Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
slow system urqQjkkH threat slow system urqQjkkH threat
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 04-29-2008, 11:46 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 10
OS: winxp


slow system urqQjkkH threat
ok firstly hi to everyone who reads my post firstly i am going to say i wish i would never have had to use this site for the purpose that i am about to post but in advance a massive thank you to all wgo have helped and those who are going to help people like myself.

i have managed to get a file called urqQjkkH.dll firmly embedded into my system32 folder and via various attempts to delete this file it is a no go, the file was downloaded as a mp3 from a bit-torrent site and when it was extracted from its rar archive i noticed staright away that it was not the said file so i deleted it and thought no more ( 19/04/08 ). the following day my file scanner in nod32 threw up a threat detected window and sugested i delete the file urqQjkkH but each time it will not delete.

since this file downloaded and my system is running 2 process's take up most of my cpu, one is winlogin.exe and the other is lsass.exe, neither of these process's can be stopped as they are critical system process's. also i get a lot of adware since this file as well.

if i stop the file scanner in nod32 then winlogin and lsass do not take any of my cpu but i still get the pop-ups.

i am asking for help please to delete the files that are causing my problems.

i have followed the 5 step process in the sticky of these forums and the pandascan took 27hours to complete.

here is my log from pandascan and below is my main.txt log from deckard's dss and i'll also attach the extra.txt.





;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-28 07:31:42
PROTECTIONS: 1
MALWARE: 66
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.247realmedia.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@tribalfusion[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.anm.co.uk/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.xiti.com/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.tickle.com/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.tickle.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.gostats.com/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.gostats.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@statcounter[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[ad.yieldmanager.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@bs.serving-sys[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.adtech.de/]
00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@servlet[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@media.adrevolver[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@adopt.hbmediapro[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.realmedia.com/]
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@cgi-bin[6].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@questionmarket[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@xmts[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@go[1].txt
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.www48.seeq.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@searchportal.information[2].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@i.screensavers[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@atwola[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@cgi-bin[3].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@cgi-bin[4].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Cookies\carl@ads.addynamix[1].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\Cookies\carl@drivecleaner[2].txt
00760354 Adware/AzeSearch Adware No 0 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP862\A0194380.exe
00996210 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\MagicISO\Patch.exe
00996210 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\carl\My Documents\set up files\Magic iso 5.1\Patch.exe
00996210 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\set up files\Magic iso 5.1.rar[Magic iso 5.1\Patch.exe]
01006923 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\carl\Local Settings\Application Data\Microsoft\Messenger\carlcurtis69@hotmail.com\Sharing Folders\cgooding82@hotmail.com\Vista.Activation.Crack.By.Vistatalk.REPACK-ViSTATALK.rar[vistacrack.exe]
01006923 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\UseNeXT\alt.binaries.cd.image.french\Vista.Activation.Crack.By.Vistatalk.on.EFnet.REPACK-ViSTATALK.rar[vistacrack.exe]
01006923 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\UseNeXT\alt.binaries.warez.ibm-pc.ms-beta\Vista.Activation.Crack.By.Vistatalk.REPACK-ViSTATALK.rar[vistacrack.exe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\carl\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP862\A0195416.EXE
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\carl\Application Data\Mozilla\Firefox\Profiles\n7z9u9wk.default\cookies.txt[.adserver.easyad.info/]
01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\carl\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32
01891361 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\carl\My Documents\http://www.TorrentSource.TO_VSO.Soft...vertXtoDvd.exe
01891361 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\set up files\http://www.TorrentSource.TO_VSO.Soft...racked-CzW.rar[http://www.TorrentSource.TO_VSO.Soft...ertXtoDvd.exe]
01891361 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\carl\My Documents\set up files\http://www.TorrentSource.TO_VSO.Soft...vertXtoDvd.exe
01891361 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\backed up files\http://www.TorrentSource.TO_VSO.Soft...racked-CzW.rar[http://www.TorrentSource.TO_VSO.Soft...ertXtoDvd.exe]
02572844 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP834\A0185219.exe
02572844 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\carl\My Documents\set up files\Absolute_MP3_Splitter_2.5.7.rar[Absolute MP3 Splitter 2.5.7\Keygen.exe]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP862\A0195403.sys
02895977 HackTool/AsteriskView HackTools No 0 No No C:\Documents and Settings\carl\My Documents\set up files\LostPassword.Passware.Kit.v7.9.2157.Enterprise.WinALL.RETAIL-ARN [releases4u.net].zip[LostPassword.Passware.Kit.v7.9.2157.Enterprise.WinALL.RETAIL-ARN [releases4u.net]/setup.exe][ariskkey.dll]
02916589 Application/PassRock HackTools No 0 Yes No C:\Documents and Settings\carl\My Documents\set up files\XP KEYFINDER.zip[keyfinder.exe]
02929194 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP860\A0194305.dll
02929267 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP857\A0191203.dll
02929268 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP860\A0194300.dll
02929277 Spyware/Virtumonde Spyware No 1 No No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP856\A0190303.exe[is152883.exe]
02929277 Spyware/Virtumonde Spyware No 1 No No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP860\A0194319.exe[is152883.exe]
02929280 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\URQQJKKH.DLL
02929280 Spyware/Virtumonde Spyware No 1 No No C:\RECYCLER\S-1-5-21-527237240-790525478-725345543-1003\Dc2.rar[urqQjkkH.dll]
02929298 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP862\A0195455.dll
02929313 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP860\A0194302.dll
02929571 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{9DB4D32D-02C6-4AEA-AAEA-E6F11F7A6611}\RP860\A0194304.dll
02932471 Spyware/Virtumonde Spyware No 1 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\carl\LOCALS~1\Temp\kfsbgugd.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
;===================================================================================================================================================================================



here is the dss scanner log


Deckard's System Scanner v20071014.68
Run by carl on 2008-04-28 23:00:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-04-28 22:00:52 UTC - RP872 - Deckard's System Scanner Restore Point
78: 2008-04-28 21:39:36 UTC - RP871 - Software Distribution Service 3.0
77: 2008-04-28 21:23:27 UTC - RP870 - Software Distribution Service 3.0
76: 2008-04-27 23:55:50 UTC - RP869 - System Checkpoint
75: 2008-04-25 10:47:37 UTC - RP868 - Last known good configuration


-- First Restore Point --
1: 2008-04-25 10:47:16 UTC - RP794 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as carl.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2311, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\etMon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\QuickTime Alternative\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\carl\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\carl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.blueyonder.co.uk:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - (no file)
R3 - URLSearchHook: (no name) - {f3730ce0-582d-4b69-883c-613308706456} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll
O2 - BHO: (no name) - {49106BD1-3642-4B1B-AA03-9826CECE4272} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - (no file)
O2 - BHO: {ea26eddf-1946-758a-5454-261b1c691b3b} - {b3b196c1-b162-4545-a857-6491fdde62ae} - C:\WINDOWS\system32\apfecfde.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EC4AD8FA-C09F-4574-A2AD-F7DD7CADB227} - C:\WINDOWS\system32\hgGvtTnL.dll
O2 - BHO: (no name) - {f3730ce0-582d-4b69-883c-613308706456} - (no file)
O2 - BHO: (no name) - {FDF5236A-19BA-4A64-B595-56DE4B31D93A} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - (no file)
O3 - Toolbar: (no name) - {f3730ce0-582d-4b69-883c-613308706456} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [BM435af00e] Rundll32.exe "C:\WINDOWS\system32\mwwwsmvv.dll",s
O4 - HKLM\..\Run: [4069c392] rundll32.exe "C:\WINDOWS\system32\cmvoxdyy.dll",b
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/...aderMediaX.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145911058265
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops....gi3.0.84.2.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O20 - Winlogon Notify: urqQjkkH - C:\WINDOWS\SYSTEM32\urqQjkkH.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 11273 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080423-221259-396 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll
backup-20080423-221259-719 O2 - BHO: (no name) - {76E131B6-A967-4689-B437-8D6B321DDCA7} - C:\WINDOWS\system32\xxyywUlL.dll
backup-20080423-221603-200 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll
backup-20080423-221604-790 O2 - BHO: (no name) - {76E131B6-A967-4689-B437-8D6B321DDCA7} - C:\WINDOWS\system32\xxyywUlL.dll
backup-20080423-222131-313 O2 - BHO: (no name) - {76E131B6-A967-4689-B437-8D6B321DDCA7} - C:\WINDOWS\system32\xxyywUlL.dll
backup-20080423-222131-725 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll
backup-20080423-230157-164 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll
backup-20080423-230157-185 O2 - BHO: (no name) - {297800AF-0F98-48D2-84C9-A88BD70DF719} - C:\WINDOWS\system32\xxyywUlL.dll
backup-20080423-230157-944 O20 - Winlogon Notify: urqQjkkH - C:\WINDOWS\SYSTEM32\urqQjkkH.dll
backup-20080424-072756-201 O20 - Winlogon Notify: urqQjkkH - C:\WINDOWS\SYSTEM32\urqQjkkH.dll
backup-20080424-072756-284 O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\urqQjkkH.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 FDCDNT - c:\windows\system32\drivers\fdcdnt.sys
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - c:\program files\cyberlink\powerdvd\000.fcl <Not Verified; Cyberlink Corp.; CyberLink FCL Driver>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 MAC_MOT - c:\windows\system32\drivers\mac_mot.sys
R2 PAR1284 - c:\windows\system32\drivers\par1284.sys <Not Verified; Warp Nine Engineering; IEEE 1284 Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 DCamUSBET (ET USB 2710 Camera) - c:\windows\system32\drivers\etdevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
R3 FiltUSBET (ET USB Device Lower Filter) - c:\windows\system32\drivers\etfilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ScanUSBET (ET USB Still Image Capture Device) - c:\windows\system32\drivers\etscan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys (file missing)
S1 Tosrfcom (Bluetooth RFCOMM) - c:\windows\system32\drivers\tosrfcom.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 Egatebus - c:\windows\system32\drivers\egatebus.sys (file missing)
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 gtermddo - c:\docume~1\carl\locals~1\temp\gtermddo.sys (file missing)
S3 NTACCESS - g:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - g:\ntglm7x.sys (file missing)
S3 tosporte (Bluetooth COM Port) - c:\windows\system32\drivers\tosporte.sys (file missing)
S3 tosrfbd (Bluetooth RFBUS) - c:\windows\system32\drivers\tosrfbd.sys (file missing)
S3 tosrfbnp (Bluetooth RFBNEP) - c:\windows\system32\drivers\tosrfbnp.sys (file missing)
S3 Tosrfhid (Bluetooth RFHID) - c:\windows\system32\drivers\tosrfhid.sys (file missing)
S3 tosrfnds (Bluetooth Personal Area Network) - c:\windows\system32\drivers\tosrfnds.sys (file missing)
S3 TosRfSnd (Bluetooth Audio) - c:\windows\system32\drivers\tosrfsnd.sys (file missing)
S3 tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys (file missing)
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\3&61AAA01&0&28
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_011113F6&REV_10\3&61AAA01&0&28
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 21:15:14 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-28 22:23:39 0 d-------- C:\WINDOWS\LastGood
2008-04-28 22:08:15 0 d-------- C:\ie-spyad_zo
2008-04-28 21:58:22 0 d-------- C:\Program Files\SpywareBlaster
2008-04-28 11:54:29 95296 --a------ C:\WINDOWS\system32\cmvoxdyy.dll
2008-04-28 11:53:09 108608 --a------ C:\WINDOWS\system32\apfecfde.dll
2008-04-28 11:51:26 104000 --a------ C:\WINDOWS\system32\mwwwsmvv.dll
2008-04-27 12:11:20 107072 --a------ C:\WINDOWS\system32\sufsckhw.dll
2008-04-27 11:51:26 105024 --a------ C:\WINDOWS\system32\euogljgw.dll
2008-04-26 11:57:11 107072 --a------ C:\WINDOWS\system32\yfysokou.dll
2008-04-26 11:50:38 95808 --a------ C:\WINDOWS\system32\npjjhccu.dll
2008-04-26 11:50:27 106048 --a------ C:\WINDOWS\system32\dekfbfqh.dll
2008-04-25 11:48:44 98880 --a------ C:\WINDOWS\system32\rxxxyxsr.dll
2008-04-25 11:48:35 97856 --a------ C:\WINDOWS\system32\dbnqvjim.dll
2008-04-25 11:47:05 395707 --ahs---- C:\WINDOWS\system32\LnTtvGgh.ini2
2008-04-25 11:46:55 273920 --a------ C:\WINDOWS\system32\hgGvtTnL.dll
2008-04-25 10:46:58 264456 --a------ C:\WINDOWS\system32\byXRlKAs.dll
2008-04-25 09:46:55 270864 --a------ C:\WINDOWS\system32\ljJDUlih.dll
2008-04-25 08:46:53 256996 --a------ C:\WINDOWS\system32\iifdbxvv.dll
2008-04-25 07:46:51 270904 --a------ C:\WINDOWS\system32\rqRKDVoN.dll
2008-04-25 06:46:50 271272 --a------ C:\WINDOWS\system32\urqpnKCU.dll
2008-04-25 05:46:49 270580 --a------ C:\WINDOWS\system32\hgGWmKab.dll
2008-04-25 04:46:48 271032 --a------ C:\WINDOWS\system32\jkkiFXRi.dll
2008-04-25 03:46:46 271880 --a------ C:\WINDOWS\system32\byXOffDs.dll
2008-04-25 01:46:45 271756 --a------ C:\WINDOWS\system32\awtSigDW.dll
2008-04-25 00:46:44 269892 --a------ C:\WINDOWS\system32\nnnoPhGa.dll
2008-04-24 23:46:45 271436 --a------ C:\WINDOWS\system32\pmnLDSmK.dll
2008-04-24 22:46:42 270580 --a------ C:\WINDOWS\system32\mlJbyYSi.dll
2008-04-24 22:32:41 0 d-------- C:\Program Files\Panda Security
2008-04-24 18:00:26 270580 --a------ C:\WINDOWS\system32\ssqPjhge.dll
2008-04-23 22:24:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-23 22:24:50 68096 --a------ C:\WINDOWS\zip.exe
2008-04-23 22:24:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-23 22:24:50 98816 --a------ C:\WINDOWS\sed.exe
2008-04-23 22:24:50 80412 --a------ C:\WINDOWS\grep.exe
2008-04-23 22:24:50 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-23 22:24:48 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-23 22:24:48 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-23 2225 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:40:23 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-23 19:40:23 2538 --a------ C:\WINDOWS\unins000.dat
2008-04-23 1836 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-23 1836 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-23 1836 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-23 1836 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-23 1835 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-23 1835 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-23 1835 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-23 1835 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-23 1835 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-23 1835 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-23 1835 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-23 1835 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-23 1835 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-23 1835 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-23 17:35:32 0 d-------- C:\FAMILY_GUY_DISC3
2008-04-21 15:36:46 0 d-------- C:\Program Files\McDonaldsFairies
2008-04-19 22:00:30 16515072 --a------ C:\Documents and Settings\carl\ntuser.dat
2008-04-19 21:54:53 38400 --a------ C:\WINDOWS\system32\urqQjkkH.dll
2008-04-18 18:04:04 0 d-------- C:\Program Files\iPod
2008-04-08 20:04:13 0 d-------- C:\Program Files\Conduit
2008-04-08 20:04:12 0 d-------- C:\Program Files\bigmaq2
2008-03-29 11:29:54 0 d-------- C:\OutputFolder
2008-03-29 11:24:58 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-03-29 11:24:39 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-29 11:04:36 0 d-------- C:\Program Files\YouTube Downloader 3000


-- Find3M Report ---------------------------------------------------------------

2008-04-28 21:37:43 0 d-------- C:\Program Files\Steam
2008-04-24 19:24:48 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-24 17:52:43 0 d-------- C:\Program Files\Pinnacle
2008-04-24 17:51:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 22:17:44 0 d-------- C:\Program Files\TextAloud
2008-04-23 20:43:22 0 d-------- C:\Documents and Settings\carl\Application Data\uTorrent
2008-04-20 23:36:33 0 d-------- C:\Program Files\EPSON Print CD
2008-04-20 07:42:25 0 d-------- C:\Documents and Settings\carl\Application Data\Vso
2008-04-18 2036 0 d-------- C:\Program Files\Apple Software Update
2008-04-18 18:04:23 0 d-------- C:\Program Files\iTunes
2008-04-18 18:01:58 0 d-------- C:\Program Files\QuickTime Alternative
2008-04-13 16:50:32 0 d-------- C:\Program Files\Pixel Chix Desktop
2008-04-08 20:00:07 0 d-------- C:\Program Files\bigmaq
2008-03-29 11:24:39 0 d-------- C:\Program Files\Common Files
2008-03-28 18:19:01 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-27 21:56:00 0 d-------- C:\Documents and Settings\carl\Application Data\Apple Computer
2008-03-18 20:57:26 0 d-------- C:\Program Files\ETUSB2.0
2008-03-18 20:57:21 0 d-------- C:\Program Files\eMPIA-ET
2008-03-11 21:30:35 0 d-------- C:\Program Files\Smallvideosoft
2008-03-05 21:44:28 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 21:43:59 0 d-------- C:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
19/04/2008 21:54 38400 --a------ C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49106BD1-3642-4B1B-AA03-9826CECE4272}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b3b196c1-b162-4545-a857-6491fdde62ae}]
28/04/2008 11:53 108608 --a------ C:\WINDOWS\system32\apfecfde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC4AD8FA-C09F-4574-A2AD-F7DD7CADB227}]
25/04/2008 11:46 273920 --a------ C:\WINDOWS\system32\hgGvtTnL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDF5236A-19BA-4A64-B595-56DE4B31D93A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/01/2004 19:54 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [27/08/2003 14:20]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22/08/2004 17:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [30/06/2004 19:29]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 00:56 C:\WINDOWS\system32\bthprops.cpl]
"etMonitor"="C:\WINDOWS\etMon.exe" [26/07/2005 12:45]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [29/07/2006 12:07]
"Tweak UI"="TWEAKUI.CPL" [25/03/2003 06:49 C:\WINDOWS\system32\tweakui.cpl]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07/03/2007 19:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/01/2005 03:01]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [06/05/2006 22:01]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [15/03/2007 03:59]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" []
"BM435af00e"="C:\WINDOWS\system32\mwwwsmvv.dll" [28/04/2008 11:51]
"4069c392"="C:\WINDOWS\system32\cmvoxdyy.dll" [28/04/2008 11:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [14/04/2006 21:44]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"Steam"="c:\program files\steam\steam.exe" [31/03/2008 22:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\carl\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [16/10/2006 21:14:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\urqQjkkH.dll [19/04/2008 21:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjkkH]
urqQjkkH.dll 19/04/2008 21:54 38400 C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGvtTnL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d4dea3-cb38-11da-8f11-806d6172696f}]
AutoRun\command- G:\fscommand\vividas.exe fscommand\Dora_ep1.viv /xml:8993 /blankscreen:134:228:252 /nosplash /run:main.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edc8f5f7-b2df-11dc-bee7-000c76bb1a5e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mgae.com/keylauncher/?code=3654337083002210




-- End of Deckard's System Scanner: finished at 2008-04-28 23:07:47 ------------

look forward to being rid of this dastardly threat.
Attached Files
File Type: txt extra.txt (28.3 KB, 3 views)
carlccfc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2008, 11:54 AM   #2 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 10
OS: winxp


Re: slow system urqQjkkH threat
bumped after 72 hours
carlccfc is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-02-2008, 08:31 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 17,056
OS: WinXP and Win98se


Re: slow system urqQjkkH threat
Hello carlccfc and welcome,

I see you also ran ComboFix. I'd like to see that report before we begin. You'll find it at C:\ComboFix.txt, please post the contents of that report.
__________________

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Keep this site free for all. Please consider, donating

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-03-2008, 01:35 AM   #4 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 10
OS: winxp


Re: slow system urqQjkkH threat
hi reid

here is the cobofix log

ComboFix 08-04-22.5 - carl 2008-04-23 23:12:19.2 - NTFSx86
Running from: C:\Documents and Settings\carl\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\LlUwyyxx.ini
C:\WINDOWS\system32\LlUwyyxx.ini2
.
---- Previous Run -------
.
C:\WINDOWS\local.html
C:\WINDOWS\system32\ttu.exe
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-23 22:06 . 2008-04-23 22:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-23 21:53 . 2008-04-23 21:53 <DIR> d-------- C:\Deckard
2008-04-23 19:40 . 2008-04-23 19:32 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-23 19:40 . 2008-04-23 19:40 2,538 --a------ C:\WINDOWS\unins000.dat
2008-04-23 18:06 . 2008-04-23 18:06 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-23 18:06 . 2008-04-23 20:10 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-23 17:35 . 2008-04-23 17:35 <DIR> d-------- C:\FAMILY_GUY_DISC3
2008-04-21 16:47 . 2008-04-21 16:47 165 --a------ C:\WINDOWS\system32\test.aok
2008-04-21 15:36 . 2008-04-23 17:38 <DIR> d-------- C:\Program Files\McDonaldsFairies
2008-04-20 10:03 . 2008-04-23 15:14 109,756 --a------ C:\WINDOWS\BM435af00e.xml
2008-04-19 21:59 . 2008-04-19 22:00 275,456 --a------ C:\WINDOWS\system32\xxyywUlL.dll
2008-04-19 21:54 . 2008-04-19 21:54 38,400 --a------ C:\WINDOWS\system32\urqQjkkH.dll
2008-04-18 18:04 . 2008-04-18 18:04 <DIR> d-------- C:\Program Files\iPod
2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\Conduit
2008-04-08 20:04 . 2008-04-08 20:04 <DIR> d-------- C:\Program Files\bigmaq2
2008-03-29 11:29 . 2008-03-29 11:30 <DIR> d-------- C:\OutputFolder
2008-03-29 11:24 . 2008-03-29 11:40 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-03-29 11:24 . 2008-03-29 11:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-29 11:04 . 2008-03-29 11:04 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:03 --------- d-----w C:\Program Files\Steam
2008-04-23 21:17 --------- d-----w C:\Program Files\TextAloud
2008-04-23 19:43 --------- d-----w C:\Documents and Settings\carl\Application Data\uTorrent
2008-04-23 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 18:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-20 22:36 --------- d-----w C:\Program Files\EPSON Print CD
2008-04-20 06:42 --------- d-----w C:\Documents and Settings\carl\Application Data\Vso
2008-04-18 19:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 17:04 --------- d-----w C:\Program Files\iTunes
2008-04-18 17:01 --------- d-----w C:\Program Files\QuickTime Alternative
2008-04-13 15:50 --------- d-----w C:\Program Files\Pixel Chix Desktop
2008-04-08 19:00 --------- d-----w C:\Program Files\bigmaq
2008-04-03 17:43 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-28 17:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 20:56 --------- d-----w C:\Documents and Settings\carl\Application Data\Apple Computer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 19:57 --------- d-----w C:\Program Files\ETUSB2.0
2008-03-18 19:57 --------- d-----w C:\Program Files\eMPIA-ET
2008-03-11 20:30 --------- d-----w C:\Program Files\Smallvideosoft
2008-03-05 20:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 20:43 --------- d-----w C:\Program Files\Windows Live
2008-03-05 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-29 11:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-10-09 20:41 87,608 ----a-w C:\Documents and Settings\carl\Application Data\inst.exe
2007-10-09 20:41 47,360 ----a-w C:\Documents and Settings\carl\Application Data\pcouffin.sys
2007-01-01 20:29 26,400 ----a-w C:\Documents and Settings\carl\TB2Categories000.dat
2003-08-27 13:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{297800AF-0F98-48D2-84C9-A88BD70DF719}]
2008-04-19 22:00 275456 --a------ C:\WINDOWS\system32\xxyywUlL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
2008-04-19 21:54 38400 --a------ C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3730ce0-582d-4b69-883c-613308706456}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\bigmaq2\tbbigm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F3730CE0-582D-4B69-883C-613308706456}"= "C:\Program Files\bigmaq2\tbbigm.dll" [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F3730CE0-582D-4B69-883C-613308706456}"= C:\Program Files\bigmaq2\tbbigm.dll [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{f3730ce0-582d-4b69-883c-613308706456}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-14 21:44 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-31 22:54 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 19:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20 94208]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00 99840]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-06-30 19:29 1179648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-07-26 12:45 40960]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-07-29 12:07 188416]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 06:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-07 19:50 949376]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-05-06 22:01 82432]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 03:59 24576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\carl\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2006-10-16 21:14:20 534016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\urqQjkkH.dll [2008-04-19 21:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQjkkH]
urqQjkkH.dll 2008-04-19 21:54 38400 C:\WINDOWS\system32\urqQjkkH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\PROGRA~1\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= pclepim1.dll
"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax
"VIDC.MJPG"= Pvmjpg21.dll
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\burst\\btdownloadheadless.exe&qu