DE61-4EBE-902D-65DBA04A4340} - (no file)
O3 - Toolbar: (no name) - {80123684-A222-4009-8220-A867294D6DE8} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DpTsClnt] Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc7taj0eee7] C:\WINDOWS\system32\lphc7taj0eee7.exe
O4 - HKLM\..\Run: [SMrhc3taj0eee7] C:\Program Files\rhc3taj0eee7\rhc3taj0eee7.exe
O4 - HKLM\..\Run: [4ce7156d] rundll32.exe "C:\WINDOWS\system32\trirhggo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...8f/wvc1dmo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll (file missing)
O20 - Winlogon Notify: nnnlifFw - C:\WINDOWS\system32\nnnlifFw.dll (file missing)
O21 - SSODL: axrfgvek - {7C628EEA-E57D-4E44-B485-BE0B378E5E6A} - C:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: okmdepgb - {B2003E9A-154C-4A89-83F5-8256AA6FDA7E} - (no file)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe


--
End of file - 7852 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\bvrpmpr5.sys <Not Verified; Avanquest Software; BVRPNDIS Rawether for Windows>
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 FlexBios (FlexBIOS Service) - c:\windows\system32\drivers\flexbios.sys <Not Verified; Your Corporation; Your Product Name>
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 Invoker (Flash5 Invoker Service) - c:\windows\system32\drivers\invoker.sys <Not Verified; Your Corporation; Your Product Name>
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 TSHWMDTCP - c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DpHost (Biometric Authentication Service) - c:\program files\digitalpersona\bin\dphostw.exe <Not Verified; DigitalPersona, Inc.; DigitalPersona Pro for Active Directory>

S4 AlertService (Intel(R) Alert Service) - "c:\program files\intel\inteldh\ccu\alertservice.exe" <Not Verified; Intel Corporation; Intel(R) Viiv(TM) Software>
S4 ELService (Intel(R) Quick Resume technology) - c:\program files\intel\inteldh\intel(r) quick resume technology drivers\elservice.exe <Not Verified; Intel Corporation; Intel(R) Quick Resume Technology>
S4 ISSM (Intel(R) Software Services Manager) - "c:\program files\intel\inteldh\intel media server\media server\bin\issm.exe" <Not Verified; Intel Corporation; Intel(R) Viiv(TM) Software>
S4 M1 Server (Intel(R) Viiv(TM) Media Server) - c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe
S4 MCLServiceATL (Intel(R) Application Tracker) - "c:\program files\intel\inteldh\intel media server\shells\mclserviceatl.exe" <Not Verified; Intel Corporation; Intel(R) Viiv(TM) Software>
S4 Remote UI Service (Intel(R) Remoting Service) - "c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe" <Not Verified; Intel Corporation; Intel(R) Viiv(TM) Software>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-18 18:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-13 07:08:45 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-01 01:00:38 352 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-19 19:26:59 0 d-------- C:\WINDOWS\LastGood
2008-07-19 19:23:43 0 d--h----- C:\WINDOWS\PIF
2008-07-17 08:45:43 0 d-------- C:\WINDOWS\Prefetch
2008-07-17 08:36:50 0 d-------- C:\WINDOWS\system32\scripting
2008-07-17 08:36:50 0 d-------- C:\WINDOWS\system32\en
2008-07-17 08:36:50 0 d-------- C:\WINDOWS\l2schemas
2008-07-17 08:36:49 0 d-------- C:\WINDOWS\system32\bits
2008-07-17 08:28:43 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 08:24:12 7680 --a------ C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 08:12:59 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-17 04:50:58 0 d-------- C:\Program Files\Panda Security
2008-07-13 16:37:02 0 d-------- C:\Program Files\FLV Player
2008-07-10 11:33:14 0 d-------- C:\Documents and Settings\Owner.RickCPU\.housecall6.6
2008-07-10 00:12:03 34064 --a------ C:\WINDOWS\system32\drivers\Invoker.sys <Not Verified; Your Corporation; Your Product Name>
2008-07-10 00:12:03 33148 --a------ C:\WINDOWS\system32\drivers\FlexBios.sys <Not Verified; Your Corporation; Your Product Name>
2008-07-09 22:52:03 0 d-------- C:\Program Files\Gateway
2008-07-09 02:37:28 88576 --a------ C:\WINDOWS\system32\ifelvyul.dll
2008-07-08 19:17:25 0 d-------- C:\Program Files\Active Data Recovery Software
2008-07-08 02:35:55 89088 --a------ C:\WINDOWS\system32\jjooaajc.dll
2008-07-07 02:33:15 303995 --ahs---- C:\WINDOWS\system32\bHkSuBeg.ini2
2008-07-06 23:55:16 0 d--h----- C:\$AVG8.VAULT$
2008-07-06 23:46:49 0 d-------- C:\WINDOWS\resources
2008-07-06 23:41:09 2592 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-06 22:24:35 0 d-------- C:\Program Files\AVG
2008-07-06 22:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-06 22:04:51 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-06 22:04:50 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-06 22:04:50 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-06 22:04:50 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-06 22:04:50 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-06 22:04:50 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-06 22:01:52 0 d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 21:53:24 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\Uniblue
2008-07-06 21:50:53 276247 --ahs---- C:\WINDOWS\system32\qYyJkUvw.ini2
2008-07-06 21:13:25 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-06 21:04:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-06 21:03:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\rhc3taj0eee7
2008-07-06 20:41:06 0 d-------- C:\WINDOWS\system32\778670
2008-07-06 20:19:07 229513 --ahs---- C:\WINDOWS\system32\LnVvCcfe.ini2
2008-07-06 19:13:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 19:11:49 0 d-------- C:\Program Files\Yahoo!
2008-07-06 19:11:43 0 d-------- C:\Program Files\CCleaner
2008-07-06 19:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 18:14:41 0 d-------- C:\cabs
2008-07-06 17:46:22 241490 --ahs---- C:\WINDOWS\system32\TwFNonmp.ini2
2008-07-06 17:42:22 0 d--h----- C:\recycled
2008-07-06 15:16:21 231221 --ahs---- C:\WINDOWS\system32\uwyIkUtv.ini2
2008-07-06 15:11:12 7077888 --a------ C:\Documents and Settings\Owner.RickCPU\ntuser.dat
2008-07-06 14:33:55 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\TmpRecentIcons
2008-07-06 14:33:47 0 d-------- C:\Program Files\VAV
2008-07-06 14:33:45 0 d-------- C:\Program Files\PCHealthCenter
2008-07-06 14:33:40 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\rhc3taj0eee7
2008-07-06 14:33:36 0 d-------- C:\Program Files\rhc3taj0eee7
2008-07-06 14:33:14 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-06-25 22:18:41 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\Ludia
2008-06-25 22:18:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-25 22:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-25 22:18:21 0 d-------- C:\Program Files\Trymedia
2008-06-23 23:24:41 0 d-------- C:\Program Files\Pcsx2_0.9.4
2008-06-21 14:53:14 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-21 14:52:41 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-21 14:51:52 0 d-------- C:\Program Files\Microsoft.NET
2008-06-21 14:50:14 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2008-07-19 16:42:07 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\My Battle for Middle-earth(tm) II Files
2008-07-17 08:45:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-17 08:41:25 0 d-------- C:\Program Files\Messenger
2008-07-17 08:39:15 0 d-------- C:\Program Files\Windows NT
2008-07-17 08:39:13 0 d-------- C:\Program Files\Movie Maker
2008-07-17 04:48:27 0 d-------- C:\Program Files\DNA
2008-07-17 04:47:06 0 d-------- C:\Program Files\Common Files
2008-07-17 04:46:30 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\SUPERAntiSpyware.com
2008-07-17 04:46:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 04:46:28 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-16 18:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-06-12 16:14:13 0 d-------- C:\Program Files\Pure Networks
2008-06-12 15:59:14 0 d-------- C:\Program Files\Microsoft Works
2008-06-12 15:57:49 0 d-------- C:\Program Files\Napster
2008-06-12 15:57:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 15:57:32 0 d-------- C:\Program Files\CyberLink
2008-06-12 15:09:26 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\BitTorrent
2008-06-12 15:09:15 0 d-------- C:\Program Files\BigFix
2008-06-12 15:05:21 0 d-------- C:\Program Files\Common Files\AOL
2008-06-12 15:05:02 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\AOL
2008-06-03 14:32:44 0 d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\Sun
2008-05-22 14:49:58 0 d-------- C:\Program Files\Funcom


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1171B342-D7D0-482F-9CE7-FC76DDDBA5E5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
C:\WINDOWS\system32\nnnlifFw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67393FF6-CD5E-4C1D-9C71-4115884EE1D9}]
C:\WINDOWS\system32\wvUkJyYq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84C5C8CA-113F-49C0-AFB2-8CA41CB57004}]
C:\WINDOWS\system32\geBuSkHb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9EB7A821-FB1C-4A79-9D24-9B700C30862A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C303EE01-B7F5-4FAE-ACF0-A1956DE432BC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F94B93F9-DE61-4EBE-902D-65DBA04A4340}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-12 16:17]
"DpTsClnt"="Regsvr32.exe" [2004-08-10 15:00 C:\WINDOWS\system32\regsvr32.exe]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-26 18:35]
"nwiz"="nwiz.exe" [2007-12-26 18:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-26 18:35]
"lphc7taj0eee7"="C:\WINDOWS\system32\lphc7taj0eee7.exe" []
"SMrhc3taj0eee7"="C:\Program Files\rhc3taj0eee7\rhc3taj0eee7.exe" []
"4ce7156d"="C:\WINDOWS\system32\trirhggo.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\nnnlifFw.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"axrfgvek"= {7C628EEA-E57D-4E44-B485-BE0B378E5E6A} - C:\WINDOWS\axrfgvek.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlifFw]
nnnlifFw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBuSkHb
"Notification Packages"= scecli


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4ce7156d]
rundll32.exe "C:\WINDOWS\system32\trirhggo.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpTsClnt]
Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc7taj0eee7]
C:\WINDOWS\system32\lphc7taj0eee7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSweep]
C:\Program Files\RegSweep\RegSweep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RssReader]
C:\Program Files\RssReader\RssReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc3taj0eee7]
C:\Program Files\rhc3taj0eee7\rhc3taj0eee7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Remote UI Service"=2 (0x2)
"QBFCService"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MPS9"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"mcmscsvc"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"M1 Server"=2 (0x2)
"ISSM"=2 (0x2)
"IAANTMON"=2 (0x2)
"Emproxy"=3 (0x3)
"ELService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AlertService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - EHRECVR
*Newly Created Service* - EHSCHED



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8772 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-19 19:39:50 ------------

SmitFraudFix v2.329

Scan done at 19:52:45.20, 2008-07-19
Run from C:\Documents and Settings\Owner.RickCPU\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\Owner.RickCPU\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.RickCPU


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner.RickCPU\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OWNER~1.RIC\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) 82562V 10/100 Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F141B1A5-8DE8-402E-BD5C-0A95D384794C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F141B1A5-8DE8-402E-BD5C-0A95D384794C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




Mod's Message

Please note that this section of the forum is very busy, and re-visit our sticky topic Important - Please Read This Before Posting for Malware Removal Help, which you should have read before posting.
Once you post the requested logs in Step 5, please DO NOT install any new software and run any other tools on your own until you receive a reply.

Attached Files

extra.txt (16.1 KB, 2 views)

chemist

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that your antivirus program is outdated.

If you cannot update it, I can suggest a good, free one once your system is clean.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\Viewpoint

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Save it as it is originally named, to the desktop, next to ComboFix.exe

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:

• Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
• Please click Yes to continue scanning for malware.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Please download HijackThis and Save it to your Desktop.

Alternate link

Double-click on the file you just downloaded. Click on the "Unzip" button to install.

It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double-click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Please post the HijackThis log in your next reply. Do not fix anything in HijackThis since they may be harmless.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.

__________________

Rickid

Sorry replying so late i have been very busy i hope you can still help

ComboFix 08-08-01.05 - Owner 2008-08-03 2:41:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1533 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.RickCPU\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.RickCPU\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\#SharedObjects\EP753HQE\interclick.com
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\#SharedObjects\EP753HQE\interclick.com\ud.sol
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-07-28 14:12 . 2008-07-28 14:30 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-19 19:37 . 2008-07-19 19:37 <DIR> d-------- C:\Deckard
2008-07-19 19:23 . 2008-07-19 19:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-17 08:28 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-07-17 08:24 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-07-17 08:23 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003409_.tmp
2008-07-17 08:12 . 2008-07-20 14:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-17 04:51 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-17 04:50 . 2008-07-17 04:50 <DIR> d-------- C:\Program Files\Panda Security
2008-07-13 16:37 . 2008-07-13 16:37 <DIR> d-------- C:\Program Files\FLV Player
2008-07-10 11:33 . 2008-07-10 15:08 <DIR> d-------- C:\Documents and Settings\Owner.RickCPU\.housecall6.6
2008-07-10 00:12 . 2006-08-17 09:15 34,064 --a------ C:\WINDOWS\system32\drivers\Invoker.sys
2008-07-10 00:12 . 2006-08-17 09:15 33,148 --a------ C:\WINDOWS\system32\drivers\FlexBios.sys
2008-07-09 22:52 . 2008-07-09 22:52 <DIR> d-------- C:\Program Files\Gateway
2008-07-08 20:00 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-08 19:59 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-07-08 19:59 . 2004-08-10 15:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-07-08 19:59 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-08 19:59 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-08 19:59 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-08 19:59 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-08 19:57 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-07-08 19:56 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-08 19:55 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-08 19:54 . 2004-08-10 15:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-07-08 19:53 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-07-08 19:52 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-08 19:51 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-08 19:50 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-08 19:49 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-08 19:48 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-07-08 19:47 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-08 19:46 . 2004-08-10 15:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-07-08 19:45 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-07-08 19:44 . 2004-08-10 15:00 226,816 --a------ C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-07-08 19:43 . 2004-08-10 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-07-08 19:42 . 2004-08-10 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-08 19:42 . 2004-08-03 22:41 1,309,184 --a--c--- C:\WINDOWS\system32\dllcache\mtlstrm.sys
2008-07-08 19:42 . 2004-08-03 22:29 452,736 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhm.sys
2008-07-08 19:42 . 2004-08-03 22:41 126,686 --a--c--- C:\WINDOWS\system32\dllcache\mtlmnt5.sys
2008-07-08 19:42 . 2001-08-17 12:50 103,296 --a--c--- C:\WINDOWS\system32\dllcache\mtxvideo.sys
2008-07-08 19:42 . 2004-08-10 15:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-07-08 19:42 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-07-08 19:42 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-07-08 19:42 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-07-08 19:42 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-07-08 19:40 . 2004-08-10 15:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-07-08 19:39 . 2004-08-10 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-07-08 19:38 . 2004-08-10 15:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-07-08 19:37 . 2004-08-10 15:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-08 19:36 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-08 19:35 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-07-08 19:34 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-07-08 19:33 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-08 19:32 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-07-08 19:31 . 2004-08-10 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-08 19:30 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-07-08 19:29 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-07-08 19:28 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-08 19:28 . 2004-08-10 15:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll
2008-07-08 19:28 . 2004-08-10 15:00 4,639 --a------ C:\WINDOWS\system32\dllcache\mplayer2.exe
2008-07-08 19:27 . 2004-08-10 15:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-07-08 19:27 . 2004-08-10 15:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-07-08 19:27 . 2004-08-10 15:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-07-08 19:27 . 2004-08-10 15:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-07-08 19:27 . 2004-08-10 15:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-07-08 19:27 . 2004-08-10 15:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-07-08 19:27 . 2004-08-10 15:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-07-08 19:17 . 2008-07-08 19:17 <DIR> d-------- C:\Program Files\Active Data Recovery Software
2008-07-06 23:55 . 2008-07-09 12:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-06 23:46 . 2008-07-06 23:46 <DIR> d-------- C:\WINDOWS\resources
2008-07-06 23:41 . 2008-07-19 19:52 2,226 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-06 22:24 . 2008-07-06 22:24 <DIR> d-------- C:\Program Files\AVG
2008-07-06 22:24 . 2008-07-17 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-06 22:24 . 2008-07-06 22:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-07-06 22:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-06 22:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-06 22:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-06 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-06 22:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-06 22:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-06 22:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-06 22:01 . 2008-07-06 23:49 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 21:53 . 2008-07-06 21:53 <DIR> d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\Uniblue
2008-07-06 21:50 . 2008-07-06 21:50 318,720 --a------ C:\WINDOWS\system32\wvUkJyYq.dll_old
2008-07-06 20:41 . 2008-07-09 12:41 <DIR> d-------- C:\WINDOWS\system32\778670
2008-07-06 20:09 . 2008-07-07 02:21 318 --a------ C:\WINDOWS\wininit.ini
2008-07-06 19:13 . 2008-07-17 08:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 19:13 . 2008-07-17 04:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 19:11 . 2008-07-06 21:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-06 19:11 . 2008-07-06 19:12 <DIR> d-------- C:\Program Files\CCleaner
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 18:14 . 2008-07-09 23:59 <DIR> d-------- C:\cabs
2008-07-06 17:42 . 2008-07-06 17:42 <DIR> d--h----- C:\recycled
2008-07-06 14:33 . 2008-07-06 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 11:05 --------- d-----w C:\Program Files\EA GAMES
2008-07-19 20:42 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\My Battle for Middle-earth(tm) II Files
2008-07-17 12:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-17 08:48 --------- d-----w C:\Program Files\DNA
2008-07-17 08:48 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\Ludia
2008-07-17 08:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-17 08:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 08:46 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\SUPERAntiSpyware.com
2008-07-16 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-26 02:18 --------- d-----w C:\Program Files\Trymedia
2008-06-26 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-26 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-25 19:04 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-06-21 18:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-21 18:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 20:14 --------- d-----w C:\Program Files\Pure Networks
2008-06-12 19:59 --------- d-----w C:\Program Files\Microsoft Works
2008-06-12 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-12 19:57 --------- d-----w C:\Program Files\Napster
2008-06-12 19:57 --------- d-----w C:\Program Files\CyberLink
2008-06-12 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-06-12 19:09 --------- d-----w C:\Program Files\BigFix
2008-06-12 19:09 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\BitTorrent
2008-06-12 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-12 19:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-12 19:05 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\AOL
2008-01-28 02:44 182 -c--a-w C:\Program Files\444.txt
2007-10-04 16:30 446 -c--a-w C:\Program Files\rr.txt
2006-11-06 11:08 0 -c--a-w C:\Documents and Settings\Owner.RickCPU\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_12.30.53.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-17 20:12:42 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-06-17 20:23:02 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-06-17 20:13:22 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-06-17 19:36:00 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-17 20:13:26 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-06-17 19:25:58 697,344 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-06-17 19:26:00 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-06-17 19:25:58 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-06-17 19:32:18 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-06-17 20:11:56 253,952 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-06-17 20:15:00 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-06-17 20:22:46 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100458.exe
+ 2008-06-17 20:15:44 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-06-17 20:11:44 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-06-17 19:25:58 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 14:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2004-08-10 19:00:00 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-10 19:00:00 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-07-18 21:09:43 253,472 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-26 07:07:00 255,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-01-03 23:19:34 581,632 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2008-01-03 23:20:14 24,576 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2008-01-03 23:18:56 339,968 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 03:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2008-01-03 23:19:06 475,136 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 03:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2008-01-03 23:11:48 180,224 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 03:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2008-01-03 23:22:06 77,824 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 03:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 15:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2008-01-03 23:22:08 98,304 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-15 03:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2004-08-10 19:00:00 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2007-08-11 00:46:18 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 03:34 169984]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-12 16:17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-16 23:37 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpTsClnt]
--a------ 2008-01-30 18:16 200704 C:\Program Files\DigitalPersona\Bin\DPTSClnt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a--c--- 2007-08-03 23:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-26 18:35 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-26 18:35 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-12 16:17 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-26 18:35 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Remote UI Service"=2 (0x2)
"QBFCService"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MPS9"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"mcmscsvc"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"M1 Server"=2 (0x2)
"ISSM"=2 (0x2)
"IAANTMON"=2 (0x2)
"Emproxy"=3 (0x3)
"ELService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AlertService"=2 (0x2)
"DpHost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Owner.RickCPU\\Desktop\\Command & Conquer Generals\\game.dat"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6221:TCP"= 6221:TCP:Blizzard Downloader
"21469:TCP"= 21469:TCP:BitComet 21469 TCP
"21469:UDP"= 21469:UDP:BitComet 21469 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-07-27 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 16:10]

2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner.RickCPU\Application Data\Mozilla\Firefox\Profiles\nbwud6yy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 02:44:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-03 2:47:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 06:47:54
ComboFix2.txt 2008-07-20 16:31:15

Pre-Run: 144,816,222,208 bytes free
Post-Run: 145,353,740,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

393 --- E O F --- 2008-07-26 07:00:32


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.RIC\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe
C:\DOCUME~1\OWNER~1.RIC\LOCALS~1\Temp\Rar$EX02.156\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 2596 bytes

chemist

Hello Rickid. In order to effectively clean your system, you must reply in a timely fashion or you will just get reinfected. Please let me know you will do so.

------------------------------------------------------

What happened to all your HijackThis entries? Have you been fixing entries? You are running HijackThis from a temporary folder. Any backups that HijackThis made were stored in this temp folder and are most likely lost.

Please move it to your desktop or create its own folder.

------------------------------------------------------

What is your current antivirus situation. It appears that you uninstalled McAfee.

------------------------------------------------------

Run dss.exe again, but use these instructions(this assumes dss.exe is on your desktop):

• Click Start >> Run then copy/paste the following text into the Run box & click OK
  

  "%userprofile%\desktop\dss.exe" /config

• Click Run
• Click Check All
• Click Uncheck All
• Under the Extra Log heading, check all the boxes.
• Click Scan!
• Please attach extra.txt to your post. To attach a file to a new post, simply
  • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
  • Copy and Paste the following into the Upload File from your Computer box:

    C:\Deckard\System Scanner\extra.txt

  • Click Upload.

__________________

Rickid

ok i moved the hijackthis to my desktop out of the temp folder

McAfee is out of date i really dont have any antivirus

Attached Files

extra.txt (15.8 KB, 2 views)

chemist

Hello again, Rickid. Please tell us how your system is behaving after doing the following.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

We will address your antivirus situation in the next round.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad: