Please help with trojan [Archive] - Safer-Networking Forums

View Full Version : Please help with trojan

mickyg65

2007-10-30, 08:20

Could someone please help me with a virus that I have acquired. It is TrojanhorseDownloader.Generic.QFH

I have tried to run Kaspersky online but cant get it to work. Spybot does not pick anything up either.

Here is my Hijack this log.

Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:53 PM, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\acer\KnobService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\acer\KnobMonitor.exe
C:\ACER\MPS.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\?ystem32\m?config.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {19B1AA62-6E80-4476-A34B-6CE33FEEAD95} - C:\WINDOWS\system32\ogc.dll (file missing)
O2 - BHO: (no name) - {19B6A965-6585-192C-A34B-6CE33FEEAA9B} - C:\WINDOWS\system32\ifiqazs.dll (file missing)
O2 - BHO: (no name) - {2768DDAF-1140-6DB8-6527-4A71B6769498} - C:\WINDOWS\system32\kphlwker.dll (file missing)
O2 - BHO: (no name) - {3B691981-D168-AA9A-1A10-898DB922D5CF} - C:\WINDOWS\system32\dgjhrun.dll (file missing)
O2 - BHO: (no name) - {3D3D198A-8163-AE9D-1A10-898DB9228F9F} - C:\WINDOWS\system32\gijao.dll (file missing)
O2 - BHO: (no name) - {3DE40746-9CF7-E300-82F9-C76936FF86CF} - C:\WINDOWS\system32\xasjcqiw.dll (file missing)
O2 - BHO: (no name) - {4C89FABB-3707-47FB-2973-3FB60A4FF299} - C:\WINDOWS\system32\gri.dll (file missing)
O2 - BHO: (no name) - {515F9664-59D4-7B23-A1EB-06D58C27B49A} - C:\WINDOWS\system32\wnqafiru.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {69892946-B38C-962C-A048-9D2B5EE48CC1} - C:\WINDOWS\system32\gxa.dll (file missing)
O2 - BHO: (no name) - {6E6C1189-DA63-F3C9-1A10-898DB92285C5} - C:\WINDOWS\system32\airpae.dll (file missing)
O2 - BHO: (no name) - {75ABA022-62CB-116D-B9EA-36A67B5F97CF} - C:\WINDOWS\system32\szpl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {93E93C04-A7C8-DC34-BB29-8B8A34832C9B} - C:\WINDOWS\system32\guuhw.dll (file missing)
O2 - BHO: (no name) - {9B091F4E-86AC-A45C-D90C-88ADDBE72897} - C:\WINDOWS\system32\ffrpwd.dll (file missing)
O2 - BHO: (no name) - {B690FC29-37CB-4E6F-EC5F-3D76166F03C2} - C:\WINDOWS\system32\oevlrcv.dll (file missing)
O2 - BHO: (no name) - {CB051F4C-D5AB-AC57-D90C-88ADDBE774C6} - C:\WINDOWS\system32\lzkduj.dll (file missing)
O2 - BHO: (no name) - {F5DDCB0A-02B9-2C1F-9B18-09E55F6C10C5} - C:\WINDOWS\system32\rktfvm.dll (file missing)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [StopHS] stopHS.bat
O4 - HKLM\..\Run: [Aspire Schedule] C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Nnjqwh] ???ä\??rss.exe
O4 - HKCU\..\Run: [Rru] C:\WINDOWS\system32\?ystem32\m?config.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145443881875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145503261265
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Knob Service (KNOBSERV) - Acer Inc. - c:\acer\KnobService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8628 bytes

Thank you.

Michael

Rorschach112

2007-10-30, 08:52

Hello Michael, my name is Rorschach and I'll be helping you with your problems.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

mickyg65

2007-11-05, 11:58

Hi, I tried to send the combo fix as a one peice but it is apparantely 3 times too long so IU'll send it as three peices. Sorry. Thanks for the help.

ComboFix 07-11-05.1 - Family 2007-11-05 20:24:58.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT 11:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\DriveCleaner
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\Abbr
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\CustomerEmail
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\CustomerName
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\OID
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\PCID
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\DriveCleaner\Data\Suspicious
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\DriveCleaner Manual.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\DriveCleaner on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\DriveCleaner.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\Feedback on Support Quality.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\Report Software Defect.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\Request for Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\Share Your Suggestions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\DriveCleaner\Uninstall DriveCleaner.lnk
C:\Documents and Settings\Family\Application Data\CROSOF~1.NET
C:\Documents and Settings\Family\Application Data\DOBE~1
C:\Documents and Settings\Family\Application Data\DriveCleaner
C:\Documents and Settings\Family\Application Data\DriveCleaner\activator_info.txt
C:\Documents and Settings\Family\Application Data\DriveCleaner\Logs\Activate.log
C:\Documents and Settings\Family\Application Data\DriveCleaner\Logs\update.log
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\#SharedObjects\JH63XB9V\www.broadcaster.com
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Family\Application Data\RACLE~1
C:\Documents and Settings\Family\Application Data\RACLE~2
C:\Documents and Settings\Family\Application Data\SCURIT~1
C:\Documents and Settings\Family\Application Data\SMANTE~1
C:\Documents and Settings\Family\Application Data\SSTEM~1
C:\Documents and Settings\Family\Application Data\SSTEM3~1
C:\Documents and Settings\Family\Application Data\STEM~1
C:\Documents and Settings\Family\Application Data\WNSXS~1
C:\Documents and Settings\Family\Application Data\YSTEM3~1
C:\Documents and Settings\Family\err.log
C:\Documents and Settings\Family\My Documents\ASKS~1
C:\Documents and Settings\Family\My Documents\ASKS~1\?asks\
C:\Documents and Settings\Family\My Documents\CROSOF~1
C:\Documents and Settings\Family\My Documents\CURITY~1
C:\Documents and Settings\Family\My Documents\DOBE~1
C:\Documents and Settings\Family\My Documents\ECURIT~1
C:\Documents and Settings\Family\My Documents\FNTS~1
C:\Documents and Settings\Family\My Documents\MCROSO~1.NET
C:\Documents and Settings\Family\My Documents\PPATCH~1
C:\Documents and Settings\Family\My Documents\PPPATC~1
C:\Documents and Settings\Family\My Documents\RACLE~1
C:\Documents and Settings\Family\My Documents\SMBOLS~1
C:\Documents and Settings\Family\My Documents\SSTEM~1
C:\Documents and Settings\Family\My Documents\SSTEM3~1
C:\Documents and Settings\Family\My Documents\STEM32~1
C:\Documents and Settings\Family\My Documents\WNSXS~1
C:\Documents and Settings\Family\My Documents\YMBOLS~1
C:\Documents and Settings\Family\My Documents\YSTEM3~1
C:\Documents and Settings\Family\ResErrors.log
C:\Documents and Settings\Family\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Family\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Family\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\fnts~2
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\WinAntiSpyware 2007 Free
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\DNSE.exe
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\up.dat
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ystem~1
C:\Program Files\crosof~1
C:\Program Files\crosof~1.net
C:\Program Files\curity~1
C:\Program Files\dobe~1
C:\Program Files\fnts~1
C:\Program Files\icroso~1
C:\Program Files\icroso~1.net
C:\Program Files\mbols~1
C:\Program Files\mcroso~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\pppatc~1
C:\Program Files\racle~1
C:\Program Files\Seekmo Programs
C:\Program Files\sks~1
C:\Program Files\smbols~1

mickyg65

2007-11-05, 12:01

C:\Program Files\wnsxs~1
C:\Program Files\ymbols~1
C:\WINDOWS\appatc~1
C:\WINDOWS\asembl~1
C:\WINDOWS\asks~1
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\ecurit~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\racle~1
C:\WINDOWS\racle~2
C:\WINDOWS\scurit~1
C:\WINDOWS\sks~1
C:\WINDOWS\smante~1
C:\WINDOWS\smbols~1
C:\WINDOWS\stem~1
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\wnscpcc.exe
C:\WINDOWS\system32\wnscpicomsv32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\system32\ystem3~1\m?config.exe
C:\WINDOWS\tsks~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-05 20:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 16:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 14:31 <DIR> d-------- C:\VundoFix Backups
2007-10-20 14:09 <DIR> dr-h----- C:\$VAULT$.AVG
2007-10-20 12:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-20 12:40 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVG7
2007-10-20 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-20 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-10 13:56 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 09:18 --------- d-----w C:\Program Files\D-Link DSLs
2007-09-14 05:54 810 ----a-w C:\Documents and Settings\Family\Application Data\wklnhst.dat
2007-08-21 05:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 05:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 09:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 09:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 09:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 09:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 09:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 09:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 09:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 09:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 09:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 09:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 09:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 09:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 09:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 09:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 09:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 09:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 09:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 09:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 09:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 09:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 09:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 09:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 09:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 09:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 09:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 06:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B1AA62-6E80-4476-A34B-6CE33FEEAD95}]
C:\WINDOWS\system32\ogc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19B6A965-6585-192C-A34B-6CE33FEEAA9B}]
C:\WINDOWS\system32\ifiqazs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2768DDAF-1140-6DB8-6527-4A71B6769498}]
C:\WINDOWS\system32\kphlwker.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B691981-D168-AA9A-1A10-898DB922D5CF}]
C:\WINDOWS\system32\dgjhrun.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D3D198A-8163-AE9D-1A10-898DB9228F9F}]
C:\WINDOWS\system32\gijao.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DE40746-9CF7-E300-82F9-C76936FF86CF}]
C:\WINDOWS\system32\xasjcqiw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C89FABB-3707-47FB-2973-3FB60A4FF299}]
C:\WINDOWS\system32\gri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{515F9664-59D4-7B23-A1EB-06D58C27B49A}]
C:\WINDOWS\system32\wnqafiru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69892946-B38C-962C-A048-9D2B5EE48CC1}]
C:\WINDOWS\system32\gxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E6C1189-DA63-F3C9-1A10-898DB92285C5}]
C:\WINDOWS\system32\airpae.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75ABA022-62CB-116D-B9EA-36A67B5F97CF}]
C:\WINDOWS\system32\szpl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93E93C04-A7C8-DC34-BB29-8B8A34832C9B}]
C:\WINDOWS\system32\guuhw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B091F4E-86AC-A45C-D90C-88ADDBE72897}]
C:\WINDOWS\system32\ffrpwd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B690FC29-37CB-4E6F-EC5F-3D76166F03C2}]
C:\WINDOWS\system32\oevlrcv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB051F4C-D5AB-AC57-D90C-88ADDBE774C6}]
C:\WINDOWS\system32\lzkduj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5DDCB0A-02B9-2C1F-9B18-09E55F6C10C5}]
C:\WINDOWS\system32\rktfvm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 10:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 10:11]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 16:34 C:\WINDOWS\SOUNDMAN.EXE]
"CHotkey"="mHotkey.exe" [2003-06-06 14:49 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-05-27 15:10 C:\WINDOWS\CNYHKey.exe]
"SSER"="sser.exe" [2003-06-06 20:07 C:\WINDOWS\SSer.exe]
"StopHS"="stopHS.bat" [2003-05-23 19:23 C:\WINDOWS\stopHS.bat]
"Aspire Schedule"="C:\Program Files\Aspire\WFTVFM\WFWIZ.exe" [2003-05-22 15:39]
"KnobMonitor"="C:\acer\KnobMonitor.exe" [2003-06-02 16:55]
"MPS"="C:\ACER\MPS.EXE" [2003-05-30 11:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 11:44]
"nwiz"="nwiz.exe" [2003-03-03 11:44 C:\WINDOWS\system32\nwiz.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00]
"CTHelper"="CTHELPER.EXE" [2002-09-03 12:55 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-04 17:41]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2003-06-17 15:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-23 09:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-14 02:24]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-03-03 11:44]
"Nnjqwh"="???ä\??rss.exe" []
"Rru"="C:\WINDOWS\system32\?ystem32\m?config.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 09:30:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 20:29:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????????????h?@?x?????B~D??????sx??s????????y??w????@@@????|D@@?????>??w?????82?H??????|???|???????|L(?s?82??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 20:31:18 - machine was rebooted
.
--- E O F ---

mickyg65

2007-11-05, 12:03

C:\Program Files\WinAntiSpyware 2007 Free
C:\Program Files\WinAntiSpyware 2007 Free\Activate.dat
C:\Program Files\WinAntiSpyware 2007 Free\AsAgents.xml
C:\Program Files\WinAntiSpyware 2007 Free\atl71.dll
C:\Program Files\WinAntiSpyware 2007 Free\bnlink.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\appupdate.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\AutoProcess.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\dbupdate.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\enemies.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\knownfiles.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\monstate.dat
C:\Program Files\WinAntiSpyware 2007 Free\database\PortSpec.ats
C:\Program Files\WinAntiSpyware 2007 Free\database\quaratine.dat\#post_quarantin_
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\00066614f4334274f48a4caa\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\00066614f4334274f48a4caa\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\0057d95d284e43ab00286fa8\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\0057d95d284e43ab00286fa8\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\03330048b77b4ad702c85eb6\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\03330048b77b4ad702c85eb6\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\05da884e82db4c288a7a9e83\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\05da884e82db4c288a7a9e83\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\1086470692b944dccb9d2aaf\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\1086470692b944dccb9d2aaf\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\11c62192e63f47f4f4bc42ae\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\11c62192e63f47f4f4bc42ae\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\15da92a20317465f9c995ca0\#data
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\15da92a20317465f9c995ca0\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\15da92a20317465f9c995ca0\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\17a1e0f85f5140e94de8e197\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\17a1e0f85f5140e94de8e197\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\1b79ba55532049e2defd96b8\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\1b79ba55532049e2defd96b8\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\2907cea96a14474ea755b592\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\2907cea96a14474ea755b592\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\29fc7e1580174665e1836eb9\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\29fc7e1580174665e1836eb9\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\2d0beba58ea44d7b237af7a9\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\2d0beba58ea44d7b237af7a9\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\388e8573cef6403c47cac597\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\388e8573cef6403c47cac597\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\41893fd9d31c473ca0955196\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\41893fd9d31c473ca0955196\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\50df034f8afe4c44c5a33989\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\50df034f8afe4c44c5a33989\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\550b8a7507cc48b4eb1cd8a5\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\550b8a7507cc48b4eb1cd8a5\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\5b721358209c4cf44acde798\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\5b721358209c4cf44acde798\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\5f4d8edc75914fbc1e63e192\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\5f4d8edc75914fbc1e63e192\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\60f8feced03342ce42bcf587\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\60f8feced03342ce42bcf587\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\67fba266e7dc4cb44ffd6e8f\#data
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\67fba266e7dc4cb44ffd6e8f\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\67fba266e7dc4cb44ffd6e8f\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6813d5e831694dc71381e89d\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6813d5e831694dc71381e89d\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6b4e32cec3de4d68a568baad\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6b4e32cec3de4d68a568baad\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6c5bda3a60444f5b26e2a98c\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6c5bda3a60444f5b26e2a98c\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6f5abc4ff54e4c719fd44dba\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6f5abc4ff54e4c719fd44dba\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6fc70f1cc16749cad66ddab4\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\6fc70f1cc16749cad66ddab4\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\70616e96f20b498c536220a5\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\70616e96f20b498c536220a5\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\70e4dcff933146ebbe802c9c\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\70e4dcff933146ebbe802c9c\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\730c457083fe40a75e1a3687\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\730c457083fe40a75e1a3687\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\76580d0c41d34973738e4a87\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\76580d0c41d34973738e4a87\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\7ffb28a1dbad40cbc0c1f08e\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\7ffb28a1dbad40cbc0c1f08e\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\80a1244ac11947cbd34df9a3\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\80a1244ac11947cbd34df9a3\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\81cf0b48853c4841ca2047ba\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\81cf0b48853c4841ca2047ba\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\82c492886d7b4c25c33f0883\#data
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\82c492886d7b4c25c33f0883\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\82c492886d7b4c25c33f0883\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\92ad384c482f4fb88af1bba7\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\92ad384c482f4fb88af1bba7\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\9cadafaa8ca24af2bdfbbaa7\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\9cadafaa8ca24af2bdfbbaa7\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\a01d52f9a1ca43ce273e1788\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\a01d52f9a1ca43ce273e1788\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\a37042dfc352493c7b24a8a3\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\a37042dfc352493c7b24a8a3\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ac7f9cb7201041b05acd8e86\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ac7f9cb7201041b05acd8e86\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ada9dbc78a8e4b6964b7f39b\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ada9dbc78a8e4b6964b7f39b\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\afac0d0cd6964ddbec0675a1\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\afac0d0cd6964ddbec0675a1\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b1442b43631e4748bcbf14b0\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b1442b43631e4748bcbf14b0\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b4ed59e45c9c4620596ad9b8\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b4ed59e45c9c4620596ad9b8\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b7c127fdd4694e210c8a6fa5\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b7c127fdd4694e210c8a6fa5\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b9d3a55171b04b5f9999ccb0\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\b9d3a55171b04b5f9999ccb0\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\c3df32d760014d25ab8a00b4\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\c3df32d760014d25ab8a00b4\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ce3acf779c214c9bba40b3bf\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\ce3acf779c214c9bba40b3bf\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\d3411bfad44a4589e0e676b0\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\d3411bfad44a4589e0e676b0\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\eb731e96f9514f2620177fbb\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\eb731e96f9514f2620177fbb\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\f2ee82d3903f4f05415e449c\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\f2ee82d3903f4f05415e449c\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\f99c1631adaa4a6c93d299a9\#int_rnal
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\29bdb3d4dbb3440050cfd2ac\f99c1631adaa4a6c93d299a9\#startup
C:\Program Files\WinAntiSpyware 2007 Free\database\RTMonitor.dat\ebb3a39065264bd4f00fec99\#int_rnal

mickyg65

2007-11-05, 12:06

There was a heap of the win security part and it would take another 2 posts to fit it in. Do you need that too?

I really apprciate the help with this and have been away from home and apologise for not getting backj to you sooner.

Thanks again,

Michael. :red:

Rorschach112

2007-11-05, 23:06

Hello

Download WinPFind3U.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe) to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

mickyg65

2007-11-17, 05:34

Hi, I have to send this in three as well as it is too big a file.

Thanks.

WinPFind3 logfile created on: 17/11/2007 3:19:40 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Family\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

510.48 Mb Total Physical Memory | 221.00 Mb Available Physical Memory | 43.29% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.63 Gb Total Space | 4.63 Gb Free Space | 26.28% Space Free
Drive D: | 18.63 Gb Total Space | 18.33 Gb Free Space | 98.37% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MCCOMPUTER
Current User Name: Family
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 23/10/2007 9:46:16 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 23/10/2007 9:46:18 AM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 23/10/2007 9:46:18 AM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 20/10/2007 12:54:16 PM | Attr = ]
cnyhkey.exe -> %SystemRoot%\CNYHKey.exe -> Chicony [Ver = 2, 2, 0, 0 | Size = 5753344 bytes | Modified Date = 27/05/2003 3:10:40 PM | Attr = ]
devdet~1.exe -> %ProgramFiles%\ACD Systems\DevDetect\DevDetect.exe -> ACD Systems, Ltd. [Ver = 1, 3, 2, 1 | Size = 208896 bytes | Modified Date = 17/06/2003 3:43:42 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.9: 2007102514 | Size = 7649128 bytes | Modified Date = 4/11/2007 4:42:44 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 11/03/2003 10:11:56 AM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 155648 bytes | Modified Date = 11/03/2003 10:24:08 AM | Attr = ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 251648 bytes | Modified Date = 15/12/2006 3:23:26 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
knobmonitor.exe -> %SystemDrive%\ACER\KnobMonitor.exe -> Acer Inc. [Ver = 1.0.0.0 | Size = 248832 bytes | Modified Date = 2/06/2003 4:55:38 PM | Attr = ]
knobservice.exe -> %SystemDrive%\ACER\KnobService.exe -> Acer Inc. [Ver = 1, 0, 1, 0 | Size = 276480 bytes | Modified Date = 6/06/2003 2:18:04 PM | Attr = ]
mhotkey.exe -> %SystemRoot%\mHotkey.exe -> Chicony [Ver = 3, 0, 0, 6 | Size = 517120 bytes | Modified Date = 6/06/2003 2:49:06 PM | Attr = ]
mps.exe -> %SystemDrive%\ACER\MPS.exe -> [Ver = 1, 0, 0, 0 | Size = 212992 bytes | Modified Date = 30/05/2003 11:32:28 AM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 4/12/2006 5:41:38 PM | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 27/03/2003 4:34:58 PM | Attr = ]
wfwiz.exe -> %ProgramFiles%\Aspire\WFTVFM\WFWIZ.exe -> Acer [Ver = 5.13.01.2002-1.27 | Size = 147456 bytes | Modified Date = 22/05/2003 3:39:16 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 4/09/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe -> [Ver = | Size = 282624 bytes | Modified Date = 2/06/2003 10:30:18 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0011 | Size = 114688 bytes | Modified Date = 5/06/2003 12:35:00 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 23/10/2007 9:46:16 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 20/10/2007 12:54:16 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 23/10/2007 9:46:18 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 12:56:50 AM | Attr = ]
(KNOBSERV) Knob Service [Win32_Own | Auto | Running] -> %SystemDrive%\ACER\KnobService.exe -> Acer Inc. [Ver = 1, 0, 1, 0 | Size = 276480 bytes | Modified Date = 6/06/2003 2:18:04 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 65536 bytes | Modified Date = 3/03/2003 11:44:00 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 2/11/2004 4:59:50 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aspire Schedule -> %ProgramFiles%\Aspire\WFTVFM\WFWIZ.exe -> Acer [Ver = 5.13.01.2002-1.27 | Size = 147456 bytes | Modified Date = 22/05/2003 3:39:16 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.4029 | Size = 315392 bytes | Modified Date = 28/02/2003 9:00:00 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 23/10/2007 9:46:18 AM | Attr = ]
Camera Detector -> %ProgramFiles%\ACD Systems\DevDetect\DevDetect.exe -> ACD Systems, Ltd. [Ver = 1, 3, 2, 1 | Size = 208896 bytes | Modified Date = 17/06/2003 3:43:42 PM | Attr = ]
CHotkey -> %SystemRoot%\mHotkey.exe -> Chicony [Ver = 3, 0, 0, 6 | Size = 517120 bytes | Modified Date = 6/06/2003 2:49:06 PM | Attr = ]
CTHelper -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 10 | Size = 24576 bytes | Modified Date = 3/09/2002 12:55:42 PM | Attr = ]
CTStartup -> %ProgramFiles%\Creative\Splash Screen\CTEaxSpl.exe -> Creative Technology Ltd. [Ver = 1, 1, 0, 4 | Size = 49152 bytes | Modified Date = 13/09/2002 1:04:00 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 11/03/2003 10:11:56 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 155648 bytes | Modified Date = 11/03/2003 10:24:08 AM | Attr = ]
KnobMonitor -> %SystemDrive%\ACER\KnobMonitor.exe -> Acer Inc. [Ver = 1.0.0.0 | Size = 248832 bytes | Modified Date = 2/06/2003 4:55:38 PM | Attr = ]
ledpointer -> %SystemRoot%\CNYHKey.exe -> Chicony [Ver = 2, 2, 0, 0 | Size = 5753344 bytes | Modified Date = 27/05/2003 3:10:40 PM | Attr = ]
MPS -> %SystemDrive%\ACER\MPS.exe -> [Ver = 1, 0, 0, 0 | Size = 212992 bytes | Modified Date = 30/05/2003 11:32:28 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 4595712 bytes | Modified Date = 3/03/2003 11:44:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 323584 bytes | Modified Date = 3/03/2003 11:44:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 4/12/2006 5:41:38 PM | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 27/03/2003 4:34:58 PM | Attr = ]
SSER -> %SystemRoot%\SSer.exe -> [Ver = | Size = 36864 bytes | Modified Date = 6/06/2003 8:07:24 PM | Attr = ]
StopHS -> %SystemRoot%\stopHS.bat -> [Ver = | Size = 38 bytes | Modified Date = 23/05/2003 7:23:14 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_11\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75520 bytes | Modified Date = 15/12/2006 3:23:28 AM | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11/05/2000 1:00:00 AM | Attr = ]
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
Flag -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Nnjqwh -> ???ä\??rss.exe -> File not found
NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 49152 bytes | Modified Date = 3/03/2003 11:44:00 AM | Attr = ]
Rru -> %System32%\?ystem32\m?config.exe -> File not found
< RunOnce [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
CTStartup -> %ProgramFiles%\Creative\Splash Screen\CTEaxSpl.exe -> Creative Technology Ltd. [Ver = 1, 1, 0, 4 | Size = 49152 bytes | Modified Date = 13/09/2002 1:04:00 AM | Attr = ]
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2082 | Size = 315392 bytes | Modified Date = 11/03/2003 10:11:06 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

mickyg65

2007-11-17, 05:34

< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.acer.com.au/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 16/04/2001 4:39:02 PM | Attr = ]
{19B1AA62-6E80-4476-A34B-6CE33FEEAD95} [HKLM] -> %System32%\ogc.dll [Reg Data - Value does not exist] -> File not found
{19B6A965-6585-192C-A34B-6CE33FEEAA9B} [HKLM] -> %System32%\ifiqazs.dll [Reg Data - Value does not exist] -> File not found
{2768DDAF-1140-6DB8-6527-4A71B6769498} [HKLM] -> %System32%\kphlwker.dll [Reg Data - Value does not exist] -> File not found
{3B691981-D168-AA9A-1A10-898DB922D5CF} [HKLM] -> %System32%\dgjhrun.dll [Reg Data - Value does not exist] -> File not found
{3D3D198A-8163-AE9D-1A10-898DB9228F9F} [HKLM] -> %System32%\gijao.dll [Reg Data - Value does not exist] -> File not found
{3DE40746-9CF7-E300-82F9-C76936FF86CF} [HKLM] -> %System32%\xasjcqiw.dll [Reg Data - Value does not exist] -> File not found
{4C89FABB-3707-47FB-2973-3FB60A4FF299} [HKLM] -> %System32%\gri.dll [Reg Data - Value does not exist] -> File not found
{515F9664-59D4-7B23-A1EB-06D58C27B49A} [HKLM] -> %System32%\wnqafiru.dll [Reg Data - Value does not exist] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
{69892946-B38C-962C-A048-9D2B5EE48CC1} [HKLM] -> %System32%\gxa.dll [Reg Data - Value does not exist] -> File not found
{6E6C1189-DA63-F3C9-1A10-898DB92285C5} [HKLM] -> %System32%\airpae.dll [Reg Data - Value does not exist] -> File not found
{75ABA022-62CB-116D-B9EA-36A67B5F97CF} [HKLM] -> %System32%\szpl.dll [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{93E93C04-A7C8-DC34-BB29-8B8A34832C9B} [HKLM] -> %System32%\guuhw.dll [Reg Data - Value does not exist] -> File not found
{9B091F4E-86AC-A45C-D90C-88ADDBE72897} [HKLM] -> %System32%\ffrpwd.dll [Reg Data - Value does not exist] -> File not found
{B690FC29-37CB-4E6F-EC5F-3D76166F03C2} [HKLM] -> %System32%\oevlrcv.dll [Reg Data - Value does not exist] -> File not found
{CB051F4C-D5AB-AC57-D90C-88ADDBE774C6} [HKLM] -> %System32%\lzkduj.dll [Reg Data - Value does not exist] -> File not found
{F5DDCB0A-02B9-2C1F-9B18-09E55F6C10C5} [HKLM] -> %System32%\rktfvm.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{53E0B6E8-A51D-448B-B692-40B67B285543} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 3:23:26 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 3:23:24 AM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1D8D9DF8-FC78-4311-9AAC-DCA1FDC48CD0} -> (1394 Net Adapter) ->
{3BF40F58-D824-463B-91D6-64DCA8384C1C} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{4FE707D6-2894-4D1F-9C66-8F54C031F68A} -> (D-Link USB Remote NDIS Network Device) ->
{722F6A26-FAD0-4D93-904E-44FA5FF1F72A} -> (1394 Net Adapter) ->
{A4692EC0-EABA-465B-8D0D-338F789AD807} -> (1394 Net Adapter) ->
{E0E957BF-936E-4178-B73A-5EEB87AF8188} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145443881875 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145503261265 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37810.8261226852 ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->

[Registry - Additional Scans - Non-Microsoft Only]

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Created Date = 2/01/1601 2:00:00 PM | Attr = HS]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 20/10/2007 1:09:21 PM | Attr = RH ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 5/11/2007 7:23:58 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 20/10/2007 1:31:00 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 5/11/2007 7:31:03 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 5/11/2007 7:31:22 PM | Attr = ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 14/11/2007 7:35:22 AM | Attr = H ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 5/11/2007 7:23:13 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 20/10/2007 11:40:16 AM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 20/10/2007 11:40:17 AM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 20/10/2007 11:40:18 AM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 20/10/2007 11:54:29 AM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 20/10/2007 11:40:20 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Modified Date = 17/11/2007 9:05:54 AM | Attr = HS]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 20/10/2007 2:09:22 PM | Attr = RH ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 5/11/2007 8:24:00 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 20/10/2007 2:31:02 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 17/11/2007 9:05:56 AM | Attr = S]
MYOBP.INI -> %SystemRoot%\MYOBP.INI -> [Ver = | Size = 364 bytes | Modified Date = 14/11/2007 8:26:08 AM | Attr = ]
MYOB.INI -> %SystemRoot%\MYOB.INI -> [Ver = | Size = 39 bytes | Modified Date = 14/11/2007 8:26:00 AM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 29/10/2007 6:56:20 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 5/11/2007 8:31:04 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/11/2007 8:31:24 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1030627 bytes | Modified Date = 20/10/2007 2:13:08 PM | Attr = ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 14/11/2007 8:35:24 AM | Attr = H ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 17/11/2007 9:06:24 AM | Attr = H ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 17/11/2007 9:06:24 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 17/11/2007 9:06:02 AM | Attr = H ]
Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 414 bytes | Modified Date = 17/11/2007 1:06:14 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 17/11/2007 9:06:26 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 235168 bytes | Modified Date = 30/10/2007 9:50:30 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 23/10/2007 9:46:12 AM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 20/10/2007 12:54:30 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 20/10/2007 12:54:30 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 20/10/2007 12:54:30 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 20/10/2007 12:54:20 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.1.01 | Size = 6652928 bytes | Modified Date = 1/04/2003 5:47:50 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 18/08/2001 8:00:00 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 18/08/2001 8:00:00 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ASPTV.EXE -> [Ver = | Size = 135225 bytes | Modified Date = 9/05/2003 3:25:54 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ASPFM.EXE -> [Ver = | Size = 133990 bytes | Modified Date = 9/05/2003 3:27:26 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 18/08/2001 8:00:00 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 3/08/2004 10:41:38 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 23/10/2007 9:46:12 AM | Attr = ]

< End of report >

Rorschach112

2007-11-24, 22:16

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> SSER -> %SystemRoot%\SSer.exe
YY -> StopHS -> %SystemRoot%\stopHS.bat
< RunOnceEx [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
YN -> Flag ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Nnjqwh -> ???ä\??rss.exe
YN -> Rru -> %System32%\?ystem32\m?config.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {19B1AA62-6E80-4476-A34B-6CE33FEEAD95} [HKLM] -> %System32%\ogc.dll [Reg Data - Value does not exist]
YN -> {19B6A965-6585-192C-A34B-6CE33FEEAA9B} [HKLM] -> %System32%\ifiqazs.dll [Reg Data - Value does not exist]
YN -> {2768DDAF-1140-6DB8-6527-4A71B6769498} [HKLM] -> %System32%\kphlwker.dll [Reg Data - Value does not exist]
YN -> {3B691981-D168-AA9A-1A10-898DB922D5CF} [HKLM] -> %System32%\dgjhrun.dll [Reg Data - Value does not exist]
YN -> {3D3D198A-8163-AE9D-1A10-898DB9228F9F} [HKLM] -> %System32%\gijao.dll [Reg Data - Value does not exist]
YN -> {3DE40746-9CF7-E300-82F9-C76936FF86CF} [HKLM] -> %System32%\xasjcqiw.dll [Reg Data - Value does not exist]
YN -> {4C89FABB-3707-47FB-2973-3FB60A4FF299} [HKLM] -> %System32%\gri.dll [Reg Data - Value does not exist]
YN -> {515F9664-59D4-7B23-A1EB-06D58C27B49A} [HKLM] -> %System32%\wnqafiru.dll [Reg Data - Value does not exist]
YN -> {69892946-B38C-962C-A048-9D2B5EE48CC1} [HKLM] -> %System32%\gxa.dll [Reg Data - Value does not exist]
YN -> {6E6C1189-DA63-F3C9-1A10-898DB92285C5} [HKLM] -> %System32%\airpae.dll [Reg Data - Value does not exist]
YN -> {75ABA022-62CB-116D-B9EA-36A67B5F97CF} [HKLM] -> %System32%\szpl.dll [Reg Data - Value does not exist]
YN -> {93E93C04-A7C8-DC34-BB29-8B8A34832C9B} [HKLM] -> %System32%\guuhw.dll [Reg Data - Value does not exist]
YN -> {9B091F4E-86AC-A45C-D90C-88ADDBE72897} [HKLM] -> %System32%\ffrpwd.dll [Reg Data - Value does not exist]
YN -> {B690FC29-37CB-4E6F-EC5F-3D76166F03C2} [HKLM] -> %System32%\oevlrcv.dll [Reg Data - Value does not exist]
YN -> {CB051F4C-D5AB-AC57-D90C-88ADDBE774C6} [HKLM] -> %System32%\lzkduj.dll [Reg Data - Value does not exist]
YN -> {F5DDCB0A-02B9-2C1F-9B18-09E55F6C10C5} [HKLM] -> %System32%\rktfvm.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {53E0B6E8-A51D-448B-B692-40B67B285543} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.