1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rundll problem

Discussion in 'Windows - Virus and spyware problems' started by 07anto07, Jul 12, 2007.

  1. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    hi having a problem on start up a dll message pops uperror loading c:\windows\system32\j0261930.dll the specified module could not be found and one help?
     
  2. Auttaja

    Auttaja Guest

    Download Hijackthis ver. 1.99.1 from HERE and save it to your Desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\HijackThis.
    Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch HijackThis.
    Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    Copy and paste the log to this topic

    DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    hackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 16:31:28, on 12/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [j0261930] rundll32 C:\WINDOWS\system32\j0261930.dll sook
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [McAfee Online Virus Scanner] avp.exe
    O4 - HKLM\..\RunServices: [McAfee Online Virus Scanner] avp.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

     
  4. Auttaja

    Auttaja Guest

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    * Finally paste the contents of the Report.txt back on the forum

    ========

    Please download VundoFix.exeto your desktop.
    * Double-click *VundoFix.exe* to run it.
    * Click the *Scan for Vundo* button.
    * Once it's done scanning, click the *Remove Vundo* button.
    * You will receive a prompt asking if you want to remove the files, click "YES"
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click *OK*.
    * Please post the contents of C:\*vundofix.txt* Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when VundoFix appears at reboot.

    ======

    Rename HijackThis.exe

    1. Right click on the HijackThis icon.

    [​IMG]

    2. Select Rename.

    [​IMG]

    3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
    Hit the enter key on keyboard.

    [​IMG]

    Double click on Scanner.exe.
    Click on Do a system scan and save a logfile. Post log in next reply.
     
  5. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    do i have to run runthis.bat in safe mode?
     
  6. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    ok here's my sdfix log


    SDFix: Version 1.90

    Run by Compaq_Owner on 12/07/2007 at 17:45

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\Temp\win10.tmp.exe - Deleted
    C:\WINDOWS\Temp\win1C6.tmp.exe - Deleted
    C:\WINDOWS\Temp\win45.tmp.exe - Deleted
    C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
    C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
    C:\WINDOWS\Temp\win7.tmp.exe - Deleted
    C:\WINDOWS\Temp\win79.tmp.exe - Deleted
    C:\WINDOWS\Temp\win83.tmp.exe - Deleted
    C:\WINDOWS\Temp\win85.tmp.exe - Deleted
    C:\WINDOWS\Temp\win89.tmp.exe - Deleted
    C:\WINDOWS\Temp\win8B.tmp.exe - Deleted
    C:\WINDOWS\Temp\win9.tmp.exe - Deleted
    C:\WINDOWS\Temp\win99.tmp.exe - Deleted
    C:\WINDOWS\Temp\winE.tmp.exe - Deleted
    C:\WINDOWS\Temp\win10.tmp.exe - Deleted
    C:\WINDOWS\Temp\win1C6.tmp.exe - Deleted
    C:\WINDOWS\Temp\win45.tmp.exe - Deleted
    C:\WINDOWS\Temp\win4B.tmp.exe - Deleted
    C:\WINDOWS\Temp\win4D.tmp.exe - Deleted
    C:\WINDOWS\Temp\win7.tmp.exe - Deleted
    C:\WINDOWS\Temp\win79.tmp.exe - Deleted
    C:\WINDOWS\Temp\win83.tmp.exe - Deleted
    C:\WINDOWS\Temp\win85.tmp.exe - Deleted
    C:\WINDOWS\Temp\win89.tmp.exe - Deleted
    C:\WINDOWS\Temp\win8B.tmp.exe - Deleted
    C:\WINDOWS\Temp\win9.tmp.exe - Deleted
    C:\WINDOWS\Temp\win99.tmp.exe - Deleted
    C:\WINDOWS\Temp\winE.tmp.exe - Deleted
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\winC4C.tmp.exe - Deleted
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\winC54.tmp.exe - Deleted
    C:\WINDOWS\system32\1_exception.nls - Deleted
    C:\WINDOWS\system32\avp.exe - Deleted
    C:\WINDOWS\system32\drivers\asc3550u.sys - Deleted
    C:\WINDOWS\Temp\removalfile.bat - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\WINDOWS\\system32\\asnqkoag.exe"="C:\\WINDOWS\\system32\\asn"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Documents and Settings\\Compaq_Owner\\My Documents\\programs\\new programs\\utorrent.exe"="C:\\Documents and Settings\\Compaq_Owner\\My Documents\\programs\\new programs\\utorrent.exe:*:Enabled:utorrent"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\WINDOWS\\system32\\avp.exe"="C:\\WINDOWS\\system32\\avp.exe:*:Disabled:avp"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINDOWS\SMINST\HPCD.SYS
    C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp2
    C:\WINDOWS\system32\qdohdbks.tmp
    C:\WINDOWS\system32\qrqss.tmp
    C:\WINDOWS\system32\vyadd.tmp
    C:\WINDOWS\system32\xycdd.tmp

    Finished
     
  7. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    here's my vundofix log



    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.5.0.5
    Old versions of java are exploitable and should be removed.

    Scan started at 18:00:07 12/07/2007

    Listing files found while scanning....

    C:\windows\system32\ddcyx.dll
    C:\windows\system32\gebcccd.dll
    C:\WINDOWS\system32\hhfflwax.dll
    C:\WINDOWS\system32\huhfjswu.dll
    C:\WINDOWS\system32\lftssite.dll
    C:\WINDOWS\system32\mcpinybs.dll
    C:\WINDOWS\system32\nggnlhwr.dll
    C:\WINDOWS\system32\sklvajrx.dll
    C:\WINDOWS\system32\ssqpnki.dll
    C:\WINDOWS\system32\tkxjitlo.dll
    C:\windows\system32\vtuuuuv.dll
    C:\windows\system32\xxyxwvv.dll
    C:\WINDOWS\system32\xycdd.bak1
    C:\windows\system32\xycdd.bak2
    C:\windows\system32\xycdd.ini
    C:\windows\system32\xycdd.ini2
    C:\windows\system32\xycdd.tmp

    Beginning removal...

    Attempting to delete C:\windows\system32\ddcyx.dll
    C:\windows\system32\ddcyx.dll Has been deleted!

    Attempting to delete C:\windows\system32\gebcccd.dll
    C:\windows\system32\gebcccd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpnki.dll
    C:\WINDOWS\system32\ssqpnki.dll Could not be deleted.

    Attempting to delete C:\windows\system32\vtuuuuv.dll
    C:\windows\system32\vtuuuuv.dll Has been deleted!

    Attempting to delete C:\windows\system32\xxyxwvv.dll
    C:\windows\system32\xxyxwvv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xycdd.bak1
    C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\xycdd.bak2
    C:\windows\system32\xycdd.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\xycdd.ini
    C:\windows\system32\xycdd.ini Has been deleted!

    Attempting to delete C:\windows\system32\xycdd.ini2
    C:\windows\system32\xycdd.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\xycdd.tmp
    C:\windows\system32\xycdd.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.5.0.5
    Old versions of java are exploitable and should be removed.

    Scan started at 18:06:32 12/07/2007

    Listing files found while scanning....

    C:\windows\system32\ssqpnki.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\ssqpnki.dll
    C:\windows\system32\ssqpnki.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
     
  8. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    and the last one



    Logfile of HijackThis v1.99.1
    Scan saved at 18:13:23, on 12/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll
    O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
    O2 - BHO: (no name) - {F53F1367-BCD2-431B-B685-AC0C517FE6Ff} - C:\WINDOWS\system32\dmfxshgr.dll
    O2 - BHO: (no name) - {F6A97784-2689-475C-83BB-12D6CEA39706} - C:\WINDOWS\system32\dmfxshgr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
    O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [j0261930] rundll32 C:\WINDOWS\system32\j0261930.dll sook
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


     
  9. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    hi what do i do next?
     
  10. Auttaja

    Auttaja Guest

  11. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    combofix log

    "Compaq_Owner" - 2007-07-13 16:13:49 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\winflyer32.dll
    C:\WINDOWS\system32\dmfxshgr.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\iforex.com
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\7PRLZ72R\www.broadcaster.com
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\COMPAQ~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_ASC3550U
    -------\LEGACY_RUNTIME


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-12 18:01 66,068 --a------ C:\WINDOWS\system32\cnlinjxy.exe
    2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
    2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-12 17:38 66,580 --a------ C:\WINDOWS\system32\bkqqgvbi.dll
    2007-07-12 17:32 66,068 --a------ C:\WINDOWS\system32\cadftayw.exe
    2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    2007-07-12 16:06 66,580 --a------ C:\WINDOWS\system32\ivpncuwh.dll
    2007-07-12 16:01 66,068 --a------ C:\WINDOWS\system32\desmmmwi.exe
    2007-07-12 15:46 66,580 --a------ C:\WINDOWS\system32\wijfrnfr.dll
    2007-07-12 15:46 66,068 --a------ C:\WINDOWS\system32\jijnvwev.exe
    2007-07-12 13:50 66,580 --a------ C:\WINDOWS\system32\cddfmjto.dll
    2007-07-12 13:47 66,068 --a------ C:\WINDOWS\system32\ppdvbdix.exe
    2007-07-11 19:14 66,068 --a------ C:\WINDOWS\system32\ssbgklbb.exe
    2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
    2007-07-11 18:53 66,580 --a------ C:\WINDOWS\system32\hxmymwcg.dll
    2007-07-11 18:41 66,580 --a------ C:\WINDOWS\system32\aeqrtlje.dll
    2007-07-11 18:39 66,068 --a------ C:\WINDOWS\system32\fvwdquup.exe
    2007-07-11 17:43 66,580 --a------ C:\WINDOWS\system32\lteswpyn.dll
    2007-07-11 17:40 66,068 --a------ C:\WINDOWS\system32\pwpgphsp.exe
    2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
    2007-07-11 16:41 66,580 --a------ C:\WINDOWS\system32\rdyxwjne.dll
    2007-07-11 16:35 66,068 --a------ C:\WINDOWS\system32\enxihfks.exe
    2007-07-11 16:27 66,068 --a------ C:\WINDOWS\system32\ledbkoir.exe
    2007-07-11 16:09 66,068 --a------ C:\WINDOWS\system32\qtwcguki.exe
    2007-07-11 16:06 66,580 --a------ C:\WINDOWS\system32\sifttvut.dll
    2007-07-11 16:05 66,068 --a------ C:\WINDOWS\system32\vgmvnnoi.exe
    2007-07-11 14:05 66,068 --a------ C:\WINDOWS\system32\pkqymxwj.exe
    2007-07-10 22:54 66,068 --a------ C:\WINDOWS\system32\pjfguoxp.exe
    2007-07-10 19:12 66,068 --a------ C:\WINDOWS\system32\dbxuttqn.exe
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
    2007-07-10 16:35 66,068 --a------ C:\WINDOWS\system32\eljyregd.exe
    2007-07-10 16:19 66,068 --a------ C:\WINDOWS\system32\lixqtpaf.exe
    2007-07-10 16:07 66,068 --a------ C:\WINDOWS\system32\dypafunj.exe
    2007-07-10 11:40 66,068 --a------ C:\WINDOWS\system32\rwntiuyb.exe
    2007-07-09 19:03 66,068 --a------ C:\WINDOWS\system32\xqdhdphm.exe
    2007-07-09 18:22 66,068 --a------ C:\WINDOWS\system32\qqfwjtyr.exe
    2007-07-09 17:55 66,068 --a------ C:\WINDOWS\system32\agvagaob.exe
    2007-07-09 17:33 66,068 --a------ C:\WINDOWS\system32\qjgbwvbi.exe
    2007-07-09 17:28 66,068 --a------ C:\WINDOWS\system32\nsemaoss.exe
    2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
    2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
    2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
    2007-06-27 17:27 21,504 --a------ C:\WINDOWS\system32\cc3250v.dll
    2007-06-27 17:22 21,504 --a------ C:\WINDOWS\system32\activedsb.dll
    2007-06-27 17:21 21,504 --a------ C:\WINDOWS\system32\activedsv.dll
    2007-06-27 17:18 21,504 --a------ C:\WINDOWS\system32\bfc42da.dll
    2007-06-27 17:15 21,504 --a------ C:\WINDOWS\system32\acctress.dll
    2007-06-27 17:09 21,504 --a------ C:\WINDOWS\system32\cewmdma.dll
    2007-06-27 17:07 21,504 --a------ C:\WINDOWS\system32\autodisca.dll
    2007-06-27 17:05 21,504 --a------ C:\WINDOWS\system32\admparses.dll
    2007-06-27 17:00 21,504 --a------ C:\WINDOWS\system32\adsldps.dll
    2007-06-27 16:57 21,504 --a------ C:\WINDOWS\system32\ciadminb.dll
    2007-06-27 16:57 <DIR> d-------- C:\Program Files\TrustIn Contextual
    2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
    2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
    2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
    2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
    2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
    2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
    2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
    2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
    2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
    2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
    2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
    2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
    2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
    2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
    2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
    2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
    2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
    2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
    2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
    2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
    2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
    2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
    2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
    2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
    2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
    2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
    2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
    2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
    2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
    2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
    2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
    2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
    2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
    2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
    2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
    2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
    2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-20 16:53:28 1,639,651 --sha-w C:\WINDOWS\system32\qdohdbks.ini2
    2007-04-19 19:46:44 480,695 --sha-w C:\WINDOWS\system32\oqstv.bak1
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
    2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
    2007-06-27 17:27 21504 --a------ C:\WINDOWS\system32\cc3250v.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
    C:\WINDOWS\system32\vtsqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}]
    2007-06-27 17:27 23040 --a------ C:\Program Files\TrustIn Contextual\trustincontext.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
    C:\WINDOWS\system32\ddcyx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
    C:\WINDOWS\system32\ddayv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "PowerBar"="" []
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
    winrzf32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-13 15:05:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 16:17:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 16:19:34 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 16:19

    --- E O F ---
     
  12. Auttaja

    Auttaja Guest

    Open control panel add/remove programs

    remove

    TrustIn Contextual (if present)

    Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript (Check the spelling)

    [​IMG]

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

    Also post fresh hijackthis log
     
    Last edited by a moderator: Jul 13, 2007
  13. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    "Compaq_Owner" - 2007-07-13 17:52:02 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-12 18:01 66,068 --a------ C:\WINDOWS\system32\cnlinjxy.exe
    2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
    2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-12 17:38 66,580 --a------ C:\WINDOWS\system32\bkqqgvbi.dll
    2007-07-12 17:32 66,068 --a------ C:\WINDOWS\system32\cadftayw.exe
    2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    2007-07-12 16:06 66,580 --a------ C:\WINDOWS\system32\ivpncuwh.dll
    2007-07-12 16:01 66,068 --a------ C:\WINDOWS\system32\desmmmwi.exe
    2007-07-12 15:46 66,580 --a------ C:\WINDOWS\system32\wijfrnfr.dll
    2007-07-12 15:46 66,068 --a------ C:\WINDOWS\system32\jijnvwev.exe
    2007-07-12 13:50 66,580 --a------ C:\WINDOWS\system32\cddfmjto.dll
    2007-07-12 13:47 66,068 --a------ C:\WINDOWS\system32\ppdvbdix.exe
    2007-07-11 19:14 66,068 --a------ C:\WINDOWS\system32\ssbgklbb.exe
    2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
    2007-07-11 18:53 66,580 --a------ C:\WINDOWS\system32\hxmymwcg.dll
    2007-07-11 18:41 66,580 --a------ C:\WINDOWS\system32\aeqrtlje.dll
    2007-07-11 18:39 66,068 --a------ C:\WINDOWS\system32\fvwdquup.exe
    2007-07-11 17:43 66,580 --a------ C:\WINDOWS\system32\lteswpyn.dll
    2007-07-11 17:40 66,068 --a------ C:\WINDOWS\system32\pwpgphsp.exe
    2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
    2007-07-11 16:41 66,580 --a------ C:\WINDOWS\system32\rdyxwjne.dll
    2007-07-11 16:35 66,068 --a------ C:\WINDOWS\system32\enxihfks.exe
    2007-07-11 16:27 66,068 --a------ C:\WINDOWS\system32\ledbkoir.exe
    2007-07-11 16:09 66,068 --a------ C:\WINDOWS\system32\qtwcguki.exe
    2007-07-11 16:06 66,580 --a------ C:\WINDOWS\system32\sifttvut.dll
    2007-07-11 16:05 66,068 --a------ C:\WINDOWS\system32\vgmvnnoi.exe
    2007-07-11 14:05 66,068 --a------ C:\WINDOWS\system32\pkqymxwj.exe
    2007-07-10 22:54 66,068 --a------ C:\WINDOWS\system32\pjfguoxp.exe
    2007-07-10 19:12 66,068 --a------ C:\WINDOWS\system32\dbxuttqn.exe
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
    2007-07-10 16:35 66,068 --a------ C:\WINDOWS\system32\eljyregd.exe
    2007-07-10 16:19 66,068 --a------ C:\WINDOWS\system32\lixqtpaf.exe
    2007-07-10 16:07 66,068 --a------ C:\WINDOWS\system32\dypafunj.exe
    2007-07-10 11:40 66,068 --a------ C:\WINDOWS\system32\rwntiuyb.exe
    2007-07-09 19:03 66,068 --a------ C:\WINDOWS\system32\xqdhdphm.exe
    2007-07-09 18:22 66,068 --a------ C:\WINDOWS\system32\qqfwjtyr.exe
    2007-07-09 17:55 66,068 --a------ C:\WINDOWS\system32\agvagaob.exe
    2007-07-09 17:33 66,068 --a------ C:\WINDOWS\system32\qjgbwvbi.exe
    2007-07-09 17:28 66,068 --a------ C:\WINDOWS\system32\nsemaoss.exe
    2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
    2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
    2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
    2007-06-27 17:27 21,504 --a------ C:\WINDOWS\system32\cc3250v.dll
    2007-06-27 17:22 21,504 --a------ C:\WINDOWS\system32\activedsb.dll
    2007-06-27 17:21 21,504 --a------ C:\WINDOWS\system32\activedsv.dll
    2007-06-27 17:18 21,504 --a------ C:\WINDOWS\system32\bfc42da.dll
    2007-06-27 17:15 21,504 --a------ C:\WINDOWS\system32\acctress.dll
    2007-06-27 17:09 21,504 --a------ C:\WINDOWS\system32\cewmdma.dll
    2007-06-27 17:07 21,504 --a------ C:\WINDOWS\system32\autodisca.dll
    2007-06-27 17:05 21,504 --a------ C:\WINDOWS\system32\admparses.dll
    2007-06-27 17:00 21,504 --a------ C:\WINDOWS\system32\adsldps.dll
    2007-06-27 16:57 21,504 --a------ C:\WINDOWS\system32\ciadminb.dll
    2007-06-27 16:57 <DIR> d-------- C:\Program Files\TrustIn Contextual
    2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
    2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
    2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
    2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
    2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
    2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
    2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
    2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
    2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
    2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
    2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
    2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
    2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
    2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
    2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
    2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
    2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
    2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
    2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
    2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
    2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
    2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
    2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
    2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
    2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
    2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
    2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
    2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
    2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
    2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
    2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
    2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
    2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
    2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
    2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
    2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
    2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-20 16:53:28 1,639,651 --sha-w C:\WINDOWS\system32\qdohdbks.ini2
    2007-04-19 19:46:44 480,695 --sha-w C:\WINDOWS\system32\oqstv.bak1
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
    2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
    2007-06-27 17:27 21504 --a------ C:\WINDOWS\system32\cc3250v.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
    C:\WINDOWS\system32\vtsqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
    C:\WINDOWS\system32\ddcyx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
    C:\WINDOWS\system32\ddayv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "PowerBar"="" []
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
    winrzf32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    *Newly Created Service* - CATCHME

    Contents of the 'Scheduled Tasks' folder
    2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-13 16:05:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 17:53:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 17:54:15
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 17:54
    C:\ComboFix2.txt ... 2007-07-13 16:19

    --- E O F ---
     
  14. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    new hackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 18:01:53, on 13/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\windows\system\hpsysdrv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll
    O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

     
  15. Auttaja

    Auttaja Guest

    CFScript, Do that thing again It is very important that thing goes well. Follow those instructions carefully. Then post fresh combofix log.
     
  16. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    cfscript

    "Compaq_Owner" - 2007-07-13 18:12:58 - ComboFix 07-07-13.8 - Service Pack 2 NTFS
    Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\TrustIn Contextual
    C:\Program Files\TrustIn Contextual\trustincontext.dll
    C:\WINDOWS\system32\acctress.dll
    C:\WINDOWS\system32\activedsb.dll
    C:\WINDOWS\system32\activedsv.dll
    C:\WINDOWS\system32\admparses.dll
    C:\WINDOWS\system32\adsldps.dll
    C:\WINDOWS\system32\aeqrtlje.dll
    C:\WINDOWS\system32\agvagaob.exe
    C:\WINDOWS\system32\autodisca.dll
    C:\WINDOWS\system32\bfc42da.dll
    C:\WINDOWS\system32\bkqqgvbi.dll
    C:\WINDOWS\system32\cadftayw.exe
    C:\WINDOWS\system32\cc3250v.dll
    C:\WINDOWS\system32\cddfmjto.dll
    C:\WINDOWS\system32\cewmdma.dll
    C:\WINDOWS\system32\ciadminb.dll
    C:\WINDOWS\system32\cnlinjxy.exe
    C:\WINDOWS\system32\dbxuttqn.exe
    C:\WINDOWS\system32\desmmmwi.exe
    C:\WINDOWS\system32\dypafunj.exe
    C:\WINDOWS\system32\eljyregd.exe
    C:\WINDOWS\system32\enxihfks.exe
    C:\WINDOWS\system32\fvwdquup.exe
    C:\WINDOWS\system32\hxmymwcg.dll
    C:\WINDOWS\system32\ivpncuwh.dll
    C:\WINDOWS\system32\jijnvwev.exe
    C:\WINDOWS\system32\ledbkoir.exe
    C:\WINDOWS\system32\lixqtpaf.exe
    C:\WINDOWS\system32\lteswpyn.dll
    C:\WINDOWS\system32\nsemaoss.exe
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp2
    C:\WINDOWS\system32\pjfguoxp.exe
    C:\WINDOWS\system32\pkqymxwj.exe
    C:\WINDOWS\system32\ppdvbdix.exe
    C:\WINDOWS\system32\pwpgphsp.exe
    C:\WINDOWS\system32\qdohdbks.ini2
    C:\WINDOWS\system32\qdohdbks.tmp
    C:\WINDOWS\system32\qjgbwvbi.exe
    C:\WINDOWS\system32\qqfwjtyr.exe
    C:\WINDOWS\system32\qrqss.tmp
    C:\WINDOWS\system32\qtwcguki.exe
    C:\WINDOWS\system32\rdyxwjne.dll
    C:\WINDOWS\system32\rwntiuyb.exe
    C:\WINDOWS\system32\sifttvut.dll
    C:\WINDOWS\system32\ssbgklbb.exe
    C:\WINDOWS\system32\vgmvnnoi.exe
    C:\WINDOWS\system32\vyadd.tmp
    C:\WINDOWS\system32\wijfrnfr.dll
    C:\WINDOWS\system32\xqdhdphm.exe


    ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 )))))))))))))))))))))))))))))))


    2007-07-13 16:12 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-12 18:00 <DIR> d-------- C:\VundoFix Backups
    2007-07-12 17:45 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-12 17:27 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    2007-07-12 17:27 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    2007-07-11 19:10 <DIR> d-------- C:\Program Files\DVDFab Gold 3
    2007-07-11 17:18 <DIR> d-------- C:\Program Files\MediaMonkey
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iTunes
    2007-07-10 17:51 <DIR> d-------- C:\Program Files\iPod
    2007-07-07 18:40 <DIR> d-------- C:\Program Files\utorrent
    2007-07-07 15:43 <DIR> d-------- C:\Program Files\Lavalys
    2007-07-05 12:00 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-07-05 12:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\Contacts
    2007-07-04 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    2007-07-04 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-07-04 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2007-07-04 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-07-02 08:56 <DIR> d-------- C:\WINDOWS\pss
    2007-06-26 17:39 <DIR> d-------- C:\Program Files\Norton AntiVirus
    2007-06-26 17:38 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-06-26 17:38 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-06-23 17:01 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-13 15:16:16 12 ----a-w C:\WINDOWS\bthservsdp.dat
    2007-07-12 16:14:20 -------- d-----w C:\Program Files\Lx_cats
    2007-07-12 16:08:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
    2007-07-11 18:14:46 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vso
    2007-07-11 16:16:50 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-11 15:00:01 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\dvdcss
    2007-07-10 16:20:02 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VSO_HWE
    2007-07-10 15:02:10 -------- d-----w C:\Program Files\BitTorrent
    2007-07-07 18:00:25 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-05 11:02:31 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Apple Computer
    2007-07-05 10:45:30 -------- d-----w C:\Program Files\Apple Software Update
    2007-07-03 08:45:40 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\LimeWire
    2007-07-02 12:30:31 -------- d-----w C:\Program Files\LimeWire
    2007-06-27 15:25:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-26 17:08:52 -------- d-----w C:\Program Files\Symantec
    2007-06-26 17:08:43 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-06-26 17:08:43 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-06-20 09:25:59 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\AdobeUM
    2007-06-17 16:35:58 -------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator
    2007-06-08 17:26:06 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\VideoEgg
    2007-06-06 18:05:08 87,608 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\inst.exe
    2007-06-06 18:05:08 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-06-06 18:05:08 47,360 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\pcouffin.sys
    2007-06-04 17:08:03 653,536 --sh--w C:\WINDOWS\system32\qrqss.ini2
    2007-06-04 13:00:04 652,904 --sh--w C:\WINDOWS\system32\qrqss.bak2
    2007-06-03 15:52:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-03 15:50:04 -------- d-----w C:\Program Files\Ubisoft
    2007-06-01 15:52:50 -------- d-----w C:\Program Files\BearShare Applications
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 15:25:04 -------- d-----w C:\Program Files\BitComet
    2007-05-03 17:18:51 488,594 --sh--w C:\WINDOWS\system32\qrqss.bak1
    2007-05-02 17:19:31 495,845 --sha-w C:\WINDOWS\system32\vyadd.ini2
    2007-05-01 18:21:45 494,223 --sha-w C:\WINDOWS\system32\vyadd.bak1
    2007-05-01 17:17:24 494,706 --sha-w C:\WINDOWS\system32\vyadd.bak2
    2007-04-28 10:33:54 97,280 ----a-w C:\WINDOWS\system32\RARV1032.DLL
    2007-04-28 10:33:54 87,040 ----a-w C:\WINDOWS\system32\RA32SIPR.DLL
    2007-04-28 10:33:54 76,800 ----a-w C:\WINDOWS\RAUNINST.EXE
    2007-04-28 10:33:54 72,192 ----a-w C:\WINDOWS\system32\RA32CLV1.DLL
    2007-04-28 10:33:54 62,976 ----a-w C:\WINDOWS\system32\RAOCX32.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\SWFF3250.DLL
    2007-04-28 10:33:54 21,504 ----a-w C:\WINDOWS\system32\RA32DNET.DLL
    2007-04-28 10:33:54 19,968 ----a-w C:\WINDOWS\system32\RA32RV10.DLL
    2007-04-28 10:33:54 185,344 ----a-w C:\WINDOWS\system32\SWFR3250.DLL
    2007-04-28 10:33:53 81,920 ----a-w C:\WINDOWS\system32\RA3214_4.DLL
    2007-04-28 10:33:53 72,704 ----a-w C:\WINDOWS\system32\RA3228_8.DLL
    2007-04-28 10:33:53 61,952 ----a-w C:\WINDOWS\system32\DECDNET.DLL
    2007-04-28 10:33:53 604,160 ----a-w C:\WINDOWS\system32\PNUI3250.DLL
    2007-04-28 10:33:53 318,976 ----a-w C:\WINDOWS\system32\PNEN3250.DLL
    2007-04-28 10:33:53 203,776 ----a-w C:\WINDOWS\system32\CLRVIDDC.DLL
    2007-04-27 18:49:46 494,879 --sha-w C:\WINDOWS\system32\oqstv.bak2
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-03-27 08:47:22 81,920 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ezpinst.exe
    2007-03-27 08:27:22 0 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2004-10-01 14:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0edc6c20-a31c-11db-8ab9-0800200c9a66}]
    C:\WINDOWS\system32\cc3250v.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920}]
    C:\WINDOWS\system32\vtsqo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3}]
    C:\WINDOWS\system32\ddcyx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BEB29F-D433-430B-9928-3E7603C7D2DB}]
    C:\WINDOWS\system32\ddayv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 22:05 C:\WINDOWS\system32\ftutil2.dll]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 00:41]
    "RTHDCPL"="RTHDCPL.EXE" [2006-01-12 01:23 C:\WINDOWS\RTHDCPL.EXE]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
    "lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 18:45]
    "EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 13:17]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" []
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "RealTray"="C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe" [2006-10-11 22:37]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 08:04]
    "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22]
    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "PowerBar"="" []
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
    winrzf32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    *Newly Created Service* - CATCHME

    Contents of the 'Scheduled Tasks' folder
    2007-07-05 10:45:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-13 17:05:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    2007-06-26 16:52:27 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-13 18:13:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    PowerBar = ????<????4@?h?????A~????h???Z?A~(???*?A~t?@?l?@???d?????????????????????????,?????????????????????A~????W?D~0?A~????*?A~??A~?????4@?p?????????A~????l?@???????A~????t?@?x2d?????????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-13 18:14:15
    C:\ComboFix-quarantined-files.txt ... 2007-07-13 18:14
    C:\ComboFix2.txt ... 2007-07-13 17:54
    C:\ComboFix3.txt ... 2007-07-13 16:19

    --- E O F ---
     
  17. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    is this ok?
     
  18. Auttaja

    Auttaja Guest

    Yees, it was much better, no post fresh hijackthislog
     
  19. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    new hackthis log


    Logfile of HijackThis v1.99.1
    Scan saved at 14:19:30, on 14/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Lexmark 4300 Series\lxcemon.exe
    C:\Program Files\Lexmark 4300 Series\ezprint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cc3250v.dll (file missing)
    O2 - BHO: (no name) - {1E9EE4EF-D6F5-46C4-B24D-0576FBC7A920} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {920FD32B-7F47-4D5C-9DD8-7CDE2790C7A3} - C:\WINDOWS\system32\ddcyx.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D3BEB29F-D433-430B-9928-3E7603C7D2DB} - C:\WINDOWS\system32\ddayv.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071907 serial=DR12CNC-8301292-WBN lang=EN
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\K-Lite Codec Pack\Real\mpclauncher.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177254778953
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

     
  20. 07anto07

    07anto07 Regular member

    Joined:
    May 21, 2007
    Messages:
    3,511
    Likes Received:
    0
    Trophy Points:
    46
    the error message has not came back up.
     

Share This Page