Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
hey, i'm having a lot of difficult using my laptop i lent it out to a friend and when i got it back i can't even use it!! internet browsing is hell and all my applications run so slowly like a 500 mhz ancient system when it's a core duo.. everything is crashing and iget random pop ups and i'm finding weird processes in the Windows Task Manager like:

mrufino1535.exe
scardsrv.exe
spoolsv.exe
bot.exe
wimmm.exe

and i found random batch read me's and .exe in windows and firefox folders which won't allow me to delete it goes "access denied" or whatever


help!! these are my hijack this and DSS logs


DSS



Deckard's System Scanner v20071014.68
Run by Cap'n on 2008-02-19 06:03:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-19 11:03:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.74 GiB (less than 15%) free.


-- HijackThis (run as Cap'n.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:04:23 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Cap'n\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Cap'n\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Cap'n.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {393C2547-B2AB-422C-87AF-385238C73416} - C:\WINDOWS\system32\xxyywuv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1203415210.dll (file missing)
O2 - BHO: (no name) - {E5B6A9F2-1639-4E25-9CD1-178F1F812736} - C:\WINDOWS\system32\clbcate.dll
O2 - BHO: (no name) - {FA1E5729-16CB-4F86-99FB-0AAA20E3D4B9} - C:\WINDOWS\system32\mllmj.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WintelUpdate] C:\jupss.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyywuv - C:\WINDOWS\SYSTEM32\xxyywuv.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)


-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 jnbkbble - c:\windows\system32\drivers\scdzuvow.dat
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 npkcrypt - c:\program files\rebirthro\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S4 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>

S2 msupdate (Microsoft security update service) - c:\windows\system32\msvcrtd.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&3ECF2478&1
Manufacturer:
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&3ECF2478&1
Service: aebt9cna

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2007-06-15 10:31:00 338 --a----c- C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-06-15 10:31:00 264 --a----c- C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-03-12 13:49:49 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-19 and 2008-02-19 -----------------------------

2008-02-19 05:24:59 0 dr-h----- C:\Documents and Settings\Cap'n\Recent
2008-02-19 05:19:43 335 --a------ C:\WINDOWS\mozregistry.dat
2008-02-19 05:18:30 40960 --a------ C:\WINDOWS\mmhren1.exe
2008-02-19 05:03:23 19042 --ahs---- C:\WINDOWS\system32\jmllm.ini2
2008-02-19 05:03:18 327168 --a------ C:\WINDOWS\system32\mllmj.dll
2008-02-19 05:02:40 19584 --a------ C:\WINDOWS\system32\drivers\scdzuvow.dat
2008-02-19 04:58:54 35840 --a------ C:\WINDOWS\system32\msvcrtd.exe
2008-02-19 04:58:44 87552 --a------ C:\WINDOWS\system32\clbcate.dll
2008-02-19 04:58:32 54764 --a------ C:\WINDOWS\system32\3klagia.dll
2008-02-19 04:58:23 41984 --a------ C:\WINDOWS\system32\urqonki.dll
2008-02-19 04:58:22 36864 --a------ C:\WINDOWS\mrofinu1535.exe
2008-02-19 04:58:02 41984 --a------ C:\WINDOWS\system32\xxyywuv.dll
2008-01-30 18:59:48 0 d-------- C:\Program Files\World of Warcraft
2008-01-30 18:44:35 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-23 15:37:46 0 d-------- C:\Program Files\Flagship Studios
2008-01-21 08:11:50 0 d-------- C:\Program Files\ASIO4ALL v2
2008-01-21 08:11:27 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-01-21 08:11:27 0 d-------- C:\Program Files\VstPlugins
2008-01-21 08:10:04 0 d-------- C:\Program Files\Image-Line


-- Find3M Report ---------------------------------------------------------------

2008-02-19 05:25:17 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Azureus
2008-02-19 02:49:50 57353 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-19 02:49:36 0 d-------- C:\Program Files\Warcraft III
2008-02-13 10:04:30 0 d-------- C:\Program Files\Soulseek
2008-02-12 18:59:36 0 d---s---- C:\Program Files\Xfire
2008-02-11 23:19:35 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Xfire
2008-02-06 18:27:45 67264 --a----c- C:\WINDOWS\War3Unin.dat
2008-02-05 01:00:48 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Skype
2008-01-30 20:06:21 0 d-------- C:\Program Files\Final Fantasy VII
2008-01-30 18:44:35 0 d-------- C:\Program Files\Common Files
2008-01-28 22:12:59 0 d-------- C:\Program Files\RebirthRO
2008-01-28 17:45:04 228 --a----c- C:\Documents and Settings\Cap'n\Application Data\Multique.ini
2008-01-10 01:11:02 0 d-------- C:\Program Files\Starcraft
2008-01-03 00:47:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 22:26:29 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-26 22:26:29 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-26 22:26:29 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-23 03:43:49 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Adobe
2007-11-28 01:15:24 1302 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393C2547-B2AB-422C-87AF-385238C73416}]
02/19/2008 04:58 AM 41984 --a------ C:\WINDOWS\system32\xxyywuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
C:\Program Files\Helper\1203415210.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5B6A9F2-1639-4E25-9CD1-178F1F812736}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA1E5729-16CB-4F86-99FB-0AAA20E3D4B9}]
02/19/2008 05:03 AM 327168 --a------ C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [03/21/2006 06:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"MBMon"="CTMBHA.DLL" [06/28/2006 11:12 PM C:\WINDOWS\system32\CTMBHA.DLL]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [09/14/2005 08:50 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/21/2006 06:03 AM]
"nwiz"="nwiz.exe" [03/21/2006 06:03 AM C:\WINDOWS\system32\nwiz.exe]
"runner1"="C:\WINDOWS\mrofinu1535.exe" [02/19/2008 04:58 AM]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [02/19/2008 05:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"WintelUpdate"="C:\jupss.exe" []
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [02/19/2008 05:17 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{393C2547-B2AB-422C-87AF-385238C73416}"= C:\WINDOWS\system32\xxyywuv.dll [02/19/2008 04:58 AM 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywuv]
xxyywuv.dll 02/19/2008 04:58 AM 41984 C:\WINDOWS\system32\xxyywuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cap'n^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Cap'n\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c30564-4ab6-11db-b31c-0015c5b29a00}]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e75225a9-38af-11dc-b5d4-0015c5b29a00}]
AutoRun\command- setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-02-19 06:06:01 ------------




Now HiJack this log:

Logfile of HijackThis v1.99.1
Scan saved at 6:08:50 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Cap'n\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WintelUpdate] C:\jupss.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)






and attached in the extra log file for DSS
 

Attachments

·
Registered
Joined
·
3 Posts
Discussion Starter · #2 ·
Euuuugh my laptop is going crazy each minute i'm using it HELP PLEASE! hehe i'm new on these forums


i'm getting all these weird processes i'm unable to close in task manager like "command'exe"

and now i noticed in my C: drive i have well over 2000 "posa1.tmp" files.... i don't know what's gong on i have over 2000 pos.tmp files i get critical system errors all the time i think it got worse and more trojans were installed so here is an updated DSS log


Deckard's System Scanner v20071014.68
Run by Cap'n on 2008-02-20 11:17:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.83 GiB (less than 15%) free.


-- HijackThis (run as Cap'n.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-20 11:17:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\Q2FwJ24\command.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Temp\2BBCD7A5.exe
C:\Documents and Settings\Cap'n\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2060916
F0 - win.ini: run=C:\WINDOWS\mmhren1.exe
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {343A999D-7759-59DA-5717-5F00B7BD8A95} - C:\WINDOWS\system32\kqre.dll
O2 - BHO: (no name) - {393C2547-B2AB-422C-87AF-385238C73416} - C:\WINDOWS\system32\xxyywuv.dll
O2 - BHO: (no name) - {52300FD3-4F61-4A90-807F-26C66B9267B3} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D471CB8-05E4-4CE3-80C7-B126D198CA9E} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: {b2566a26-2f0a-224a-2514-1481a441b50a} - {a05b144a-1841-4152-a422-a0f262a6652b} - C:\WINDOWS\system32\cbxbldoa.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wxtonpvl.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1203415210.dll (file missing)
O2 - BHO: (no name) - {E5B6A9F2-1639-4E25-9CD1-178F1F812736} - C:\WINDOWS\system32\clbcate.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\2BBCD7A5.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: wxtonpvl - C:\WINDOWS\system32\wxtonpvl.dll
O20 - Winlogon Notify: xxyywuv - C:\WINDOWS\system32\xxyywuv.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2FwJ24\command.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msvcrtd.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


--
End of file - 7144 bytes

-- Files created between 2008-01-20 and 2008-02-20 -----------------------------

2008-02-20 09:14:13 94784 --a------ C:\WINDOWS\system32\cbxbldoa.dll
2008-02-20 09:11:13 87616 --a------ C:\WINDOWS\system32\tfmtnauk.dll
2008-02-20 09:09:09 163904 --a------ C:\WINDOWS\system32\wxtonpvl.dll
2008-02-20 09:09:04 163904 --a------ C:\WINDOWS\system32\pfnjujas.dll
2008-02-20 09:08:13 178419 --ahs---- C:\WINDOWS\system32\prqss.ini2
2008-02-20 09:07:58 320000 --a------ C:\WINDOWS\system32\ssqrp.dll
2008-02-20 08:40:59 0 d-------- C:\VundoFix Backups
2008-02-20 07:49:58 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-20 06:55:34 0 d-------- C:\Program Files\JavaCore
2008-02-20 06:05:16 99328 --a------ C:\WINDOWS\b152.exe
2008-02-20 05:50:22 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-02-20 05:50:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-02-20 05:50:05 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-02-20 05:50:05 0 d--hs---- C:\WINDOWS\Q2FwJ24
2008-02-20 05:50:05 0 d-------- C:\Program Files\Network Monitor
2008-02-20 05:45:40 0 d-------- C:\Program Files\Outerinfo
2008-02-20 05:45:35 60928 --a------ C:\WINDOWS\system32\kqre.dll
2008-02-20 05:45:12 41724 ---hs---- C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2008-02-20 05:45:10 0 d-------- C:\Program Files\Common Files\??curity
2008-02-20 05:39:54 0 d-------- C:\Documents and Settings\Cap'n\Application Data\WinTouch
2008-02-20 05:29:41 0 d-------- C:\Program Files\Temporary
2008-02-19 05:24:59 0 dr-h----- C:\Documents and Settings\Cap'n\Recent
2008-02-19 05:19:43 335 --a------ C:\WINDOWS\mozregistry.dat
2008-02-19 05:02:40 19584 --a------ C:\WINDOWS\system32\drivers\scdzuvow.dat
2008-02-19 04:58:54 35840 --a------ C:\WINDOWS\system32\msvcrtd.exe
2008-02-19 04:58:44 87552 --a------ C:\WINDOWS\system32\clbcate.dll
2008-02-19 04:58:32 54764 --a------ C:\WINDOWS\system32\3klagia.dll
2008-02-19 04:58:23 41984 --a------ C:\WINDOWS\system32\urqonki.dll
2008-02-19 04:58:02 41984 --a------ C:\WINDOWS\system32\xxyywuv.dll
2008-02-17 08:17:52 50176 --a------ C:\WINDOWS\b153.exe
2008-01-30 18:59:48 0 d-------- C:\Program Files\World of Warcraft
2008-01-30 18:44:35 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-23 15:37:46 0 d-------- C:\Program Files\Flagship Studios
2008-01-21 08:11:50 0 d-------- C:\Program Files\ASIO4ALL v2
2008-01-21 08:11:27 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-01-21 08:11:27 0 d-------- C:\Program Files\VstPlugins
2008-01-21 08:10:04 0 d-------- C:\Program Files\Image-Line


-- Find3M Report ---------------------------------------------------------------

2008-02-20 08:37:46 57353 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-20 08:37:34 0 d-------- C:\Program Files\Warcraft III
2008-02-20 08:04:27 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Azureus
2008-02-20 05:45:12 0 d-------- C:\Program Files\Common Files
2008-02-20 05:45:11 0 d-------- C:\Program Files\Common Files\??curity
2008-02-13 10:04:30 0 d-------- C:\Program Files\Soulseek
2008-02-12 18:59:36 0 d---s---- C:\Program Files\Xfire
2008-02-11 23:19:35 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Xfire
2008-02-06 18:27:45 67264 --a----c- C:\WINDOWS\War3Unin.dat
2008-02-05 01:00:48 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Skype
2008-01-30 20:06:21 0 d-------- C:\Program Files\Final Fantasy VII
2008-01-28 22:12:59 0 d-------- C:\Program Files\RebirthRO
2008-01-28 17:45:04 228 --a----c- C:\Documents and Settings\Cap'n\Application Data\Multique.ini
2008-01-16 10:01:25 224256 --a------ C:\WINDOWS\b128.exe
2008-01-15 16:34:06 140800 ---hs---- C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
2008-01-10 01:11:02 0 d-------- C:\Program Files\Starcraft
2008-01-03 00:47:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 22:26:29 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-12-26 22:26:29 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-12-26 22:26:29 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-12-23 03:43:49 0 d-------- C:\Documents and Settings\Cap'n\Application Data\Adobe
2007-12-11 07:11:43 96256 --a------ C:\WINDOWS\b151.exe
2007-11-28 01:15:24 1302 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{343A999D-7759-59DA-5717-5F00B7BD8A95}]
01/28/2008 11:29 AM 60928 --a------ C:\WINDOWS\system32\kqre.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{393C2547-B2AB-422C-87AF-385238C73416}]
02/19/2008 04:58 AM 41984 --a------ C:\WINDOWS\system32\xxyywuv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52300FD3-4F61-4A90-807F-26C66B9267B3}]
02/20/2008 09:08 AM 320000 --a------ C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D471CB8-05E4-4CE3-80C7-B126D198CA9E}]
C:\WINDOWS\system32\mllmj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a05b144a-1841-4152-a422-a0f262a6652b}]
02/20/2008 09:14 AM 94784 --a------ C:\WINDOWS\system32\cbxbldoa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
02/20/2008 09:09 AM 163904 --a------ C:\WINDOWS\system32\wxtonpvl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
C:\Program Files\Helper\1203415210.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5B6A9F2-1639-4E25-9CD1-178F1F812736}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [03/21/2006 06:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 04:30 PM C:\WINDOWS\stsystra.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [10/31/2005 10:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/21/2006 06:03 AM]
"nwiz"="nwiz.exe" [03/21/2006 06:03 AM C:\WINDOWS\system32\nwiz.exe]
"2gb4i3hn"="C:\WINDOWS\TEMP\2BBCD7A5.exe" [02/20/2008 11:16 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [02/20/2008 06:55 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{393C2547-B2AB-422C-87AF-385238C73416}"= C:\WINDOWS\system32\xxyywuv.dll [02/19/2008 04:58 AM 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wxtonpvl]
wxtonpvl.dll 02/20/2008 09:09 AM 163904 C:\WINDOWS\system32\wxtonpvl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywuv]
xxyywuv.dll 02/19/2008 04:58 AM 41984 C:\WINDOWS\system32\xxyywuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cap'n^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Cap'n\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c30564-4ab6-11db-b31c-0015c5b29a00}]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80a1f895-4a65-11db-b319-806d6172696f}]
AutoRun\command- D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e75225a9-38af-11dc-b5d4-0015c5b29a00}]
AutoRun\command- setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-02-20 11:20:20 ------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top