rundll problem

hi having a problem on start up a dll message pops uperror loading c:\windows\system32\j0261930.dll the specified module could not be found and one help?

 

Download Hijackthis ver. 1.99.1 from HERE and save it to your Desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch HijackThis.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Copy and paste the log to this topic

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

 

hackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:31:28, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j0261930] rundll32 C:\WINDOWS\system32\j0261930.dll sook
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Online Virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online Virus Scanner] avp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum

========

Please download VundoFix.exeto your desktop.
* Double-click *VundoFix.exe* to run it.
* Click the *Scan for Vundo* button.
* Once it's done scanning, click the *Remove Vundo* button.
* You will receive a prompt asking if you want to remove the files, click "YES"
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click *OK*.
* Please post the contents of C:\*vundofix.txt* Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

======

Rename HijackThis.exe

1. Right click on the HijackThis icon.



2. Select Rename.



3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
Hit the enter key on keyboard.



Double click on Scanner.exe.
Click on Do a system scan and save a logfile. Post log in next reply.

 

do i have to run runthis.bat in safe mode?

 

ok here's my sdfix log


SDFix: Version 1.90

Run by Compaq_Owner on 12/07/2007 at 17:45

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\Temp\win10.tmp.exe - Deleted
C:\WINDOWS\Temp\win1C6.tmp.exe - Deleted
C:\WINDOWS\Temp\win45.tmp.exe - Deleted
C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
C:\WINDOWS\Temp\win7.tmp.exe - Deleted
C:\WINDOWS\Temp\win79.tmp.exe - Deleted
C:\WINDOWS\Temp\win83.tmp.exe - Deleted
C:\WINDOWS\Temp\win85.tmp.exe - Deleted
C:\WINDOWS\Temp\win89.tmp.exe - Deleted
C:\WINDOWS\Temp\win8B.tmp.exe - Deleted
C:\WINDOWS\Temp\win9.tmp.exe - Deleted
C:\WINDOWS\Temp\win99.tmp.exe - Deleted
C:\WINDOWS\Temp\winE.tmp.exe - Deleted
C:\WINDOWS\Temp\win10.tmp.exe - Deleted
C:\WINDOWS\Temp\win1C6.tmp.exe - Deleted
C:\WINDOWS\Temp\win45.tmp.exe - Deleted
C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
C:\WINDOWS\Temp\win7.tmp.exe - Deleted
C:\WINDOWS\Temp\win79.tmp.exe - Deleted
C:\WINDOWS\Temp\win83.tmp.exe - Deleted
C:\WINDOWS\Temp\win85.tmp.exe - Deleted
C:\WINDOWS\Temp\win89.tmp.exe - Deleted
C:\WINDOWS\Temp\win8B.tmp.exe - Deleted
C:\WINDOWS\Temp\win9.tmp.exe - Deleted
C:\WINDOWS\Temp\win99.tmp.exe - Deleted
C:\WINDOWS\Temp\winE.tmp.exe - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\winC4C.tmp.exe - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\winC54.tmp.exe - Deleted
C:\WINDOWS\system32\1_exception.nls - Deleted
C:\WINDOWS\system32\avp.exe - Deleted
C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\asnqkoag.exe"="C:\\WINDOWS\\system32\\asn"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Compaq_Owner\\My Documents\\programs\\new programs\\utorrent.exe"="C:\\Documents and Settings\\Compaq_Owner\\My Documents\\programs\\new programs\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\avp.exe"="C:\\WINDOWS\\system32\\avp.exe:*isabled:avp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\SMINST\HPCD.SYS
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\oqstv.tmp2
C:\WINDOWS\system32\qdohdbks.tmp
C:\WINDOWS\system32\qrqss.tmp
C:\WINDOWS\system32\vyadd.tmp
C:\WINDOWS\system32\xycdd.tmp

Finished

 

here's my vundofix log



VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 18:00:07 12/07/2007

Listing files found while scanning....

C:\windows\system32\ddcyx.dll
C:\windows\system32\gebcccd.dll
C:\WINDOWS\system32\hhfflwax.dll
C:\WINDOWS\system32\huhfjswu.dll
C:\WINDOWS\system32\lftssite.dll
C:\WINDOWS\system32\mcpinybs.dll
C:\WINDOWS\system32\nggnlhwr.dll
C:\WINDOWS\system32\sklvajrx.dll
C:\WINDOWS\system32\ssqpnki.dll
C:\WINDOWS\system32\tkxjitlo.dll
C:\windows\system32\vtuuuuv.dll
C:\windows\system32\xxyxwvv.dll
C:\WINDOWS\system32\xycdd.bak1
C:\windows\system32\xycdd.bak2
C:\windows\system32\xycdd.ini
C:\windows\system32\xycdd.ini2
C:\windows\system32\xycdd.tmp

Beginning removal...

Attempting to delete C:\windows\system32\ddcyx.dll
C:\windows\system32\ddcyx.dll Has been deleted!

Attempting to delete C:\windows\system32\gebcccd.dll
C:\windows\system32\gebcccd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpnki.dll
C:\WINDOWS\system32\ssqpnki.dll Could not be deleted.

Attempting to delete C:\windows\system32\vtuuuuv.dll
C:\windows\system32\vtuuuuv.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyxwvv.dll
C:\windows\system32\xxyxwvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

Attempting to delete C:\windows\system32\xycdd.bak2
C:\windows\system32\xycdd.bak2 Has been deleted!

Attempting to delete C:\windows\system32\xycdd.ini
C:\windows\system32\xycdd.ini Has been deleted!

Attempting to delete C:\windows\system32\xycdd.ini2
C:\windows\system32\xycdd.ini2 Has been deleted!

Attempting to delete C:\windows\system32\xycdd.tmp
C:\windows\system32\xycdd.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 18:06:32 12/07/2007

Listing files found while scanning....

C:\windows\system32\ssqpnki.dll

Beginning removal...

Attempting to delete C:\windows\system32\ssqpnki.dll
C:\windows\system32\ssqpnki.dll Has been deleted!

Performing Repairs to the registry.
Done!

 

and the last one



Logfile of HijackThis v1.99.1
Scan saved at 18:13:23, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll
O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
O2 - BHO: (no name) - {F53F1367-BCD2-431B-B685-AC0C517FE6Ff} - C:\WINDOWS\system32\dmfxshgr.dll
O2 - BHO: (no name) - {F6A97784-2689-475C-83BB-12D6CEA39706} - C:\WINDOWS\system32\dmfxshgr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [j0261930] rundll32 C:\WINDOWS\system32\j0261930.dll sook
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

hi what do i do next?

 

wait..

Let´s take closer loog to

Download and Run ComboFix
*Download this file from either of the two below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

*Then double click combofix.exe & follow the prompts.
*When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

combofix log

"Compaq_Owner" - 2007-07-13 16:13:49 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winflyer32.dll
C:\WINDOWS\system32\dmfxshgr.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\iforex.com
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\www.broadcaster.com
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_RUNTIME


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 18:01 66,068 --a------ C:\WINDOWS\system32\cnlinjxy.exe
2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-12 17:38 66,580 --a------ C:\WINDOWS\system32\bkqqgvbi.dll
2007-07-12 17:32 66,068 --a------ C:\WINDOWS\system32\cadftayw.exe
2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
2007-07-12 16:06 66,580 --a------ C:\WINDOWS\system32\ivpncuwh.dll
2007-07-12 16:01 66,068 --a------ C:\WINDOWS\system32\desmmmwi.exe
2007-07-12 15:46 66,580 --a------ C:\WINDOWS\system32\wijfrnfr.dll
2007-07-12 15:46 66,068 --a------ C:\WINDOWS\system32\jijnvwev.exe
2007-07-12 13:50 66,580 --a------ C:\WINDOWS\system32\cddfmjto.dll
2007-07-12 13:47 66,068 --a------ C:\WINDOWS\system32\ppdvbdix.exe
2007-07-11 19:14 66,068 --a------ C:\WINDOWS\system32\ssbgklbb.exe
2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2007-07-11 18:53 66,580 --a------ C:\WINDOWS\system32\hxmymwcg.dll
2007-07-11 18:41 66,580 --a------ C:\WINDOWS\system32\aeqrtlje.dll
2007-07-11 18:39 66,068 --a------ C:\WINDOWS\system32\fvwdquup.exe
2007-07-11 17:43 66,580 --a------ C:\WINDOWS\system32\lteswpyn.dll
2007-07-11 17:40 66,068 --a------ C:\WINDOWS\system32\pwpgphsp.exe
2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
2007-07-11 16:41 66,580 --a------ C:\WINDOWS\system32\rdyxwjne.dll
2007-07-11 16:35 66,068 --a------ C:\WINDOWS\system32\enxihfks.exe
2007-07-11 16:27 66,068 --a------ C:\WINDOWS\system32\ledbkoir.exe
2007-07-11 16:09 66,068 --a------ C:\WINDOWS\system32\qtwcguki.exe
2007-07-11 16:06 66,580 --a------ C:\WINDOWS\system32\sifttvut.dll
2007-07-11 16:05 66,068 --a------ C:\WINDOWS\system32\vgmvnnoi.exe
2007-07-11 14:05 66,068 --a------ C:\WINDOWS\system32\pkqymxwj.exe
2007-07-10 22:54 66,068 --a------ C:\WINDOWS\system32\pjfguoxp.exe
2007-07-10 19:12 66,068 --a------ C:\WINDOWS\system32\dbxuttqn.exe
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
2007-07-10 16:35 66,068 --a------ C:\WINDOWS\system32\eljyregd.exe
2007-07-10 16:19 66,068 --a------ C:\WINDOWS\system32\lixqtpaf.exe
2007-07-10 16:07 66,068 --a------ C:\WINDOWS\system32\dypafunj.exe
2007-07-10 11:40 66,068 --a------ C:\WINDOWS\system32\rwntiuyb.exe
2007-07-09 19:03 66,068 --a------ C:\WINDOWS\system32\xqdhdphm.exe
2007-07-09 18:22 66,068 --a------ C:\WINDOWS\system32\qqfwjtyr.exe
2007-07-09 17:55 66,068 --a------ C:\WINDOWS\system32\agvagaob.exe
2007-07-09 17:33 66,068 --a------ C:\WINDOWS\system32\qjgbwvbi.exe
2007-07-09 17:28 66,068 --a------ C:\WINDOWS\system32\nsemaoss.exe
2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-27 17:27 21,504 --a------ C:\WINDOWS\system32\cc3250v.dll
2007-06-27 17:22 21,504 --a------ C:\WINDOWS\system32\activedsb.dll
2007-06-27 17:21 21,504 --a------ C:\WINDOWS\system32\activedsv.dll
2007-06-27 17:18 21,504 --a------ C:\WINDOWS\system32\bfc42da.dll
2007-06-27 17:15 21,504 --a------ C:\WINDOWS\system32\acctress.dll
2007-06-27 17:09 21,504 --a------ C:\WINDOWS\system32\cewmdma.dll
2007-06-27 17:07 21,504 --a------ C:\WINDOWS\system32\autodisca.dll
2007-06-27 17:05 21,504 --a------ C:\WINDOWS\system32\admparses.dll
2007-06-27 17:00 21,504 --a------ C:\WINDOWS\system32\adsldps.dll
2007-06-27 16:57 21,504 --a------ C:\WINDOWS\system32\ciadminb.dll
2007-06-27 16:57 <DIR> d-------- C:\Program Files\TrustIn Contextual
2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 16:53:28 1,639,651 --sha-w C:\WINDOWS\system32\qdohdbks.ini2
2007-04-19 19:46:44 480,695 --sha-w C:\WINDOWS\system32\oqstv.bak1
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
2007-06-27 17:27 21504 --a------ C:\WINDOWS\system32\cc3250v.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]
2007-06-27 17:27 23040 --a------ C:\Program Files\TrustIn Contextual\trustincontext.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
C:\WINDOWS\system32\ddcyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"PowerBar"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 15:05:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 16:17:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 16:19:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-13 16:19

--- E O F ---

 

Open control panel add/remove programs

remove

TrustIn Contextual (if present)

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript (Check the spelling)



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Also post fresh hijackthis log

 

"Compaq_Owner" - 2007-07-13 17:52:02 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 18:01 66,068 --a------ C:\WINDOWS\system32\cnlinjxy.exe
2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-12 17:38 66,580 --a------ C:\WINDOWS\system32\bkqqgvbi.dll
2007-07-12 17:32 66,068 --a------ C:\WINDOWS\system32\cadftayw.exe
2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
2007-07-12 16:06 66,580 --a------ C:\WINDOWS\system32\ivpncuwh.dll
2007-07-12 16:01 66,068 --a------ C:\WINDOWS\system32\desmmmwi.exe
2007-07-12 15:46 66,580 --a------ C:\WINDOWS\system32\wijfrnfr.dll
2007-07-12 15:46 66,068 --a------ C:\WINDOWS\system32\jijnvwev.exe
2007-07-12 13:50 66,580 --a------ C:\WINDOWS\system32\cddfmjto.dll
2007-07-12 13:47 66,068 --a------ C:\WINDOWS\system32\ppdvbdix.exe
2007-07-11 19:14 66,068 --a------ C:\WINDOWS\system32\ssbgklbb.exe
2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2007-07-11 18:53 66,580 --a------ C:\WINDOWS\system32\hxmymwcg.dll
2007-07-11 18:41 66,580 --a------ C:\WINDOWS\system32\aeqrtlje.dll
2007-07-11 18:39 66,068 --a------ C:\WINDOWS\system32\fvwdquup.exe
2007-07-11 17:43 66,580 --a------ C:\WINDOWS\system32\lteswpyn.dll
2007-07-11 17:40 66,068 --a------ C:\WINDOWS\system32\pwpgphsp.exe
2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
2007-07-11 16:41 66,580 --a------ C:\WINDOWS\system32\rdyxwjne.dll
2007-07-11 16:35 66,068 --a------ C:\WINDOWS\system32\enxihfks.exe
2007-07-11 16:27 66,068 --a------ C:\WINDOWS\system32\ledbkoir.exe
2007-07-11 16:09 66,068 --a------ C:\WINDOWS\system32\qtwcguki.exe
2007-07-11 16:06 66,580 --a------ C:\WINDOWS\system32\sifttvut.dll
2007-07-11 16:05 66,068 --a------ C:\WINDOWS\system32\vgmvnnoi.exe
2007-07-11 14:05 66,068 --a------ C:\WINDOWS\system32\pkqymxwj.exe
2007-07-10 22:54 66,068 --a------ C:\WINDOWS\system32\pjfguoxp.exe
2007-07-10 19:12 66,068 --a------ C:\WINDOWS\system32\dbxuttqn.exe
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
2007-07-10 16:35 66,068 --a------ C:\WINDOWS\system32\eljyregd.exe
2007-07-10 16:19 66,068 --a------ C:\WINDOWS\system32\lixqtpaf.exe
2007-07-10 16:07 66,068 --a------ C:\WINDOWS\system32\dypafunj.exe
2007-07-10 11:40 66,068 --a------ C:\WINDOWS\system32\rwntiuyb.exe
2007-07-09 19:03 66,068 --a------ C:\WINDOWS\system32\xqdhdphm.exe
2007-07-09 18:22 66,068 --a------ C:\WINDOWS\system32\qqfwjtyr.exe
2007-07-09 17:55 66,068 --a------ C:\WINDOWS\system32\agvagaob.exe
2007-07-09 17:33 66,068 --a------ C:\WINDOWS\system32\qjgbwvbi.exe
2007-07-09 17:28 66,068 --a------ C:\WINDOWS\system32\nsemaoss.exe
2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-27 17:27 21,504 --a------ C:\WINDOWS\system32\cc3250v.dll
2007-06-27 17:22 21,504 --a------ C:\WINDOWS\system32\activedsb.dll
2007-06-27 17:21 21,504 --a------ C:\WINDOWS\system32\activedsv.dll
2007-06-27 17:18 21,504 --a------ C:\WINDOWS\system32\bfc42da.dll
2007-06-27 17:15 21,504 --a------ C:\WINDOWS\system32\acctress.dll
2007-06-27 17:09 21,504 --a------ C:\WINDOWS\system32\cewmdma.dll
2007-06-27 17:07 21,504 --a------ C:\WINDOWS\system32\autodisca.dll
2007-06-27 17:05 21,504 --a------ C:\WINDOWS\system32\admparses.dll
2007-06-27 17:00 21,504 --a------ C:\WINDOWS\system32\adsldps.dll
2007-06-27 16:57 21,504 --a------ C:\WINDOWS\system32\ciadminb.dll
2007-06-27 16:57 <DIR> d-------- C:\Program Files\TrustIn Contextual
2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 16:53:28 1,639,651 --sha-w C:\WINDOWS\system32\qdohdbks.ini2
2007-04-19 19:46:44 480,695 --sha-w C:\WINDOWS\system32\oqstv.bak1
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
2007-06-27 17:27 21504 --a------ C:\WINDOWS\system32\cc3250v.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
C:\WINDOWS\system32\ddcyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"PowerBar"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 16:05:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 17:53:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 17:54:15
C:\ComboFix-quarantined-files.txt ... 2007-07-13 17:54
C:\ComboFix2.txt ... 2007-07-13 16:19

--- E O F ---

 

new hackthis log

Logfile of HijackThis v1.99.1
Scan saved at 18:01:53, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll
O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

CFScript, Do that thing again It is very important that thing goes well. Follow those instructions carefully. Then post fresh combofix log.

 

cfscript

"Compaq_Owner" - 2007-07-13 18:12:58 - ComboFix 07-07-13.8 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\TrustIn Contextual
C:\Program Files\TrustIn Contextual\trustincontext.dll
C:\WINDOWS\system32\acctress.dll
C:\WINDOWS\system32\activedsb.dll
C:\WINDOWS\system32\activedsv.dll
C:\WINDOWS\system32\admparses.dll
C:\WINDOWS\system32\adsldps.dll
C:\WINDOWS\system32\aeqrtlje.dll
C:\WINDOWS\system32\agvagaob.exe
C:\WINDOWS\system32\autodisca.dll
C:\WINDOWS\system32\bfc42da.dll
C:\WINDOWS\system32\bkqqgvbi.dll
C:\WINDOWS\system32\cadftayw.exe
C:\WINDOWS\system32\cc3250v.dll
C:\WINDOWS\system32\cddfmjto.dll
C:\WINDOWS\system32\cewmdma.dll
C:\WINDOWS\system32\ciadminb.dll
C:\WINDOWS\system32\cnlinjxy.exe
C:\WINDOWS\system32\dbxuttqn.exe
C:\WINDOWS\system32\desmmmwi.exe
C:\WINDOWS\system32\dypafunj.exe
C:\WINDOWS\system32\eljyregd.exe
C:\WINDOWS\system32\enxihfks.exe
C:\WINDOWS\system32\fvwdquup.exe
C:\WINDOWS\system32\hxmymwcg.dll
C:\WINDOWS\system32\ivpncuwh.dll
C:\WINDOWS\system32\jijnvwev.exe
C:\WINDOWS\system32\ledbkoir.exe
C:\WINDOWS\system32\lixqtpaf.exe
C:\WINDOWS\system32\lteswpyn.dll
C:\WINDOWS\system32\nsemaoss.exe
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.tmp
C:\WINDOWS\system32\oqstv.tmp2
C:\WINDOWS\system32\pjfguoxp.exe
C:\WINDOWS\system32\pkqymxwj.exe
C:\WINDOWS\system32\ppdvbdix.exe
C:\WINDOWS\system32\pwpgphsp.exe
C:\WINDOWS\system32\qdohdbks.ini2
C:\WINDOWS\system32\qdohdbks.tmp
C:\WINDOWS\system32\qjgbwvbi.exe
C:\WINDOWS\system32\qqfwjtyr.exe
C:\WINDOWS\system32\qrqss.tmp
C:\WINDOWS\system32\qtwcguki.exe
C:\WINDOWS\system32\rdyxwjne.dll
C:\WINDOWS\system32\rwntiuyb.exe
C:\WINDOWS\system32\sifttvut.dll
C:\WINDOWS\system32\ssbgklbb.exe
C:\WINDOWS\system32\vgmvnnoi.exe
C:\WINDOWS\system32\vyadd.tmp
C:\WINDOWS\system32\wijfrnfr.dll
C:\WINDOWS\system32\xqdhdphm.exe


((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
C:\WINDOWS\system32\cc3250v.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
C:\WINDOWS\system32\ddcyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"PowerBar"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-13 17:05:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-13 18:13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-13 18:14:15
C:\ComboFix-quarantined-files.txt ... 2007-07-13 18:14
C:\ComboFix2.txt ... 2007-07-13 17:54
C:\ComboFix3.txt ... 2007-07-13 16:19

--- E O F ---

 

is this ok?

 

Yees, it was much better, no post fresh hijackthislog

 

new hackthis log


Logfile of HijackThis v1.99.1
Scan saved at 14:19:30, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll (file missing)
O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

 

the error message has not came back up.