beemanbone
-
Content Count
31 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by beemanbone
-
-
Ok here is a new log...
ComboFix 07-12-20.1 - Owner 2007-12-20 7:31:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.333 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\SMINST\HPCD.sys
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\RCX47.tmp
C:\WINDOWS\system32\rqronno.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\SMINST\HPCD.sys
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\RCX47.tmp
C:\WINDOWS\system32\rqronno.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.
2007-12-20 07:14 . 2007-12-20 07:14 335,360 --a------ C:\WINDOWS\system32\RCX48.tmp
2007-12-19 22:47 . 2007-12-19 22:47 352,256 --a------ C:\WINDOWS\system32\ctfmon.exe.tmp
2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-19 22:47 . 2004-08-03 23:56 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-19 14:58 . 2007-12-20 07:14 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 14:57 . 2007-12-20 07:14 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-19 14:57 . 2007-12-20 07:14 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-19 14:57 . 2007-12-20 07:14 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-19 14:57 . 2007-12-20 07:14 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-19 13:58 . 2007-12-19 22:48 335,360 --a------ C:\WINDOWS\system32\mljjk.exe
2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg
2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 13:14 --------- d-----w C:\Program Files\QuickTime
2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV
2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems
2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems
2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV
2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK
2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson
2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent
2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((( snapshot@2007-12-19_22.51.08.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 20:57:50 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
+ 2007-12-20 13:14:23 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
- 2007-12-19 20:57:51 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
+ 2007-12-20 13:14:27 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
- 2007-12-20 04:46:12 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE
+ 2007-12-20 13:42:48 233,472 ----a-w C:\WINDOWS\SMINST\RECGUARD .EXE
- 2007-12-19 21:41:07 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
+ 2007-12-20 13:14:00 578,560 ----a-w C:\WINDOWS\SMINST\RECGUARD.EXE
- 2007-12-20 04:46:48 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe
+ 2007-12-20 13:43:08 114,741 ----a-w C:\WINDOWS\system32\dla\tfswctrl .exe
- 2007-12-19 21:41:20 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
+ 2007-12-20 13:14:06 476,672 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
- 2007-12-19 21:41:16 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2007-12-20 13:14:04 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe
- 2007-12-19 21:41:12 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe
+ 2007-12-20 13:14:03 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe
- 2007-12-19 21:41:09 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2007-12-20 13:14:02 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2007-12-19 20:57:54 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
+ 2007-12-20 13:14:26 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
- 2007-12-19 20:57:57 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
+ 2007-12-20 13:14:31 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
- 2007-12-19 21:41:08 418,304 ----a-w C:\WINDOWS\system32\ps2.exe
+ 2007-12-20 13:14:00 418,304 ----a-w C:\WINDOWS\system32\ps2.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{776D26A1-0120-4155-802C-9FE4039CEB79}]
2007-12-20 07:42 331776 --a------ C:\WINDOWS\system32\mljjk.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-20 07:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-20 07:45]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-20 07:45]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-20 07:45]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-20 07:45]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-20 07:45]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-20 07:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-20 07:45]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-20 07:46]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-20 07:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-20 07:46]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-20 07:46]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\mljjk.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-12-20 07:46 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"StarWindService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"comHost"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]
\Shell\AutoRun\command - H:\setupSNK.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 07:42:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kjjlm.ini 319 bytes
C:\WINDOWS\system32\kjjlm.ini2 319 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\mljjk.dll
.
Completion time: 2007-12-20 7:48:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-19 22:52
.
2007-12-20 06:54:45 --- E O F ---
-
Thank you for your response. I am currently away from my computer, but I will do it as soon as I get home in 3 hours. Talk to you soon.
-
here's this log..
ComboFix 07-12-20.1 - Owner 2007-12-19 22:31:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.322 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Z3YBV99Q\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\pufylujg.dll
C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Bcvibqdh
C:\Program Files\Bcvibqdh\ijiobdab.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo .exe
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4 .exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\yvqdgbir
C:\Program Files\yvqdgbir\qdsjihqj.dll
C:\WINDOWS\system32\drvwek.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\mljjk.dll
C:\WINDOWS\system32\njprckha
C:\WINDOWS\system32\njprckha\bg1.gif
C:\WINDOWS\system32\njprckha\bgtop.gif
C:\WINDOWS\system32\njprckha\bottom1.gif
C:\WINDOWS\system32\njprckha\essentials.gif
C:\WINDOWS\system32\njprckha\icon1.ico
C:\WINDOWS\system32\njprckha\install1.gif
C:\WINDOWS\system32\njprckha\left1.gif
C:\WINDOWS\system32\njprckha\li.gif
C:\WINDOWS\system32\njprckha\logo.gif
C:\WINDOWS\system32\njprckha\main.htm
C:\WINDOWS\system32\njprckha\mainframe.htm
C:\WINDOWS\system32\njprckha\njprckha1.exe
C:\WINDOWS\system32\njprckha\njprckha2.exe
C:\WINDOWS\system32\njprckha\njprckha3.exe
C:\WINDOWS\system32\njprckha\reinstall1.gif
C:\WINDOWS\system32\njprckha\right1.gif
C:\WINDOWS\system32\njprckha\s1.htm
C:\WINDOWS\system32\njprckha\s2.htm
C:\WINDOWS\system32\njprckha\s3.htm
C:\WINDOWS\system32\njprckha\SMTop1.gif
C:\WINDOWS\system32\njprckha\SMTop2.gif
C:\WINDOWS\system32\njprckha\SMTop3.gif
C:\WINDOWS\system32\njprckha\SMTop4.gif
C:\WINDOWS\system32\njprckha\soft1_off.gif
C:\WINDOWS\system32\njprckha\soft1_off_ext.gif
C:\WINDOWS\system32\njprckha\soft1_on.gif
C:\WINDOWS\system32\njprckha\soft1_on_ext.gif
C:\WINDOWS\system32\njprckha\soft2_off.gif
C:\WINDOWS\system32\njprckha\soft2_off_ext.gif
C:\WINDOWS\system32\njprckha\soft2_on.gif
C:\WINDOWS\system32\njprckha\soft2_on_ext.gif
C:\WINDOWS\system32\njprckha\soft3_off.gif
C:\WINDOWS\system32\njprckha\soft3_off_ext.gif
C:\WINDOWS\system32\njprckha\soft3_on.gif
C:\WINDOWS\system32\njprckha\soft3_on_ext.gif
C:\WINDOWS\system32\njprckha\softbottom_off.gif
C:\WINDOWS\system32\njprckha\softbottom_on.gif
C:\WINDOWS\system32\njprckha\softleft_off.gif
C:\WINDOWS\system32\njprckha\softleft_on.gif
C:\WINDOWS\system32\njprckha\top1.gif
C:\WINDOWS\system32\njprckha\top2.gif
C:\WINDOWS\system32\njprckha\turnoff1.gif
C:\WINDOWS\system32\njprckha\turnon1.gif
C:\WINDOWS\system32\winjks32.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.
2007-12-19 22:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-19 22:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-19 22:26 . 2007-12-19 22:57 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-19 22:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-19 22:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-19 22:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-19 16:13 . 2007-12-19 16:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-19 15:53 . 2007-12-19 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert
2007-12-19 15:41 . 2007-12-19 15:41 335,360 --a------ C:\WINDOWS\system32\RCX47.tmp
2007-12-19 15:20 . 2007-12-19 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-19 14:58 . 2007-12-19 22:48 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 14:57 . 2007-12-19 22:46 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2007-12-19 14:57 . 2007-12-19 14:57 335,360 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-19 14:57 . 2007-12-19 22:46 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-19 14:57 . 2007-12-19 22:46 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-19 14:57 . 2007-12-19 22:46 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-19 13:58 . 2007-12-19 13:58 335,360 --a------ C:\WINDOWS\system32\mljjk.exe
2007-12-19 13:49 . 2007-12-19 13:49 39,936 --a------ C:\WINDOWS\system32\rqronno.dll
2007-12-01 08:07 . 2007-12-01 08:09 1,123,481,056 --a------ C:\Pushing Daisies.mpg
2007-11-27 07:48 . 2002-08-29 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 04:48 --------- d-----w C:\Program Files\QuickTime
2007-12-20 04:47 352,256 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-20 04:46 331,776 ----a-w C:\WINDOWS\system32\mljjk.dll
2007-12-20 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-19 21:41 825,344 ----a-w C:\WINDOWS\system32\hphmon05.exe
2007-12-19 21:41 492,032 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-19 21:41 455,168 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-19 21:41 418,304 ----a-w C:\WINDOWS\system32\ps2.exe
2007-12-19 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2007-11-26 01:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-16 13:33 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:21 --------- d-----w C:\Program Files\WinTV
2007-10-27 13:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ulead Systems
2007-10-27 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-10-27 13:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2007-10-27 13:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-27 13:23 --------- d-----w C:\Program Files\Ulead Systems
2007-10-27 12:50 --------- d-----w C:\Program Files\nanoPEG for WinTV
2007-10-27 12:49 --------- d-----w C:\Program Files\Common Files\IviSDK
2007-10-26 19:51 --------- d-----w C:\Program Files\Ericsson
2007-10-26 19:49 --------- d-----w C:\Program Files\BitTorrent
2007-09-01 12:55 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2004-08-04 01:16 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A09CF5-2FC9-4867-9697-A954294A6909}]
2007-12-19 22:46 331776 --a------ C:\WINDOWS\system32\mljjk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9E85D85-F6EE-4655-A639-E33983612A6E}]
2007-12-19 13:49 39936 --a------ C:\WINDOWS\system32\rqronno.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2007-12-19 22:47]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-19 22:47]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2007-12-19 22:47]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-19 22:47]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-19 22:47]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 22:48]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2007-12-19 22:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 22:48]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-19 22:48]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-19 22:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-19 22:48]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-12-19 22:48]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 17:36]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B9E85D85-F6EE-4655-A639-E33983612A6E}"= C:\WINDOWS\system32\rqronno.dll [2007-12-19 13:49 39936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqronno]
rqronno.dll 2007-12-19 13:49 39936 C:\WINDOWS\system32\rqronno.dll
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\mljjk.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mljjk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-12-19 22:48 422400 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-08-16 16:45 45056 --a------ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-09-22 13:08 987136 --a------ C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 05:23 49152 --a------ c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 18:04 52736 --a------ c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-06-24 14:16 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 21:02 61440 --a------ C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-05-28 21:48 155648 --------- C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2005-04-02 22:08 98304 --a------ C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 19:28 155648 --a------ C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"StarWindService"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"comHost"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R2 CdaD10BA;CdaD10BA;C:\WINDOWS\system32\drivers\CdaD10BA.SYS [2006-11-01 21:24]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-09-02 21:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f31d8fe-21d6-11d9-928a-000c76ff2271}]
\Shell\AutoRun\command - H:\setupSNK.exe
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 21:53:35 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2007-12-06 23:50:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2007-12-15 02:01:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 22:46:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rqronno.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\rqronno.dll
-> C:\WINDOWS\system32\mljjk.dll
.
Completion time: 2007-12-19 22:52:56 - machine was rebooted
.
2007-12-19 14:52:07 --- E O F ---
-
Here is this log:
SmitFraudFix v2.274
Scan done at 22:26:10.76, Wed 12/19/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\igfxtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\System32\hphmon05 .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SecCenter\scprot4 .exe
C:\Program Files\Outerinfo\Outerinfo .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\drvwek.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.cool.gif - Packet Scheduler Miniport
DNS Server Search Order: 65.83.241.181
DNS Server Search Order: 67.32.118.46
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D8410A5-D152-4FC3-9560-8EEE56B5D748}: DhcpNameServer=65.83.241.181 67.32.118.46
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=65.83.241.181 67.32.118.46
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
I have very limited computer knowledge. I'm desperate. Any help would be greatly appreciated. This is my log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:43 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\System32\hphmon05 .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\SecCenter\scprot4 .exe
C:\Program Files\Outerinfo\Outerinfo .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nkzezsdw] rundll32.exe "C:\Program Files\yvqdgbir\qdsjihqj.dll",Init
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwek.dll,startup
O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [pufylujg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pufylujg.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10505 bytes
Scprot4.exe
in Malware Removal
Posted
And this log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:54 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\System32\hphmon05 .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjk.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applicatio...torLauncher.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174224923609
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 10538 bytes