Need some help cleaning my laptop

**Danilo-11** · 2008-01-23, 21:30

Here's the OTMoveIt:

File/Folder C:\WINDOWS\plite731.exe not found.
File/Folder C:\Documents and Settings\Daniel\Local Settings\Temp\T0CHD001.exe not found.
File/Folder C:\Program Files\MalwareAlarm not found.

Created on 01-23-2008 13:52:25

Here's the ComboFix:

ComboFix 08-01-23.2 - Daniel 2008-01-23 13:57:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.196 [GMT -6:00]
Running from: C:\Documents and Settings\Daniel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\Daniel\My Documents\YMBOLS~1
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\hydramedupd.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\WINDOWS\7search.dll
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\frexup3.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ankxlapu.dll
C:\WINDOWS\system32\atdetpak.dll
C:\WINDOWS\system32\axxckikv.dll
C:\WINDOWS\system32\bdpbwdds.ini
C:\WINDOWS\system32\caswgfen.ini
C:\WINDOWS\system32\cfcgfqrw.ini
C:\WINDOWS\system32\cqqsvwqx.dll
C:\WINDOWS\system32\d3
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dlbmipww.ini
C:\WINDOWS\system32\dmqjmfeu.ini
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\drvlikr.dll
C:\WINDOWS\system32\drvxigr.dll
C:\WINDOWS\system32\dvqqqhed.dll
C:\WINDOWS\system32\ehiqqpxk.ini
C:\WINDOWS\system32\elgfnqsg.ini
C:\WINDOWS\system32\eqyapnvh.ini
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\f22
C:\WINDOWS\system32\ghatqkio.ini
C:\WINDOWS\system32\gpflbitj.dll
C:\WINDOWS\system32\gsjnufwu.dll
C:\WINDOWS\system32\gsqnfgle.dll
C:\WINDOWS\system32\hvnpayqe.dll
C:\WINDOWS\system32\hxmjsydg.dll
C:\WINDOWS\system32\ieahyupn.dll
C:\WINDOWS\system32\iiucvhrm.dll
C:\WINDOWS\system32\ivdktyby.dll
C:\WINDOWS\system32\jdbclbet.dll
C:\WINDOWS\system32\kaptedta.ini
C:\WINDOWS\system32\kbjfcwgn.dll
C:\WINDOWS\system32\kxpqqihe.dll
C:\WINDOWS\system32\lmptnrvv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\mvjnuneq.ini
C:\WINDOWS\system32\nefgwsac.dll
C:\WINDOWS\system32\ngaoiarn.dll
C:\WINDOWS\system32\ngwcfjbk.ini
C:\WINDOWS\system32\niertcrw.ini
C:\WINDOWS\system32\oikqtahg.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.tmp
C:\WINDOWS\system32\oTt06e
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\ovhqwxlq.dll
C:\WINDOWS\system32\p8
C:\WINDOWS\system32\pdeansru.dll
C:\WINDOWS\system32\pfcjvhaf.dll
C:\WINDOWS\system32\poprqoko.dll
C:\WINDOWS\system32\qbbvycgx.dll
C:\WINDOWS\system32\qenunjvm.dll
C:\WINDOWS\system32\qmraiivx.dll
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\sddwbpdb.dll
C:\WINDOWS\system32\smjabexx.ini
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\stlovlde.dll
C:\WINDOWS\system32\suodemev.dll
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\tdlmqbvv.dll
C:\WINDOWS\system32\teblcbdj.ini
C:\WINDOWS\system32\txhirdgx.ini
C:\WINDOWS\system32\uefmjqmd.dll
C:\WINDOWS\system32\upalxkna.ini
C:\WINDOWS\system32\ursnaedp.ini
C:\WINDOWS\system32\uwfunjsg.ini
C:\WINDOWS\system32\uyxxftbs.dllbox
C:\WINDOWS\system32\v1
C:\WINDOWS\system32\vemedous.ini
C:\WINDOWS\system32\vidokcco.dll
C:\WINDOWS\system32\vllvgqhy.dll
C:\WINDOWS\system32\vvrntpml.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\whlxplva.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wqalsmhw.dll
C:\WINDOWS\system32\wrctrein.dll
C:\WINDOWS\system32\wrqfgcfc.dll
C:\WINDOWS\system32\wwpimbld.dll
C:\WINDOWS\system32\xgcyvbbq.ini
C:\WINDOWS\system32\xgdrihxt.dll
C:\WINDOWS\system32\xqwvsqqc.ini
C:\WINDOWS\system32\xviiarmq.ini
C:\WINDOWS\system32\xxebajms.dll
C:\WINDOWS\system32\ybytkdvi.ini
C:\WINDOWS\system32\yhqgvllv.ini
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 21:40 . 2008-01-22 21:40 <DIR> d-------- C:\VundoFix Backups
2008-01-22 18:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 17:42 . 2008-01-22 17:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-21 21:03 . 2008-01-21 21:04 <DIR> d-------- C:\Program Files\Irfanview
2008-01-21 20:45 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\Ps_setup.ini
2008-01-17 20:58 . 2008-01-17 20:58 268 --ah----- C:\sqmdata10.sqm
2008-01-17 20:58 . 2008-01-17 20:58 244 --ah----- C:\sqmnoopt10.sqm
2008-01-17 19:20 . 2008-01-17 19:20 268 --ah----- C:\sqmdata09.sqm
2008-01-17 19:20 . 2008-01-17 19:20 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 19:12 . 2003-09-25 15:39 102,481 --------- C:\WINDOWS\system32\stac97.cpl
2008-01-17 19:11 . 2008-01-17 19:11 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-17 19:11 . 2003-07-17 17:19 230,416 --a------ C:\WINDOWS\system32\drivers\stac97.sys
2008-01-16 00:18 . 2008-01-16 00:18 <DIR> d-------- C:\McAfee
2008-01-16 00:16 . 2008-01-16 00:16 <DIR> d-------- C:\SiteAdvisor
2008-01-16 00:02 . 2008-01-16 00:02 268 --ah----- C:\sqmdata08.sqm
2008-01-16 00:02 . 2008-01-16 00:02 244 --ah----- C:\sqmnoopt08.sqm
2008-01-15 23:59 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\Realtek
2008-01-15 23:58 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-01-12 21:37 . 2008-01-12 21:37 268 --ah----- C:\sqmdata07.sqm
2008-01-12 21:37 . 2008-01-12 21:37 244 --ah----- C:\sqmnoopt07.sqm
2008-01-12 17:59 . 2008-01-23 14:02 10,987 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-12 17:57 . 2008-01-16 00:02 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-12 17:55 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-12 17:52 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-12 17:51 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-12 17:51 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-12 17:51 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-12 17:51 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-12 17:51 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-12 17:48 . 2008-01-12 17:51 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-12 17:46 . 2008-01-12 17:46 268 --ah----- C:\sqmdata06.sqm
2008-01-12 17:46 . 2008-01-12 17:46 244 --ah----- C:\sqmnoopt06.sqm
2008-01-12 17:30 . 2008-01-12 21:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 17:10 . 2008-01-12 17:10 268 --ah----- C:\sqmdata05.sqm
2008-01-12 17:10 . 2008-01-12 17:10 244 --ah----- C:\sqmnoopt05.sqm
2008-01-12 17:04 . 2008-01-12 17:04 268 --ah----- C:\sqmdata04.sqm
2008-01-12 17:04 . 2008-01-12 17:04 244 --ah----- C:\sqmnoopt04.sqm
2008-01-11 14:42 . 2008-01-21 21:09 16,808 --a------ C:\WINDOWS\BM4bb1e9b4.xml
2008-01-11 14:42 . 2008-01-22 18:04 21 --a------ C:\WINDOWS\pskt.ini
2008-01-09 18:34 . 2008-01-09 18:34 268 --ah----- C:\sqmdata03.sqm
2008-01-09 18:34 . 2008-01-09 18:34 244 --ah----- C:\sqmnoopt03.sqm
2008-01-08 20:11 . 2008-01-09 17:58 1,049,449 ---hs---- C:\WINDOWS\system32\tfcdflrj.ini
2008-01-01 08:52 . 2008-01-03 09:27 1,036,162 ---hs---- C:\WINDOWS\system32\vvbfbcjf.ini
2007-12-31 00:10 . 2007-12-31 18:04 1,031,199 ---hs---- C:\WINDOWS\system32\mocyjugv.ini
2007-12-29 19:27 . 2007-12-31 00:07 1,031,139 ---hs---- C:\WINDOWS\system32\tfqvhokg.ini
2007-12-29 17:07 . 2007-12-29 17:07 1,031,139 ---hs---- C:\WINDOWS\system32\xqxdiwku.ini
2007-12-26 09:17 . 2007-12-27 09:29 1,027,531 ---hs---- C:\WINDOWS\system32\pvjcdwlv.ini
2007-12-26 00:15 . 2007-12-26 00:18 1,019,217 ---hs---- C:\WINDOWS\system32\jtcbgtih.ini
2007-12-25 00:22 . 2007-12-26 00:14 1,010,035 ---hs---- C:\WINDOWS\system32\pqxmbqpq.ini
2007-12-23 22:04 . 2007-12-25 00:16 990,639 ---hs---- C:\WINDOWS\system32\jdmanntd.ini
2007-12-23 22:04 . 2007-12-23 22:04 244 --ah----- C:\sqmnoopt02.sqm
2007-12-23 22:04 . 2007-12-23 22:04 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 05:53 --------- d-----w C:\Program Files\Firefox
2008-01-23 04:25 --------- d-----w C:\Program Files\McAfee
2008-01-21 00:45 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-18 04:34 --------- d-----w C:\Program Files\Adaware
2008-01-18 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 03:17 --------- d-----w C:\Program Files\FLV Player
2008-01-13 03:07 --------- d-----w C:\Program Files\QuickTime
2008-01-13 03:03 --------- d-----w C:\Program Files\Logitech
2008-01-13 03:02 --------- d-----w C:\Program Files\Limewire
2008-01-13 00:01 --------- d-----w C:\Program Files\McAfee.com
2008-01-12 23:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 23:33 --------- d-----w C:\Program Files\AntiVirus
2007-11-14 00:08 246 ----a-w C:\Program Files\Common Files\qucam
2007-07-28 03:28 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-07-28 03:21 409,250 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"pbmini"="C:\Program Files\Pcast\PodcastbarMini\PodcastBarMiniStater.exe" [ ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 17:46 192512]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-26 20:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-01-26 20:03 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-27 13:05 180269]
"CFSServ.exe"="CFSServ.exe" []
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"InCD"="C:\Program Files\Nero\InCD\InCD.exe" [2006-03-16 02:00 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-13 11:25 98304]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 15:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 16:01 86073]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{232f4e3f2-bab8-11d0-97b9-00c04f98bcb9}]
C:\WINDOWS\system32\winsecurityxp\rk.exe -r -p mswinup.exe -p rk.exe -f winsecurityxp -v MSWindowsUpdate -tcp 22277 -udp 22277 -v %SystemDir%winsecurityxpmswinup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 23:50:57 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-01-12 23:50:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 14:03:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.

**Danilo-11** · 2008-01-23, 21:34

Here's the HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pbmini] C:\Program Files\Pcast\PodcastbarMini\PodcastBarMiniStater.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://danilo-11.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://danilo-11.spaces.live.com/Pho...d/MsnPUpld.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 7619 bytes

**ken545** · 2008-01-24, 03:44

Hello,

Your doing well ,

just some leftovers.

C:\Program Files\Pcast
Read this about this program and then uninstall it via the Add Remove Programs in the Control Panel

Description of PodcastbarMini
PodcastbarMini claims to be an online P2P TV broadcasting application. It advertises pop-ups and may download other malware.

Remove this entry with HJT.
O4 - HKCU\..\Run: [pbmini] C:\Program Files\Pcast\PodcastbarMini\PodcastBarMiniStater.exe

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
C:\WINDOWS\system32\tfcdflrj.ini
C:\WINDOWS\system32\vvbfbcjf.ini
C:\WINDOWS\system32\mocyjugv.ini
C:\WINDOWS\system32\tfqvhokg.ini
C:\WINDOWS\system32\xqxdiwku.ini
C:\WINDOWS\system32\pvjcdwlv.ini
C:\WINDOWS\system32\jtcbgtih.ini
C:\WINDOWS\system32\pqxmbqpq.ini
C:\WINDOWS\system32\jdmanntd.ini

Folder::
C:\VundoFix Backups
C:\Program Files\Pcast

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log, also let me know how your system is running now

**Danilo-11** · 2008-01-24, 12:38

ComboFix:

(I deleted the 1st 10-15 lines, because the message was too long)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\uninstall.exe.bad
C:\WINDOWS\system32\bamijcau.ini
C:\WINDOWS\system32\bstkflek.ini
C:\WINDOWS\system32\cgsalylg.ini
C:\WINDOWS\system32\cqnelfjf.ini
C:\WINDOWS\system32\cvqbtirc.ini
C:\WINDOWS\system32\ddercmcf.ini
C:\WINDOWS\system32\edcdpabf.ini
C:\WINDOWS\system32\giogmrrb.ini
C:\WINDOWS\system32\gupumsbf.ini
C:\WINDOWS\system32\igrwfrll.ini
C:\WINDOWS\system32\ipoilbrr.ini
C:\WINDOWS\system32\jdmanntd.ini
C:\WINDOWS\system32\jhvdttpb.ini
C:\WINDOWS\system32\jibnifcj.ini
C:\WINDOWS\system32\jldpqnkr.ini
C:\WINDOWS\system32\jtcbgtih.ini
C:\WINDOWS\system32\kibipbfl.ini
C:\WINDOWS\system32\kxsbpouv.ini
C:\WINDOWS\system32\mocyjugv.ini
C:\WINDOWS\system32\mrtqdwii.ini
C:\WINDOWS\system32\mtdoesyk.ini
C:\WINDOWS\system32\mtreuhdl.ini
C:\WINDOWS\system32\oimaiwts.ini
C:\WINDOWS\system32\pqxmbqpq.ini
C:\WINDOWS\system32\pvjcdwlv.ini
C:\WINDOWS\system32\pytbmgtr.ini
C:\WINDOWS\system32\qgrrignt.ini
C:\WINDOWS\system32\sbulwloo.ini
C:\WINDOWS\system32\scdegjtp.ini
C:\WINDOWS\system32\tfcdflrj.ini
C:\WINDOWS\system32\tfqvhokg.ini
C:\WINDOWS\system32\tjanefhc.ini
C:\WINDOWS\system32\ucwkfxxg.ini
C:\WINDOWS\system32\uhnhopud.ini
C:\WINDOWS\system32\uikwhqjv.ini
C:\WINDOWS\system32\vvbfbcjf.ini
C:\WINDOWS\system32\wjgavpmx.ini
C:\WINDOWS\system32\xqxdiwku.ini
C:\WINDOWS\system32\yftpkier.ini
C:\WINDOWS\system32\ygyppjom.ini
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\Daniel\My Documents\YMBOLS~1
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Daniel\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\hydramedupd.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack8.exe
C:\Program Files\ISM2\targets.gz
C:\WINDOWS\7search.dll
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\frexup3.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ankxlapu.dll
C:\WINDOWS\system32\atdetpak.dll
C:\WINDOWS\system32\axxckikv.dll
C:\WINDOWS\system32\bdpbwdds.ini
C:\WINDOWS\system32\caswgfen.ini
C:\WINDOWS\system32\cfcgfqrw.ini
C:\WINDOWS\system32\cqqsvwqx.dll
C:\WINDOWS\system32\d3
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dlbmipww.ini
C:\WINDOWS\system32\dmqjmfeu.ini
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\drvlikr.dll
C:\WINDOWS\system32\drvxigr.dll
C:\WINDOWS\system32\dvqqqhed.dll
C:\WINDOWS\system32\ehiqqpxk.ini
C:\WINDOWS\system32\elgfnqsg.ini
C:\WINDOWS\system32\eqyapnvh.ini
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\f22
C:\WINDOWS\system32\ghatqkio.ini
C:\WINDOWS\system32\gpflbitj.dll
C:\WINDOWS\system32\gsjnufwu.dll
C:\WINDOWS\system32\gsqnfgle.dll
C:\WINDOWS\system32\hvnpayqe.dll
C:\WINDOWS\system32\hxmjsydg.dll
C:\WINDOWS\system32\ieahyupn.dll
C:\WINDOWS\system32\iiucvhrm.dll
C:\WINDOWS\system32\ivdktyby.dll
C:\WINDOWS\system32\jdbclbet.dll
C:\WINDOWS\system32\kaptedta.ini
C:\WINDOWS\system32\kbjfcwgn.dll
C:\WINDOWS\system32\kxpqqihe.dll
C:\WINDOWS\system32\lmptnrvv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\mvjnuneq.ini
C:\WINDOWS\system32\nefgwsac.dll
C:\WINDOWS\system32\ngaoiarn.dll
C:\WINDOWS\system32\ngwcfjbk.ini
C:\WINDOWS\system32\niertcrw.ini
C:\WINDOWS\system32\oikqtahg.dll
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.tmp
C:\WINDOWS\system32\oTt06e
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\ovhqwxlq.dll
C:\WINDOWS\system32\p8
C:\WINDOWS\system32\pdeansru.dll
C:\WINDOWS\system32\pfcjvhaf.dll
C:\WINDOWS\system32\poprqoko.dll
C:\WINDOWS\system32\qbbvycgx.dll
C:\WINDOWS\system32\qenunjvm.dll
C:\WINDOWS\system32\qmraiivx.dll
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\sddwbpdb.dll
C:\WINDOWS\system32\smjabexx.ini
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\stlovlde.dll
C:\WINDOWS\system32\suodemev.dll
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\tdlmqbvv.dll
C:\WINDOWS\system32\teblcbdj.ini
C:\WINDOWS\system32\txhirdgx.ini
C:\WINDOWS\system32\uefmjqmd.dll
C:\WINDOWS\system32\upalxkna.ini
C:\WINDOWS\system32\ursnaedp.ini
C:\WINDOWS\system32\uwfunjsg.ini
C:\WINDOWS\system32\uyxxftbs.dllbox
C:\WINDOWS\system32\v1
C:\WINDOWS\system32\vemedous.ini
C:\WINDOWS\system32\vidokcco.dll
C:\WINDOWS\system32\vllvgqhy.dll
C:\WINDOWS\system32\vvrntpml.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\whlxplva.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wqalsmhw.dll
C:\WINDOWS\system32\wrctrein.dll
C:\WINDOWS\system32\wrqfgcfc.dll
C:\WINDOWS\system32\wwpimbld.dll
C:\WINDOWS\system32\xgcyvbbq.ini
C:\WINDOWS\system32\xgdrihxt.dll
C:\WINDOWS\system32\xqwvsqqc.ini
C:\WINDOWS\system32\xviiarmq.ini
C:\WINDOWS\system32\xxebajms.dll
C:\WINDOWS\system32\ybytkdvi.ini
C:\WINDOWS\system32\yhqgvllv.ini
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-23 19:05 . 2008-01-23 19:05 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-22 18:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 17:42 . 2008-01-22 17:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-21 21:03 . 2008-01-21 21:04 <DIR> d-------- C:\Program Files\Irfanview
2008-01-21 20:45 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\Ps_setup.ini
2008-01-17 20:58 . 2008-01-17 20:58 268 --ah----- C:\sqmdata10.sqm
2008-01-17 20:58 . 2008-01-17 20:58 244 --ah----- C:\sqmnoopt10.sqm
2008-01-17 19:20 . 2008-01-17 19:20 268 --ah----- C:\sqmdata09.sqm
2008-01-17 19:20 . 2008-01-17 19:20 244 --ah----- C:\sqmnoopt09.sqm
2008-01-17 19:12 . 2003-09-25 15:39 102,481 --------- C:\WINDOWS\system32\stac97.cpl
2008-01-17 19:11 . 2008-01-17 19:11 <DIR> d-------- C:\Program Files\SigmaTel
2008-01-17 19:11 . 2003-07-17 17:19 230,416 --a------ C:\WINDOWS\system32\drivers\stac97.sys
2008-01-16 00:18 . 2008-01-16 00:18 <DIR> d-------- C:\McAfee
2008-01-16 00:16 . 2008-01-16 00:16 <DIR> d-------- C:\SiteAdvisor
2008-01-16 00:02 . 2008-01-16 00:02 268 --ah----- C:\sqmdata08.sqm
2008-01-16 00:02 . 2008-01-16 00:02 244 --ah----- C:\sqmnoopt08.sqm
2008-01-15 23:59 . 2008-01-15 23:59 <DIR> d-------- C:\Program Files\Realtek
2008-01-15 23:58 . 2005-04-16 22:20 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2008-01-12 21:37 . 2008-01-12 21:37 268 --ah----- C:\sqmdata07.sqm
2008-01-12 21:37 . 2008-01-12 21:37 244 --ah----- C:\sqmnoopt07.sqm
2008-01-12 17:59 . 2008-01-24 04:54 11,119 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-12 17:57 . 2008-01-16 00:02 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-01-12 17:55 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-12 17:52 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-12 17:51 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-12 17:51 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-12 17:51 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-12 17:51 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-12 17:51 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-12 17:48 . 2008-01-12 17:51 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-12 17:46 . 2008-01-12 17:46 268 --ah----- C:\sqmdata06.sqm
2008-01-12 17:46 . 2008-01-12 17:46 244 --ah----- C:\sqmnoopt06.sqm
2008-01-12 17:30 . 2008-01-12 21:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-12 17:10 . 2008-01-12 17:10 268 --ah----- C:\sqmdata05.sqm
2008-01-12 17:10 . 2008-01-12 17:10 244 --ah----- C:\sqmnoopt05.sqm
2008-01-12 17:04 . 2008-01-12 17:04 268 --ah----- C:\sqmdata04.sqm
2008-01-12 17:04 . 2008-01-12 17:04 244 --ah----- C:\sqmnoopt04.sqm
2008-01-11 14:42 . 2008-01-21 21:09 16,808 --a------ C:\WINDOWS\BM4bb1e9b4.xml
2008-01-11 14:42 . 2008-01-22 18:04 21 --a------ C:\WINDOWS\pskt.ini
2008-01-09 18:34 . 2008-01-09 18:34 268 --ah----- C:\sqmdata03.sqm
2008-01-09 18:34 . 2008-01-09 18:34 244 --ah----- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 10:45 --------- d-----w C:\Program Files\Firefox
2008-01-24 01:05 --------- d-----w C:\Program Files\McAfee
2008-01-21 00:45 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-18 04:34 --------- d-----w C:\Program Files\Adaware
2008-01-18 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 03:17 --------- d-----w C:\Program Files\FLV Player
2008-01-13 03:07 --------- d-----w C:\Program Files\QuickTime
2008-01-13 03:03 --------- d-----w C:\Program Files\Logitech
2008-01-13 03:02 --------- d-----w C:\Program Files\Limewire
2008-01-13 00:01 --------- d-----w C:\Program Files\McAfee.com
2008-01-12 23:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 23:33 --------- d-----w C:\Program Files\AntiVirus
2007-11-14 00:08 246 ----a-w C:\Program Files\Common Files\qucam
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-07-28 03:28 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-07-28 03:21 409,250 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_14.06.44.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 19:56:51 585,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-24 10:55:27 585,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 19:56:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-24 10:55:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 19:56:54 5,193,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-24 10:55:30 5,193,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-23 19:56:54 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-24 10:55:30 102,400 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 19:56:54 585,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-24 10:55:31 585,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-23 19:56:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-24 10:55:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-23 04:12:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-24 10:39:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-23 04:12:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-24 10:39:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-23 04:12:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-24 10:39:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 17:46 192512]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-26 20:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-01-26 20:03 118784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"TPSMain"="TPSMain.exe" [2004-06-01 21:43 278528 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-27 13:05 180269]
"CFSServ.exe"="CFSServ.exe" []
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"InCD"="C:\Program Files\Nero\InCD\InCD.exe" [2006-03-16 02:00 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-13 11:25 98304]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 15:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29 1160480]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 16:01 86073]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-12 02:05]
S2 0120261201136722mcinstcleanup;McAfee Application Installer Cleanup (0120261201136722);C:\WINDOWS\TEMP\012026~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{232f4e3f2-bab8-11d0-97b9-00c04f98bcb9}]
C:\WINDOWS\system32\winsecurityxp\rk.exe -r -p mswinup.exe -p rk.exe -f winsecurityxp -v MSWindowsUpdate -tcp 22277 -udp 22277 -v %SystemDir%winsecurityxpmswinup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 23:50:57 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-12 23:50:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 05:00:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

**Danilo-11** · 2008-01-24, 12:41

HighJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:30, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\AntiVirus\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Nero\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://danilo-11.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://danilo-11.spaces.live.com/Pho...d/MsnPUpld.cab
O23 - Service: McAfee Application Installer Cleanup (0120261201136722) (0120261201136722mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012026~1.EXE (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 7745 bytes

**ken545** · 2008-01-24, 12:53

Good Morning,

Your HJT log looks fine

Run this system cleaner, there may be some bad files lurking in temp folders.

Download CCleaner from here to clean temp files from your computer.

Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Things are looking good, how is your system behaving now ??

**Danilo-11** · 2008-01-24, 12:58

Thanks for all the help,
as you can imagine, my laptop is working much better:
- The physical memory right now is about 280Mb, when before it would have been close to 400Mb out of 512Mb.
- Now I don't get any pop-ups when i start the laptop,
before I was getting at least 5 of them
- I don't know about now, but before this last fix that I did this morning, I noticed that when I used Firefox, it's memory usage seemed to keep on going up constantly, Do you know what might have caused that?
- My time on my laptop is still showing as military time, how can I fix it?

**ken545** · 2008-01-24, 13:13

Hello,

Glad things are better for you

If Firefox gives you trouble, make sure you have the latest version. 2.0.0.11. If not , get it here, you can install it right over the current version.
http://www.mozilla.com/en-US/firefox/

As far as military time, you can post in one of these forums for windows issues.

PcPitStop <-- You can take your system in for a checkup here.
Windows Helpnet <-- Excellent XP Forum

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
TonyKlein CastleCops
Grinler BleepingComputer
Geeks To Go
Dslreports

If you install Spyware Blaster and Spyware Guard, do not enable the Tea Timer in Spybot Search and Destroy or they will conflict.
Here are some free programs to install, don't leave home without them

Spybot Search and Destroy 1.5
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Spyware Blaster It will prevent most spyware from ever being installed.
Spyware Guard It offers realtime protection from spyware installation attempts.
Win Patrol This program will warn you when any changes are being made to your system and give
you the option to deny the change.
IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm Here is a free Firewall from Zone Labs,

Glad we could help.

Safe Surfn
Ken

**Danilo-11** · 2008-01-25, 00:31

I'll give it a try on Saturday and let you know what happens.

Thanks.

Thread: Need some help cleaning my laptop

Thread Tools

Display

Posting Permissions