jbjlabs

The computer is slow, i get popups, and i have trouble using IE....

My HijackThis Log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-15 18:48:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-01-16 02:49:36 UTC - RP676 - Deckard's System Scanner Restore Point
60: 2008-01-15 23:34:40 UTC - RP675 - Software Distribution Service 3.0
59: 2008-01-14 04:32:06 UTC - RP674 - Software Distribution Service 3.0
58: 2008-01-13 11:01:13 UTC - RP673 - Software Distribution Service 3.0
57: 2008-01-12 11:01:07 UTC - RP672 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-17 20:11:30 UTC - RP616 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:07 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MalwareCrush\MalwareCrush.exe
C:\Program Files\MalwareCrush\MalwareCrush.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.0.0.2 www.i-dress-up.com
O1 - Hosts: 127.0.0.3 www.myspace.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A378F3F-74AF-4498-BCC7-90BE524C91A4} - (no file)
O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - (no file)
O2 - BHO: (no name) - {0DAC115D-B330-40BF-BE99-23204F12AF6B} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1A6189CC-167A-4690-AAA8-A8B5873078BE} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - (no file)
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Cxwdtoel\jzjjzukd.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {30F2A7AF-C2A6-4EF1-8E05-493AFA54EB39} - (no file)
O2 - BHO: (no name) - {37B5E3EE-94D6-4856-9BDF-E7550CF68DFF} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {3858FD99-F346-485F-B43D-F1BB1D394899} - (no file)
O2 - BHO: (no name) - {3FD390E8-2B59-49AF-8E67-FAB7C66D6434} - (no file)
O2 - BHO: (no name) - {445F383E-9CA4-42B7-96C8-DA36229C6AED} - (no file)
O2 - BHO: (no name) - {483AD3A8-6658-4C6E-AD0E-AE9C56BA0A74} - (no file)
O2 - BHO: (no name) - {498811B9-1DEF-40CF-82D1-DE95EDD72613} - (no file)
O2 - BHO: (no name) - {4AA93B29-C17F-42B9-B02B-3EAC735A0A15} - (no file)
O2 - BHO: (no name) - {4C3256D7-26F9-4866-9B5C-38509E3453C2} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53400F30-2EB4-49F8-B5BC-32360B4188CC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {54DE180D-E453-42FD-B2B3-2308F0D140ED} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\efcbbaw.dll (file missing)
O2 - BHO: (no name) - {6904ECAF-CD52-4057-BAFF-50ACC943E62C} - (no file)
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\urqqrrp.dll (file missing)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {700D8A59-F3A5-4A6F-B970-CFAAE02784E1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\jkkkjgg.dll (file missing)
O2 - BHO: (no name) - {88778AF4-B8BE-4468-8297-D129CB780F73} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\scgjacba.dll (file missing)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: (no name) - {92F10A62-C829-4B59-B0F7-6E4F48E1B794} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A5D99987-5B79-4B11-A5D6-F7F46808711D} - (no file)
O2 - BHO: (no name) - {AFD0CBBF-B05F-4D11-A1D1-EB8E37F809A2} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {B6F05979-9DCB-4A61-AB9D-98D91D4C1E02} - (no file)
O2 - BHO: (no name) - {B8973C24-A494-FA17-B35D-8A8A41827EC0} - (no file)
O2 - BHO: (no name) - {C008E07F-37A4-45D8-A044-0BB64B960D89} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - (no file)
O2 - BHO: (no name) - {CAB39BFE-C31E-496C-AFBC-048D788938CB} - (no file)
O2 - BHO: (no name) - {CCC1AF4F-7D77-403A-AFF2-338A00662E27} - (no file)
O2 - BHO: (no name) - {CE7F98C3-2511-4B49-9730-4B9F260A81F1} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DA76427D-800E-42BB-B104-41694FE66434} - (no file)
O2 - BHO: (no name) - {DB652A31-2468-4DD7-AF9F-501376EE2CF3} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {DD257673-E03A-4210-9261-9FABA2EE630C} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {DE33D2B5-CA4D-4F33-BCC7-83C3C3AB248B} - (no file)
O2 - BHO: (no name) - {E245D31A-F1FF-4AF8-A1A7-68695C433BC3} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {E2CD2C26-731B-4F20-A93B-F365769F9307} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v6.dll (file missing)
O2 - BHO: (no name) - {F123C548-2D9D-4953-B09D-642EB6700CAF} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {F1973DC9-5B9F-4ACB-8D05-67B49184D0B5} - (no file)
O2 - BHO: (no name) - {F1A882CC-E18C-4FE1-94C3-CA713606DEBE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {F26D1B6C-0A7F-47E1-92FC-1F518171532D} - (no file)
O2 - BHO: (no name) - {F2C4BBAB-FD1A-49F9-AC86-7E227A24647C} - (no file)
O2 - BHO: (no name) - {F4FCCB75-A7AF-47AC-BF53-28FF135EE591} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {F750FBF8-AF96-42C7-A817-042E95264EAB} - (no file)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\rqrppqr.dll
O2 - BHO: (no name) - {FF8FB66C-94C1-4A32-B29D-A11F20832A48} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [whmlglkl] rundll32.exe "C:\Program Files\rczclens\twxidyfc.dll",Init
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\cwibesci.dll",sitypnow
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [yhihmhov] rundll32.exe "C:\Program Files\yhihmhov\ivubwtyj.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win198.tmp.exe
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlur.dll,startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srbhteoe] C:\WINDOWS\a?sembly\l?***.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games2.gamefools.com/onlinega...ylomplayer.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: nslookup.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: ddcyvsr - ddcyvsr.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\
O20 - Winlogon Notify: efcbbaw - efcbbaw.dll (file missing)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: jkkkjgg - jkkkjgg.dll (file missing)
O20 - Winlogon Notify: ljjjjge - ljjjjge.dll (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\
O20 - Winlogon Notify: opnkkli - opnkkli.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: rqrppqr - C:\WINDOWS\SYSTEM32\rqrppqr.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: tuvssst - tuvssst.dll (file missing)
O20 - Winlogon Notify: tuvstqo - tuvstqo.dll (file missing)
O20 - Winlogon Notify: urqqrrp - urqqrrp.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O20 - Winlogon Notify: vtutr - C:\WINDOWS\
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\
O20 - Winlogon Notify: winveg32 - winveg32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 17382 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 Secdfu (USB DFU Device) - c:\windows\system32\drivers\secdfu.sys <Not Verified; Apple Computer Inc; SECDFU>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 UMWdf (Windows User Mode Driver Framework) - c:\windows\system32\wdfmgr.exe (file missing)
S2 WANMiniportService (WAN Miniport (ATW) Service) - "c:\windows\wanmpsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-08 12:31:24 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-15 18:53:09 0 d-------- C:\Program Files\Trend Micro
2008-01-15 18:34:01 0 d-------- C:\ie-spyad_zo
2008-01-15 18:30:11 0 d-------- C:\Program Files\SpywareBlaster
2008-01-15 16:34:24 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-15 16:12:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-15 16:12:06 0 d-------- C:\WINDOWS\LastGood
2008-01-15 15:41:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-15 15:41:08 0 d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-14 22:24:52 328224 --a------ C:\WINDOWS\system32\gebyw.dll
2008-01-14 21:26:29 328224 --a------ C:\WINDOWS\system32\awvvt.dll
2008-01-14 20:25:04 328224 --a------ C:\WINDOWS\system32\ddabc.dll
2008-01-14 19:24:53 328224 --a------ C:\WINDOWS\system32\awtqp.dll
2008-01-14 18:24:14 328224 --a------ C:\WINDOWS\system32\mljgh.dll
2008-01-14 17:24:24 328224 --a------ C:\WINDOWS\system32\awvtt.dll
2008-01-14 16:24:14 328224 --a------ C:\WINDOWS\system32\jkkjk.dll
2008-01-14 15:25:26 328224 --a------ C:\WINDOWS\system32\awtst.dll
2008-01-13 20:30:12 328224 --a------ C:\WINDOWS\system32\geebx.dll
2008-01-13 18:30:08 328224 --a------ C:\WINDOWS\system32\vtsts.dll
2008-01-13 17:30:07 328224 --a------ C:\WINDOWS\system32\gebcy.dll
2008-01-13 16:29:52 328224 --a------ C:\WINDOWS\system32\awvts.dll
2008-01-12 16:55:38 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-12 12:50:31 27540 --a------ C:\WINDOWS\system32\awtsp.dll
2008-01-11 10:29:15 0 d-------- C:\Program Files\MalwareCrush
2008-01-11 10:27:51 145 --a------ C:\WINDOWS\system32\winver.bat
2008-01-11 10:27:23 39424 --a------ C:\WINDOWS\system32\rqrppqr.dll
2008-01-08 16:21:40 0 d-------- C:\Program Files\AOL Games
2008-01-08 0155 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-01-06 00:53:53 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2008-01-06 00:53:41 0 d-------- C:\Program Files\Alcohol Soft
2008-01-06 00:37:41 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-06 00:30:23 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-01-05 22:44:42 0 d-------- C:\PS1
2008-01-05 22:21:47 0 d-------- C:\SNES
2008-01-05 22:21:36 0 d-------- C:\docs
2007-12-28 20:46:45 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2007-12-28 20:44:05 0 d-------- C:\Program Files\VideoLAN
2007-12-26 21:36:59 0 d-------- C:\Program Files\Apple Software Update
2007-12-26 20:58:16 13184 --a------ C:\WINDOWS\system32\drivers\Secdfu.sys <Not Verified; Apple Computer Inc; SECDFU>
2007-12-22 13:50:28 0 d-------- C:\Documents and Settings\All Users\Application Data\ESPN
2007-12-22 12:21:22 15360 --a------ C:\WINDOWS\system32\drvlurr.dll
2007-12-22 12:21:22 102912 --a------ C:\WINDOWS\system32\drvlur.dll
2007-12-16 17:32:02 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-01-15 17:29:46 0 d-------- C:\Program Files\iTunes
2008-01-15 16:04:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-01-15 15:22:55 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-01-05 22:21:38 594432 --a------ C:\zsnesw.exe
2007-12-27 09:28:20 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2007-12-26 21:45:09 0 d-------- C:\Program Files\iPod
2007-12-26 21:41:30 0 d-------- C:\Program Files\QuickTime
2007-12-24 18:37:31 0 d-------- C:\Program Files\Common Files
2007-12-18 23:32:37 0 d-------- C:\Program Files\Fashion Fits
2007-12-18 23:32:26 0 d-------- C:\Program Files\GameFiesta
2007-12-15 17:27:58 0 d-------- C:\Program Files\TVUPlayer <TVUPLA~1>
2007-12-15 17:27:33 0 d-------- C:\Documents and Settings\Owner\Application Data\TVU Networks
2007-12-10 20:09:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
2007-12-09 16:15:53 0 d-------- C:\Program Files\SecCenter
2007-12-09 16:15:52 0 d-------- C:\Program Files\MalwareAlarm
2007-12-09 16:15:52 0 d-------- C:\Program Files\E404DHelper
2007-12-09 16:15:52 0 d-------- C:\Program Files\E404 Helper
2007-12-04 00:29:49 441638 --ahs---- C:\WINDOWS\system32\qtvwa.ini2
2007-12-03 19:51:13 0 d-------- C:\Program Files\PokerStars.NET
2007-12-03 19:07:21 0 d-------- C:\Documents and Settings\Owner\Application Data\FinalBurner .ISO
2007-12-03 1925 0 d-------- C:\Program Files\FinalBurner
2007-12-03 18:53:46 6939 --ahs---- C:\WINDOWS\system32\qtvwa.bak2
2007-11-23 16:22:54 471804 --ahs---- C:\WINDOWS\system32\qtvwa.bak1
2007-11-21 01:55:00 6513 --ahs---- C:\WINDOWS\system32\bbeeg.bak1
2007-11-20 10:54:06 6513 --ahs---- C:\WINDOWS\system32\svvwa.bak1
2007-11-20 10:35:10 439298 --ahs---- C:\WINDOWS\system32\ihhkj.bak2
2007-11-20 10:33:24 321 --ahs---- C:\WINDOWS\system32\npqss.ini2
2007-11-19 14:15:52 6513 --ahs---- C:\WINDOWS\system32\npqss.bak1
2007-11-18 17:56:12 6513 --ahs---- C:\WINDOWS\system32\ihhkj.bak1
2007-11-18 17:48:43 15360 --a------ C:\WINDOWS\system32\drvruxr.dll
2007-11-18 14:09:06 467065 --ahs---- C:\WINDOWS\system32\nnnmp.bak1
2007-11-17 14:08:44 438918 --ahs---- C:\WINDOWS\system32\nnnmp.bak2
2007-11-15 09:44:53 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-15 09:23:05 15360 --a------ C:\WINDOWS\system32\drvtacr.dll
2007-10-31 19:07:56 6473 --ahs---- C:\WINDOWS\system32\ststv.bak1
2007-10-31 19:01:45 1149576 --a------ C:\Install
2007-10-15 17:05:23 695393 --ahs---- C:\WINDOWS\system32\kjjlm.ini2
2007-10-15 02:51:35 691161 --ahs---- C:\WINDOWS\system32\kjjlm.bak1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A378F3F-74AF-4498-BCC7-90BE524C91A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CD75D10-0BD8-48D1-9F41-76BAAFCEE734}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DAC115D-B330-40BF-BE99-23204F12AF6B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A6189CC-167A-4690-AAA8-A8B5873078BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
C:\Program Files\Cxwdtoel\jzjjzukd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F2A7AF-C2A6-4EF1-8E05-493AFA54EB39}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37B5E3EE-94D6-4856-9BDF-E7550CF68DFF}]
01/13/2008 06:30 PM 328224 --a------ C:\WINDOWS\system32\vtsts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3858FD99-F346-485F-B43D-F1BB1D394899}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FD390E8-2B59-49AF-8E67-FAB7C66D6434}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{445F383E-9CA4-42B7-96C8-DA36229C6AED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{483AD3A8-6658-4C6E-AD0E-AE9C56BA0A74}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{498811B9-1DEF-40CF-82D1-DE95EDD72613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA93B29-C17F-42B9-B02B-3EAC735A0A15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C3256D7-26F9-4866-9B5C-38509E3453C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53400F30-2EB4-49F8-B5BC-32360B4188CC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE180D-E453-42FD-B2B3-2308F0D140ED}]
C:\WINDOWS\system32\jkhhi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
C:\WINDOWS\system32\efcbbaw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6904ECAF-CD52-4057-BAFF-50ACC943E62C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA3809C-6261-456F-8FCA-43FE39ADC5E9}]
C:\WINDOWS\system32\urqqrrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{700D8A59-F3A5-4A6F-B970-CFAAE02784E1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
C:\WINDOWS\system32\jkkkjgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88778AF4-B8BE-4468-8297-D129CB780F73}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
C:\WINDOWS\system32\scgjacba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92F10A62-C829-4B59-B0F7-6E4F48E1B794}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{938A8A03-A938-4019-B764-03FF8D167D79}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5D99987-5B79-4B11-A5D6-F7F46808711D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFD0CBBF-B05F-4D11-A1D1-EB8E37F809A2}]
C:\WINDOWS\system32\vtsqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6F05979-9DCB-4A61-AB9D-98D91D4C1E02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8973C24-A494-FA17-B35D-8A8A41827EC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C008E07F-37A4-45D8-A044-0BB64B960D89}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAB39BFE-C31E-496C-AFBC-048D788938CB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCC1AF4F-7D77-403A-AFF2-338A00662E27}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE7F98C3-2511-4B49-9730-4B9F260A81F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF}]
C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA76427D-800E-42BB-B104-41694FE66434}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB652A31-2468-4DD7-AF9F-501376EE2CF3}]
C:\WINDOWS\system32\gebya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD257673-E03A-4210-9261-9FABA2EE630C}]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE33D2B5-CA4D-4F33-BCC7-83C3C3AB248B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E245D31A-F1FF-4AF8-A1A7-68695C433BC3}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E2CD2C26-731B-4F20-A93B-F365769F9307}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
C:\Program Files\E404 Helper\e404.v6.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F123C548-2D9D-4953-B09D-642EB6700CAF}]
C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1973DC9-5B9F-4ACB-8D05-67B49184D0B5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1A882CC-E18C-4FE1-94C3-CA713606DEBE}]
C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F26D1B6C-0A7F-47E1-92FC-1F518171532D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C4BBAB-FD1A-49F9-AC86-7E227A24647C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4FCCB75-A7AF-47AC-BF53-28FF135EE591}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F750FBF8-AF96-42C7-A817-042E95264EAB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}]
01/11/2008 10:27 AM 39424 --a------ C:\WINDOWS\system32\rqrppqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF8FB66C-94C1-4A32-B29D-A11F20832A48}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [11/03/2003 04:50 PM]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [09/12/2003 07:13 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 09:29 AM]
"AlcxMonitor"="ALCXMNTR.EXE" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 01:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"whmlglkl"="C:\Program Files\rczclens\twxidyfc.dll" []
"SearchIndexer"="C:\WINDOWS\system32\cwibesci.dll" []
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" []
"yhihmhov"="C:\Program Files\yhihmhov\ivubwtyj.dll" []
"SC2"="C:\Program Files\SecCenter\scprot4.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 02:43 AM]
"avp"="C:\WINDOWS\TEMP\win198.tmp.exe" []
"HP OfficeJet T Series"="C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" [09/25/2001 12:08 PM]
"CTDrive"="C:\WINDOWS\system32\drvlur.dll" [12/22/2007 12:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 12:04 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Srbhteoe"="C:\WINDOWS\a?sembly\l?***.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 07:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"Wallpaper"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\jkkkjgg.dll [ ]
"{B72CA17C-742C-4E70-ABF6-B3AF3EE1CFCE}"= C:\WINDOWS\system32\ddcyvsr.dll [ ]
"{183807B8-BC07-48A2-8DAD-ABC96FA6C7A8}"= C:\WINDOWS\system32\opnkkli.dll [ ]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\efcbbaw.dll [ ]
"{6AA3809C-6261-456F-8FCA-43FE39ADC5E9}"= C:\WINDOWS\system32\urqqrrp.dll [ ]
"{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}"= C:\WINDOWS\system32\rqrppqr.dll [01/11/2008 10:27 AM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyvsr]
ddcyvsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbbaw]
efcbbaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjgg]
jkkkjgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjge]
ljjjjge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkli]
opnkkli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrppqr]
rqrppqr.dll 01/11/2008 10:27 AM 39424 C:\WINDOWS\system32\rqrppqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvssst]
tuvssst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvstqo]
tuvstqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqrrp]
urqqrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winveg32]
winveg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=nslookup.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\gebya

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a71624-9eab-11db-9bcc-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad1eec6-6a02-11da-9927-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0c0c778-76cf-11dc-9d51-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e86655c8-9782-11db-9bb6-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

*Newly Created Service* - HYHTYKLBBQLJ
*Newly Created Service* - PXARK
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
C:\WINDOWS\system32\nusrmgr.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.2 www.i-dress-up.com
127.0.0.3 www.myspace.com


-- End of Deckard's System Scanner: finished at 2008-01-15 18:58:10 ------------

I ran a panda scan, the results are attached


Ugh malicious software is so annoying....

Attached Files

	extra.txt (15.3 KB, 0 views)
	Activescan.txt (46.0 KB, 0 views)

jbjlabs

bump AVG found viruses Lop and Virtumonde and panda found other trojans and stuff

Angelfire777

Hi, sorry for the delay.

If you still need assistance, please post a fresh main.txt log

jbjlabs

Okay here is a fresh HiJack THis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:38 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.0.0.2 www.i-dress-up.com
O1 - Hosts: 127.0.0.3 www.myspace.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A378F3F-74AF-4498-BCC7-90BE524C91A4} - (no file)
O2 - BHO: (no name) - {0CD75D10-0BD8-48D1-9F41-76BAAFCEE734} - (no file)
O2 - BHO: (no name) - {0DAC115D-B330-40BF-BE99-23204F12AF6B} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1A6189CC-167A-4690-AAA8-A8B5873078BE} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - (no file)
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Cxwdtoel\jzjjzukd.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {30F2A7AF-C2A6-4EF1-8E05-493AFA54EB39} - (no file)
O2 - BHO: (no name) - {37B5E3EE-94D6-4856-9BDF-E7550CF68DFF} - C:\WINDOWS\system32\vtsts.dll (file missing)
O2 - BHO: (no name) - {3858FD99-F346-485F-B43D-F1BB1D394899} - (no file)
O2 - BHO: (no name) - {3FD390E8-2B59-49AF-8E67-FAB7C66D6434} - (no file)
O2 - BHO: (no name) - {445F383E-9CA4-42B7-96C8-DA36229C6AED} - (no file)
O2 - BHO: (no name) - {483AD3A8-6658-4C6E-AD0E-AE9C56BA0A74} - (no file)
O2 - BHO: (no name) - {498811B9-1DEF-40CF-82D1-DE95EDD72613} - (no file)
O2 - BHO: (no name) - {4AA93B29-C17F-42B9-B02B-3EAC735A0A15} - (no file)
O2 - BHO: (no name) - {4C3256D7-26F9-4866-9B5C-38509E3453C2} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53400F30-2EB4-49F8-B5BC-32360B4188CC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {54DE180D-E453-42FD-B2B3-2308F0D140ED} - C:\WINDOWS\system32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\system32\efcbbaw.dll (file missing)
O2 - BHO: (no name) - {6904ECAF-CD52-4057-BAFF-50ACC943E62C} - (no file)
O2 - BHO: (no name) - {6AA3809C-6261-456F-8FCA-43FE39ADC5E9} - C:\WINDOWS\system32\urqqrrp.dll (file missing)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {700D8A59-F3A5-4A6F-B970-CFAAE02784E1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\jkkkjgg.dll (file missing)
O2 - BHO: (no name) - {88778AF4-B8BE-4468-8297-D129CB780F73} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\scgjacba.dll (file missing)
O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
O2 - BHO: (no name) - {92F10A62-C829-4B59-B0F7-6E4F48E1B794} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A5D99987-5B79-4B11-A5D6-F7F46808711D} - (no file)
O2 - BHO: (no name) - {AFD0CBBF-B05F-4D11-A1D1-EB8E37F809A2} - C:\WINDOWS\system32\vtsqn.dll (file missing)
O2 - BHO: (no name) - {B6F05979-9DCB-4A61-AB9D-98D91D4C1E02} - (no file)
O2 - BHO: (no name) - {B8973C24-A494-FA17-B35D-8A8A41827EC0} - (no file)
O2 - BHO: (no name) - {C008E07F-37A4-45D8-A044-0BB64B960D89} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - (no file)
O2 - BHO: (no name) - {CAB39BFE-C31E-496C-AFBC-048D788938CB} - (no file)
O2 - BHO: (no name) - {CCC1AF4F-7D77-403A-AFF2-338A00662E27} - (no file)
O2 - BHO: (no name) - {CE7F98C3-2511-4B49-9730-4B9F260A81F1} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {DA76427D-800E-42BB-B104-41694FE66434} - (no file)
O2 - BHO: (no name) - {DB652A31-2468-4DD7-AF9F-501376EE2CF3} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {DD257673-E03A-4210-9261-9FABA2EE630C} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: (no name) - {DE33D2B5-CA4D-4F33-BCC7-83C3C3AB248B} - (no file)
O2 - BHO: (no name) - {E245D31A-F1FF-4AF8-A1A7-68695C433BC3} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {E2CD2C26-731B-4F20-A93B-F365769F9307} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v6.dll (file missing)
O2 - BHO: (no name) - {F123C548-2D9D-4953-B09D-642EB6700CAF} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: (no name) - {F1973DC9-5B9F-4ACB-8D05-67B49184D0B5} - (no file)
O2 - BHO: (no name) - {F1A882CC-E18C-4FE1-94C3-CA713606DEBE} - C:\WINDOWS\system32\mljjk.dll (file missing)
O2 - BHO: (no name) - {F26D1B6C-0A7F-47E1-92FC-1F518171532D} - (no file)
O2 - BHO: (no name) - {F2C4BBAB-FD1A-49F9-AC86-7E227A24647C} - (no file)
O2 - BHO: (no name) - {F4FCCB75-A7AF-47AC-BF53-28FF135EE591} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {F750FBF8-AF96-42C7-A817-042E95264EAB} - (no file)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\rqrppqr.dll (file missing)
O2 - BHO: (no name) - {FF8FB66C-94C1-4A32-B29D-A11F20832A48} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151028769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [whmlglkl] rundll32.exe "C:\Program Files\rczclens\twxidyfc.dll",Init
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\cwibesci.dll",sitypnow
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [yhihmhov] rundll32.exe "C:\Program Files\yhihmhov\ivubwtyj.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win198.tmp.exe
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlur.dll,startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MalwareCrush] C:\Program Files\MalwareCrush\MalwareCrush.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srbhteoe] C:\WINDOWS\a?sembly\l?***.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games2.gamefools.com/onlinega...ylomplayer.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: nslookup.dll
O20 - Winlogon Notify: awtqq - C:\WINDOWS\
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: ddcyvsr - ddcyvsr.dll (file missing)
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\
O20 - Winlogon Notify: efcbbaw - efcbbaw.dll (file missing)
O20 - Winlogon Notify: gebcb - C:\WINDOWS\
O20 - Winlogon Notify: jkkkjgg - jkkkjgg.dll (file missing)
O20 - Winlogon Notify: ljjjjge - ljjjjge.dll (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\
O20 - Winlogon Notify: opnkkli - opnkkli.dll (file missing)
O20 - Winlogon Notify: pmkhf - C:\WINDOWS\
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\
O20 - Winlogon Notify: rqrppqr - rqrppqr.dll (file missing)
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: tuvssst - tuvssst.dll (file missing)
O20 - Winlogon Notify: tuvstqo - tuvstqo.dll (file missing)
O20 - Winlogon Notify: urqqrrp - urqqrrp.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\
O20 - Winlogon Notify: vtutr - C:\WINDOWS\
O20 - Winlogon Notify: winrge32 - C:\WINDOWS\
O20 - Winlogon Notify: winveg32 - winveg32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)

--
End of file - 17273 bytes

Angelfire777

Hi,

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.