1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virtumonde keeps coming back

Discussion in 'Virus & Other Malware Removal' started by blightfyre, Jun 17, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    well, i've run adaware, spybot, combofix, and ewido and virtumonde keeps coming back with popups. hopefully no keylogger. told wife not to bank with this computer. wierd this is that when i use spybot and it finds it and tries to fix i get errors. first time posting a thread about computer problems so be gentle. here is a copy of my hijack log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:09:06 PM, on 6/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:85
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: (no name) - {001E82B2-9B4D-4B12-8858-ABCF6D2BE0D9} - C:\WINDOWS\System32\comre.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {09702BD3-16FA-49FB-98D7-062537702BFc} - C:\WINDOWS\system32\mdwsysri.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spc.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: H - {70C872E5-69F5-456f-B809-484106881B7B} - q24m.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {87BC8A7B-230D-428B-9971-3CF9DFA3073A} - C:\Program Files\MSN Gaming Zone\fomeres821058.dll (file missing)
    O2 - BHO: (no name) - {8C63B84A-75F7-745F-F949-71A2E3994AE5} - C:\WINDOWS\system32\tupuga.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: 0 - {DCA5BCBE-08A7-4D54-9293-2A0A05E240D4} - C:\Program Files\Messenger\labunuw928.dll (file missing)
    O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\bnome.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\omfmnxqb.dll",setvm
    O4 - HKLM\..\RunServices: [DIRECWAY TurboPOP] C:\tpop\tpopservice.exe -start
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3637] command /c del "C:\WINDOWS\system32\wgsoydeo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8638] cmd /c del "C:\WINDOWS\system32\wgsoydeo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8811] command /c del "C:\WINDOWS\system32\bvkwiuat.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2707] cmd /c del "C:\WINDOWS\system32\bvkwiuat.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA650] command /c del "C:\WINDOWS\system32\gjryopmu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2413] cmd /c del "C:\WINDOWS\system32\gjryopmu.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA794] command /c del "C:\WINDOWS\system32\grorkmxv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1176] cmd /c del "C:\WINDOWS\system32\grorkmxv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2222] command /c del "C:\WINDOWS\system32\grvdhrcn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4558] cmd /c del "C:\WINDOWS\system32\grvdhrcn.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1884] command /c del "C:\WINDOWS\system32\gxmqhwlm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3928] cmd /c del "C:\WINDOWS\system32\gxmqhwlm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5360] command /c del "C:\WINDOWS\system32\gxxgmrlg.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9820] cmd /c del "C:\WINDOWS\system32\gxxgmrlg.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2403] command /c del "C:\WINDOWS\system32\gyeoqdet.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9773] cmd /c del "C:\WINDOWS\system32\gyeoqdet.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1670] command /c del "C:\WINDOWS\system32\hdxxdgfe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7] cmd /c del "C:\WINDOWS\system32\hdxxdgfe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5068] command /c del "C:\WINDOWS\system32\hfnfprpd.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5903] cmd /c del "C:\WINDOWS\system32\hfnfprpd.dll_old"
    O4 - HKCU\..\Run: [Lxs] C:\Documents and Settings\master mark\My Documents\?dobe\msconfig.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB542] command /c del "C:\WINDOWS\system32\wgsoydeo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5013] cmd /c del "C:\WINDOWS\system32\wgsoydeo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6636] command /c del "C:\WINDOWS\system32\bvkwiuat.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD748] cmd /c del "C:\WINDOWS\system32\bvkwiuat.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8447] command /c del "C:\WINDOWS\system32\gjryopmu.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7849] cmd /c del "C:\WINDOWS\system32\gjryopmu.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4582] command /c del "C:\WINDOWS\system32\grorkmxv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2174] cmd /c del "C:\WINDOWS\system32\grorkmxv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9780] command /c del "C:\WINDOWS\system32\grvdhrcn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6507] cmd /c del "C:\WINDOWS\system32\grvdhrcn.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9131] command /c del "C:\WINDOWS\system32\gxmqhwlm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3486] cmd /c del "C:\WINDOWS\system32\gxmqhwlm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4292] command /c del "C:\WINDOWS\system32\gxxgmrlg.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9304] cmd /c del "C:\WINDOWS\system32\gxxgmrlg.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6895] command /c del "C:\WINDOWS\system32\gyeoqdet.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6375] cmd /c del "C:\WINDOWS\system32\gyeoqdet.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3123] command /c del "C:\WINDOWS\system32\hdxxdgfe.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3553] cmd /c del "C:\WINDOWS\system32\hdxxdgfe.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3156] command /c del "C:\WINDOWS\system32\hfnfprpd.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4327] cmd /c del "C:\WINDOWS\system32\hfnfprpd.dll_old"
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41107731fd4f467f8418d9ce7fce54a5
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41107731fd4f467f8418d9ce7fce54a5
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193565886953
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: bnome - C:\WINDOWS\SYSTEM32\bnome.dll
    O20 - Winlogon Notify: ceahf - C:\WINDOWS\SYSTEM32\ceahf.dll
    O20 - Winlogon Notify: cmhtq - C:\WINDOWS\SYSTEM32\cmhtq.dll
    O20 - Winlogon Notify: ddjlq - C:\WINDOWS\SYSTEM32\ddjlq.dll
    O20 - Winlogon Notify: dejpe - C:\WINDOWS\SYSTEM32\dejpe.dll
    O20 - Winlogon Notify: dmerk - C:\WINDOWS\SYSTEM32\dmerk.dll
    O20 - Winlogon Notify: eeppq - C:\WINDOWS\SYSTEM32\eeppq.dll
    O20 - Winlogon Notify: ejktp - C:\WINDOWS\SYSTEM32\ejktp.dll
    O20 - Winlogon Notify: ejpie - C:\WINDOWS\SYSTEM32\ejpie.dll
    O20 - Winlogon Notify: enfus - C:\WINDOWS\SYSTEM32\enfus.dll
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dktrans.dll (file missing)
    O20 - Winlogon Notify: femps - C:\WINDOWS\SYSTEM32\femps.dll
    O20 - Winlogon Notify: foflr - C:\WINDOWS\SYSTEM32\foflr.dll
    O20 - Winlogon Notify: gacli - C:\WINDOWS\SYSTEM32\gacli.dll
    O20 - Winlogon Notify: gdbvd - C:\WINDOWS\SYSTEM32\gdbvd.dll
    O20 - Winlogon Notify: ggjqo - C:\WINDOWS\SYSTEM32\ggjqo.dll
    O20 - Winlogon Notify: gjoud - C:\WINDOWS\SYSTEM32\gjoud.dll
    O20 - Winlogon Notify: hjard - C:\WINDOWS\SYSTEM32\hjard.dll
    O20 - Winlogon Notify: hjnqe - C:\WINDOWS\SYSTEM32\hjnqe.dll
    O20 - Winlogon Notify: ljjkjij - ljjkjij.dll (file missing)
    O20 - Winlogon Notify: lpdri - C:\WINDOWS\SYSTEM32\lpdri.dll
    O20 - Winlogon Notify: melif - C:\WINDOWS\SYSTEM32\melif.dll
    O20 - Winlogon Notify: mhemf - C:\WINDOWS\SYSTEM32\mhemf.dll
    O20 - Winlogon Notify: pbaud - C:\WINDOWS\SYSTEM32\pbaud.dll
    O20 - Winlogon Notify: pdoto - C:\WINDOWS\SYSTEM32\pdoto.dll
    O20 - Winlogon Notify: pmbjj - C:\WINDOWS\SYSTEM32\pmbjj.dll
    O20 - Winlogon Notify: pppif - C:\WINDOWS\SYSTEM32\pppif.dll
    O20 - Winlogon Notify: qomkkkk - qomkkkk.dll (file missing)
    O20 - Winlogon Notify: setdrv32 - C:\WINDOWS\SYSTEM32\setdrv32.dll
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
    O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
    O20 - Winlogon Notify: yayyxxw - yayyxxw.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DIRECWAY TurboPOP (DPC_SRV_TPOP) - Unknown owner - C:\tpop\tpopservice.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    --
    End of file - 15983 bytes
     
  2. Sponsor

  3. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Hi, Welcome to TSG!!

    Can I say :eek: ??

    What a mess! Why don't you have any anti-virus software running?

    And yes please keep everyone off of this machine until we get it cleaned up! Download only what I request and no banking, on-line shopping or surfing.

    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  4. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    stupid me. god, i hate when i get impatient. combofix went through its thing, rebooted, then said it was creating log file. i thought it was hung up so i stopped the program. should i rerun the program so, i can get a log file? also, i noticed that when the thing started back up, a bunch of cmd.exe windows were popping up. do you think that has something to do with spybot running at start up? either way, i will run hijack and combofix again and post logs.
     
  5. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    You can disable spybot for the time being, or just remove it.

    Yes please do run ComboFix again and with the amount of infection you have it may take a while so don't get impatient. ;)
     
  6. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    wow, that was a quick response. here is the hijack log. i noticed 3 less things on the processes. will run the combofix again. and thank you for your help
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:44, on 2008-06-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:85
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: (no name) - {001E82B2-9B4D-4B12-8858-ABCF6D2BE0D9} - C:\WINDOWS\System32\comre.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {09702BD3-16FA-49FB-98D7-062537702BFc} - C:\WINDOWS\system32\vvuswhcn.dll
    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - (no file)
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {70C872E5-69F5-456f-B809-484106881B7B} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {87BC8A7B-230D-428B-9971-3CF9DFA3073A} - C:\Program Files\MSN Gaming Zone\fomeres821058.dll (file missing)
    O2 - BHO: (no name) - {8C63B84A-75F7-745F-F949-71A2E3994AE5} - C:\WINDOWS\system32\tupuga.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: 0 - {DCA5BCBE-08A7-4D54-9293-2A0A05E240D4} - C:\Program Files\Messenger\labunuw928.dll (file missing)
    O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\bnome.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lpeyffnv.dll",setvm
    O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF2034.exe /c C:\ComboFix\Combobatch.bat
    O4 - HKLM\..\RunServices: [DIRECWAY TurboPOP] C:\tpop\tpopservice.exe -start
    O4 - HKCU\..\Run: [Lxs] C:\Documents and Settings\master mark\My Documents\?dobe\msconfig.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41107731fd4f467f8418d9ce7fce54a5
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41107731fd4f467f8418d9ce7fce54a5
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193565886953
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: bnome - C:\WINDOWS\SYSTEM32\bnome.dll
    O20 - Winlogon Notify: ceahf - C:\WINDOWS\SYSTEM32\ceahf.dll
    O20 - Winlogon Notify: cmhtq - C:\WINDOWS\SYSTEM32\cmhtq.dll
    O20 - Winlogon Notify: ddjlq - C:\WINDOWS\SYSTEM32\ddjlq.dll
    O20 - Winlogon Notify: dejpe - C:\WINDOWS\SYSTEM32\dejpe.dll
    O20 - Winlogon Notify: dmerk - C:\WINDOWS\SYSTEM32\dmerk.dll
    O20 - Winlogon Notify: eeppq - C:\WINDOWS\SYSTEM32\eeppq.dll
    O20 - Winlogon Notify: ejktp - C:\WINDOWS\SYSTEM32\ejktp.dll
    O20 - Winlogon Notify: ejpie - C:\WINDOWS\SYSTEM32\ejpie.dll
    O20 - Winlogon Notify: enfus - C:\WINDOWS\SYSTEM32\enfus.dll
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\dktrans.dll (file missing)
    O20 - Winlogon Notify: femps - C:\WINDOWS\SYSTEM32\femps.dll
    O20 - Winlogon Notify: foflr - C:\WINDOWS\SYSTEM32\foflr.dll
    O20 - Winlogon Notify: gacli - C:\WINDOWS\SYSTEM32\gacli.dll
    O20 - Winlogon Notify: gdbvd - C:\WINDOWS\SYSTEM32\gdbvd.dll
    O20 - Winlogon Notify: ggjqo - C:\WINDOWS\SYSTEM32\ggjqo.dll
    O20 - Winlogon Notify: gjoud - C:\WINDOWS\SYSTEM32\gjoud.dll
    O20 - Winlogon Notify: hjard - C:\WINDOWS\SYSTEM32\hjard.dll
    O20 - Winlogon Notify: hjnqe - C:\WINDOWS\SYSTEM32\hjnqe.dll
    O20 - Winlogon Notify: ljjkjij - ljjkjij.dll (file missing)
    O20 - Winlogon Notify: lpdri - C:\WINDOWS\SYSTEM32\lpdri.dll
    O20 - Winlogon Notify: melif - C:\WINDOWS\SYSTEM32\melif.dll
    O20 - Winlogon Notify: mhemf - C:\WINDOWS\SYSTEM32\mhemf.dll
    O20 - Winlogon Notify: pbaud - C:\WINDOWS\SYSTEM32\pbaud.dll
    O20 - Winlogon Notify: pdoto - C:\WINDOWS\SYSTEM32\pdoto.dll
    O20 - Winlogon Notify: pmbjj - C:\WINDOWS\SYSTEM32\pmbjj.dll
    O20 - Winlogon Notify: pppif - C:\WINDOWS\SYSTEM32\pppif.dll
    O20 - Winlogon Notify: qomkkkk - qomkkkk.dll (file missing)
    O20 - Winlogon Notify: setdrv32 - setdrv32.dll (file missing)
    O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
    O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
    O20 - Winlogon Notify: yayyxxw - yayyxxw.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DIRECWAY TurboPOP (DPC_SRV_TPOP) - Unknown owner - C:\tpop\tpopservice.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 12227 bytes
     
  7. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
  8. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    ComboFix 08-06-16.5 - master mark 2008-06-19 16:56:47.2 - NTFSx86
    Running from: C:\Documents and Settings\master mark\My Documents\My Received Files\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\lpeyffnv.dll
    C:\WINDOWS\system32\vnffyepl.ini
    C:\WINDOWS\system32\vvuswhcn.dll
    C:\WINDOWS\system32\comre.dll . . . . failed to delete
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\master mark\Application Data\RACLE~1
    C:\Documents and Settings\master mark\Application Data\SpeedRunner
    C:\Documents and Settings\master mark\Application Data\SpeedRunner\config.cfg
    C:\Documents and Settings\master mark\Application Data\SpeedRunner\SpeedRunner.exe
    C:\Documents and Settings\master mark\Application Data\SpeedRunner\SRUninstall.exe
    C:\Documents and Settings\master mark\Application Data\Sskdmns.dll
    C:\Documents and Settings\master mark\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\Documents and Settings\master mark\Local Settings\Temporary Internet Files\CPV.stt
    C:\Documents and Settings\master mark\Local Settings\Temporary Internet Files\sports.ico
    C:\Documents and Settings\master mark\My Documents\DOBE~1
    C:\Program Files\Eroca
    C:\Program Files\NoDNS
    C:\Program Files\NoDNS\UnInstall.exe
    C:\Program Files\QdrPack
    C:\Program Files\QdrPack\dictys.gz
    C:\Program Files\QdrPack\QdrPack16.exe
    C:\Program Files\QdrPack\trgtys.gz
    C:\Program Files\Spcron
    C:\Program Files\Spcron\Spc.dll
    C:\WINDOWS\didduid.ini
    C:\WINDOWS\keyboard161.dat
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\system32\_004727_.tmp.dll
    C:\WINDOWS\system32\_004733_.tmp.dll
    C:\WINDOWS\system32\_004899_.tmp.dll
    C:\WINDOWS\system32\_004900_.tmp.dll
    C:\WINDOWS\system32\_004901_.tmp.dll
    C:\WINDOWS\system32\_004902_.tmp.dll
    C:\WINDOWS\system32\_004909_.tmp.dll
    C:\WINDOWS\system32\_004910_.tmp.dll
    C:\WINDOWS\system32\_004911_.tmp.dll
    C:\WINDOWS\system32\_004913_.tmp.dll
    C:\WINDOWS\system32\_004914_.tmp.dll
    C:\WINDOWS\system32\_004917_.tmp.dll
    C:\WINDOWS\system32\_004918_.tmp.dll
    C:\WINDOWS\system32\_004920_.tmp.dll
    C:\WINDOWS\system32\_004921_.tmp.dll
    C:\WINDOWS\system32\_004922_.tmp.dll
    C:\WINDOWS\system32\_004924_.tmp.dll
    C:\WINDOWS\system32\_004925_.tmp.dll
    C:\WINDOWS\system32\_004927_.tmp.dll
    C:\WINDOWS\system32\_004931_.tmp.dll
    C:\WINDOWS\system32\_004932_.tmp.dll
    C:\WINDOWS\system32\_004934_.tmp.dll
    C:\WINDOWS\system32\_004937_.tmp.dll
    C:\WINDOWS\system32\_004939_.tmp.dll
    C:\WINDOWS\system32\_004940_.tmp.dll
    C:\WINDOWS\system32\_004941_.tmp.dll
    C:\WINDOWS\system32\_004942_.tmp.dll
    C:\WINDOWS\system32\_004943_.tmp.dll
    C:\WINDOWS\system32\_004946_.tmp.dll
    C:\WINDOWS\system32\_004948_.tmp.dll
    C:\WINDOWS\system32\_004949_.tmp.dll
    C:\WINDOWS\system32\_004950_.tmp.dll
    C:\WINDOWS\system32\_004954_.tmp.dll
    C:\WINDOWS\system32\acqpxugq.ini
    C:\WINDOWS\system32\aevhtnvq.dll
    C:\WINDOWS\system32\apyehbth.dll
    C:\WINDOWS\system32\asks~1
    C:\WINDOWS\system32\asrxlsum.dll
    C:\WINDOWS\system32\auto.exe
    C:\WINDOWS\system32\bdkhfttx.dll
    C:\WINDOWS\system32\bgmvqrag.ini
    C:\WINDOWS\system32\bqrfbmrr.dll
    C:\WINDOWS\system32\bquthnka.dll
    C:\WINDOWS\system32\bxakjmdd.dll
    C:\WINDOWS\system32\bxjebqxe.dll
    C:\WINDOWS\system32\Cache
    C:\WINDOWS\system32\cbfacefe.dll
    C:\WINDOWS\system32\cfmxocrt.dll
    C:\WINDOWS\system32\cjuutmkm.dll
    C:\WINDOWS\system32\cmmcogvy.dll
    C:\WINDOWS\system32\comre.1
    C:\WINDOWS\system32\crqjlhjf.dll
    C:\WINDOWS\system32\cyqxevvp.dll
    C:\WINDOWS\system32\dobe~1
    C:\WINDOWS\system32\dobe~1\?dobe\
    C:\WINDOWS\system32\enfjibdi.dll
    C:\WINDOWS\system32\etgxgxfo.ini
    C:\WINDOWS\system32\exvxnarf.dll
    C:\WINDOWS\system32\fdfqkyka.dll
    C:\WINDOWS\system32\fdlgodcx.dll
    C:\WINDOWS\system32\fjhetuwf.ini
    C:\WINDOWS\system32\fmdxohtp.ini
    C:\WINDOWS\system32\fpiwrapb.dll
    C:\WINDOWS\system32\frmwqxnu.ini
    C:\WINDOWS\system32\FTPx.dll
    C:\WINDOWS\system32\fxmyffef.dll
    C:\WINDOWS\system32\garqvmgb.dll
    C:\WINDOWS\system32\gboicryv.dll
    C:\WINDOWS\system32\ghkpfosf.dll
    C:\WINDOWS\system32\giwasffw.ini
    C:\WINDOWS\system32\gjdgfigr.ini
    C:\WINDOWS\system32\gomnlfxm.dll
    C:\WINDOWS\system32\guard.tmp
    C:\WINDOWS\system32\hbvjbyfb.dll
    C:\WINDOWS\system32\help.txt
    C:\WINDOWS\system32\hjcarlod.dll
    C:\WINDOWS\system32\hogxgxtq.dll
    C:\WINDOWS\system32\hyciqqjn.dll
    C:\WINDOWS\system32\ieydoqpf.dll
    C:\WINDOWS\system32\imnwfydb.dll
    C:\WINDOWS\system32\ipv6monr.dll
    C:\WINDOWS\system32\iqcyipyh.dll
    C:\WINDOWS\system32\jljnyjtf.dll
    C:\WINDOWS\system32\jsjhkyaa.dll
    C:\WINDOWS\system32\jtmoxade.dll
    C:\WINDOWS\system32\jvlkdhaq.dll
    C:\WINDOWS\system32\khbjnyis.dll
    C:\WINDOWS\system32\khnibjvh.dll
    C:\WINDOWS\system32\knsvpxwq.dll
    C:\WINDOWS\system32\ldbwldkn.dll
    C:\WINDOWS\system32\lfxpvtxj.dll
    C:\WINDOWS\system32\lmfvbsof.ini
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\mbrbetwo.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mcroso~1.net
    C:\WINDOWS\system32\mcroso~1.net\M?crosoft.NET\
    C:\WINDOWS\system32\mdfciwfi.ini
    C:\WINDOWS\system32\mdwsysri.dll
    C:\WINDOWS\system32\mlkdlkaw.ini
    C:\WINDOWS\system32\mqxnifpu.dll
    C:\WINDOWS\system32\mromvcmi.dll
    C:\WINDOWS\system32\mtqpqhiy.dll
    C:\WINDOWS\system32\mxkiqejf.dll
    C:\WINDOWS\system32\ngbmreno.dll
    C:\WINDOWS\system32\niyesyuj.dll
    C:\WINDOWS\system32\niytyuem.dll
    C:\WINDOWS\system32\nlqkabmb.ini
    C:\WINDOWS\system32\nrfcfift.dll
    C:\WINDOWS\system32\oarmksmd.ini
    C:\WINDOWS\system32\obeyxrwf.dll
    C:\WINDOWS\system32\odcktfcr.ini
    C:\WINDOWS\system32\ofxgxgte.dll
    C:\WINDOWS\system32\ogpkwtxo.dll
    C:\WINDOWS\system32\omfmnxqb.dll
    C:\WINDOWS\system32\oqnfehir.dll
    C:\WINDOWS\system32\pabqtkox.dll
    C:\WINDOWS\system32\pbqiyldy.dll
    C:\WINDOWS\system32\pdifwfan.dll
    C:\WINDOWS\system32\pqwqiqov.dll
    C:\WINDOWS\system32\qsvmtwpe.dll
    C:\WINDOWS\system32\qxkyrily.dll
    C:\WINDOWS\system32\qxpuileb.dll
    C:\WINDOWS\system32\qywdryti.dll
    C:\WINDOWS\system32\rfhbjrys.dll
    C:\WINDOWS\system32\rhhxsphe.ini
    C:\WINDOWS\system32\rhsytdty.dll
    C:\WINDOWS\system32\rqofphdc.dll
    C:\WINDOWS\system32\setdrv32.dll
    C:\WINDOWS\system32\sfadcodh.dll
    C:\WINDOWS\system32\sfpccxre.dll
    C:\WINDOWS\system32\sjwgejul.dll
    C:\WINDOWS\system32\slqbwjxc.ini
    C:\WINDOWS\system32\snmyercn.dll
    C:\WINDOWS\system32\sqnhnvif.ini
    C:\WINDOWS\system32\stwwdxyk.dll
    C:\WINDOWS\system32\tdmaapqm.dll
    C:\WINDOWS\system32\tlidbnmo.ini
    C:\WINDOWS\system32\tnmeovjx.dll
    C:\WINDOWS\system32\tupuga.dll
    C:\WINDOWS\system32\ufvpxvot.ini
    C:\WINDOWS\system32\uncffxbw.ini
    C:\WINDOWS\system32\uqmndxsx.dll
    C:\WINDOWS\system32\uvrrafhx.ini
    C:\WINDOWS\system32\uxvunnbk.ini
    C:\WINDOWS\system32\vwqkputr.dll
    C:\WINDOWS\system32\wcwivebf.dll
    C:\WINDOWS\system32\wduqqyai.ini
    C:\WINDOWS\system32\wlmixigk.ini
    C:\WINDOWS\system32\wpfsovdw.ini
    C:\WINDOWS\system32\wvuurnju.ini
    C:\WINDOWS\system32\xcytluim.dll
    C:\WINDOWS\system32\xhmgetlw.dll
    C:\WINDOWS\system32\xiwdpdrv.ini
    C:\WINDOWS\system32\xrnswpyo.dll
    C:\WINDOWS\system32\xwqyxeva.ini
    C:\WINDOWS\system32\yeyvppqm.dll
    C:\WINDOWS\system32\ypvgnpbw.dll
    C:\WINDOWS\system32\yqacofnq.dll
    C:\WINDOWS\system32\yyaimyfv.dll
    C:\WINDOWS\system32\comre.dll . . . . failed to delete

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NETWORK_MONITOR
    -------\Legacy_NPF
    -------\Legacy_WINDOWS_OVERLAY_COMPONENTS


    ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
    .

    2100-12-07 00:16 . 2005-02-23 22:49 141,334 --a------ C:\WINDOWS\system32\sfg.lib
    2008-06-19 17:13 . 2008-06-19 17:13 256,020 --a------ C:\WINDOWS\system32\hfbhmnje.dll
    2008-06-19 17:13 . 2008-06-19 17:14 356 ---hs---- C:\WINDOWS\system32\ejnmhbfh.ini
    2008-06-19 17:12 . 2008-06-19 17:12 121,364 --a------ C:\WINDOWS\system32\yvqputjp.dll
    2008-06-17 01:02 . 2008-06-17 01:02 <DIR> d-------- C:\Program Files\Veoh Networks
    2008-06-16 23:08 . 2008-06-16 23:08 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-14 22:49 . 2008-06-14 22:49 256,020 --------- C:\WINDOWS\system32\hoopntcy.dll_old
    2008-06-11 02:50 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 20:26 . 2008-06-10 20:26 356 ---hs---- C:\WINDOWS\system32\rirnujnd.ini
    2008-06-10 16:18 . 2008-06-10 16:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-10 16:18 . 2008-06-10 16:18 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-07 20:25 . 2008-06-07 20:25 256,020 --------- C:\WINDOWS\system32\ocsvamfr.dll_old
    2008-06-06 20:25 . 2008-06-06 20:25 256,020 --------- C:\WINDOWS\system32\oyfvtxhl.dll_old
    2008-06-06 11:01 . 2008-06-06 11:45 4,681,455,616 --a------ C:\27DRESSES_WS.ISO
    2008-06-06 10:21 . 2008-06-06 10:50 <DIR> d-------- C:\27DRESSES_WS
    2008-06-05 20:25 . 2008-06-05 20:25 256,020 --------- C:\WINDOWS\system32\tcpfxkfr.dll_old
    2008-06-04 22:25 . 2008-06-04 22:25 <DIR> d-------- C:\VundoFix Backups
    2008-06-03 08:01 . 2008-06-03 08:01 978,413 --a------ C:\WINDOWS\system32\dmerk.dll
    2008-06-02 21:52 . 2008-06-02 21:52 356 ---hs---- C:\WINDOWS\system32\kjajtxia.ini
    2008-06-01 05:52 . 2008-06-01 05:52 356 ---hs---- C:\WINDOWS\system32\gvxbxvre.ini
    2008-05-30 23:57 . 2008-05-30 23:58 <DIR> d-------- C:\Program Files\Garmin
    2008-05-29 17:04 . 2008-05-29 13:35 230,400 -r-hs---- C:\Documents
    2008-05-29 05:44 . 2008-05-29 05:44 978,413 --a------ C:\WINDOWS\system32\enfus.dll
    2008-05-28 11:11 . 2008-05-28 11:11 356 ---hs---- C:\WINDOWS\system32\chuiuuyb.ini
    2008-05-25 23:39 . 2008-05-26 06:17 <DIR> d-------- C:\Documents and Settings\master mark\Application Data\Download Manager
    2008-05-25 23:31 . 2008-05-25 23:31 <DIR> d-------- C:\Documents and Settings\master mark\Application Data\GARMIN
    2008-05-25 23:29 . 2008-05-25 23:29 <DIR> d-------- C:\Program Files\Garmin GPS Plugin
    2008-05-25 23:20 . 2008-05-30 23:58 <DIR> d-------- C:\Garmin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-18 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-17 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 05:51 --------- d-----w C:\Program Files\Opera
    2008-06-16 15:06 --------- d--h--w C:\Documents and Settings\master mark\Application Data\Move Networks
    2008-06-16 05:06 --------- d-----w C:\Program Files\TrojanHunter 4.2
    2008-06-06 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-06-06 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-06 15:50 --------- d-----w C:\Documents and Settings\master mark\Application Data\RipIt4Me
    2008-06-05 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-30 15:32 --------- d-----w C:\Program Files\Common Files\wzqo
    2008-05-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
    2007-12-08 16:35 86,366 --sha-w C:\WINDOWS\system32\ospcont.dat
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 0 2004-02-06 17:29:18 C:\Program Files\321Studios\Platinum\bak\makedir

    ----a-w 145,408 2002-08-29 09:41:26 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe
    ----a-w 158,208 2004-08-04 06:56:54 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{001E82B2-9B4D-4B12-8858-ABCF6D2BE0D9}]
    2001-08-23 18:00 108659 --a------ C:\WINDOWS\System32\comre.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09702BD3-16FA-49FB-98D7-062537702BFc}]
    2008-06-19 17:12 121364 --a------ C:\WINDOWS\system32\yvqputjp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70C872E5-69F5-456f-B809-484106881B7B}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87BC8A7B-230D-428B-9971-3CF9DFA3073A}]
    C:\Program Files\MSN Gaming Zone\fomeres821058.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C63B84A-75F7-745F-F949-71A2E3994AE5}]
    C:\WINDOWS\system32\tupuga.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DCA5BCBE-08A7-4D54-9293-2A0A05E240D4}]
    C:\Program Files\Messenger\labunuw928.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3727275-224F-4AB0-8642-7D461EFB82D8}]
    2007-11-03 05:43 978413 --a------ C:\WINDOWS\system32\bnome.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lxs"="C:\Documents and Settings\master mark\My Documents\?dobe\msconfig.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]
    "combofix"="C:\WINDOWS\system32\CF18730.exe" [2004-08-04 01:56 388608]
    "DllRunning"="C:\WINDOWS\system32\hfbhmnje.dll" [2008-06-19 17:13 256020]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "DIRECWAY TurboPOP"="C:\tpop\tpopservice.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "SFCDisable"=dword:00000004

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bnome]
    bnome.dll 2007-11-03 05:43 978413 C:\WINDOWS\system32\bnome.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ceahf]
    ceahf.dll 2008-01-20 22:58 978413 C:\WINDOWS\system32\ceahf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmhtq]
    cmhtq.dll 2008-04-14 05:33 978413 C:\WINDOWS\system32\cmhtq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddjlq]
    ddjlq.dll 2008-04-15 06:01 978413 C:\WINDOWS\system32\ddjlq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dejpe]
    dejpe.dll 2007-12-12 07:12 978413 C:\WINDOWS\system32\dejpe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmerk]
    dmerk.dll 2008-06-03 08:01 978413 C:\WINDOWS\system32\dmerk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eeppq]
    eeppq.dll 2007-11-06 15:11 978413 C:\WINDOWS\system32\eeppq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ejktp]
    ejktp.dll 2008-04-16 06:28 978413 C:\WINDOWS\system32\ejktp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ejpie]
    ejpie.dll 2008-04-11 04:11 978413 C:\WINDOWS\system32\ejpie.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\enfus]
    enfus.dll 2008-05-29 05:44 978413 C:\WINDOWS\system32\enfus.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Extensions]
    C:\WINDOWS\system32\dktrans.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\femps]
    femps.dll 2007-12-16 09:02 978413 C:\WINDOWS\system32\femps.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\foflr]
    foflr.dll 2008-04-13 05:06 978413 C:\WINDOWS\system32\foflr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gacli]
    gacli.dll 2007-07-05 08:50 978413 C:\WINDOWS\system32\gacli.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gdbvd]
    gdbvd.dll 2007-07-10 08:59 978413 C:\WINDOWS\system32\gdbvd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ggjqo]
    ggjqo.dll 2008-03-10 22:53 978413 C:\WINDOWS\system32\ggjqo.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gjoud]
    gjoud.dll 2007-10-07 20:26 978413 C:\WINDOWS\system32\gjoud.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hjard]
    hjard.dll 2008-04-12 04:38 978413 C:\WINDOWS\system32\hjard.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hjnqe]
    hjnqe.dll 2008-04-10 03:43 978413 C:\WINDOWS\system32\hjnqe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjij]
    ljjkjij.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lpdri]
    lpdri.dll 2008-02-17 13:14 978413 C:\WINDOWS\system32\lpdri.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\melif]
    melif.dll 2008-04-09 03:16 978413 C:\WINDOWS\system32\melif.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mhemf]
    mhemf.dll 2008-03-09 22:25 978413 C:\WINDOWS\system32\mhemf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pbaud]
    pbaud.dll 2007-09-12 18:34 978413 C:\WINDOWS\system32\pbaud.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pdoto]
    pdoto.dll 2008-04-18 07:23 978413 C:\WINDOWS\system32\pdoto.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmbjj]
    pmbjj.dll 2008-02-16 12:47 978413 C:\WINDOWS\system32\pmbjj.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pppif]
    pppif.dll 2008-04-20 12:34 978413 C:\WINDOWS\system32\pppif.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkkkk]
    qomkkkk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\setdrv32]
    setdrv32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
    winmfu32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]
    winrkq32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyxxw]
    yayyxxw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gsvlh.exe]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gsvlh.exe
    backup=C:\WINDOWS\pss\gsvlh.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickPopup.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickPopup.lnk
    backup=C:\WINDOWS\pss\QuickPopup.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk
    backup=C:\WINDOWS\pss\Smart Wizard Wireless Settings.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 04:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    -ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
    C:\WINDOWS\alchem.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Virus Update Scheduler]
    C:\WINDOWS\system32\1.tmp
     
  9. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
    C:\WINDOWS\System32\ujnruuvw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    C:\WINDOWS\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
    C:\Program Files\Bargain Buddy\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
    --a------ 2003-11-05 02:00 20480 C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    --a------ 2002-07-12 03:33 1581056 C:\WINDOWS\mixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\update.exe]
    C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\update.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
    C:\WINDOWS\system32\CF2034.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    C:\WINDOWS\System32\drvwog.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
    C:\WINDOWS\system32\lpeyffnv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2006-10-11 16:38 3335944 C:\PROGRA~1\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
    --------- 2004-09-03 11:14 53248 C:\Program Files\HP DVD\Umbrella\DVDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2007-03-16 07:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eroca]
    C:\Program Files\Eroca\Eroca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\erwghjjrjt]
    c:\windows\system32\drivers\ucbcg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fafkbqpc.exe]
    C:\Documents and Settings\All Users\Application Data\fafkbqpc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    --a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    --a------ 2005-06-24 16:24 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
    C:\WINDOWS\System32\pcnkykga.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
    C:\WINDOWS\System32\qduuhved.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2003-05-15 18:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    C:\Program Files\Internet Optimizer\optimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    C:\Program Files\ISTsvc\istsvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 07:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-06-16 07:03 81920 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j9241631]
    C:\WINDOWS\System32\j9241631.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore]
    C:\Program Files\\JavaCore\\JavaCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kavec]
    C:\WINDOWS\System32\olkkbp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater]
    regsvr32 /s C:\WINDOWS\System32\kdpupd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater (required)]
    regsvr32 /s C:\WINDOWS\System32\KDP0e0a.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
    C:\windows\keyboard16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
    C:\WINDOWS\System32\lsasss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2005-07-19 18:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
    C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    --a------ 2004-09-22 19:20 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
    C:\windows\mousepad16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
    c:\docume~1\master~1\locals~1\temp\msbb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    --a------ 2007-12-18 20:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
    C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --a------ 2004-07-26 20:14 1867776 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndocbn]
    C:\WINDOWS\System32\olkkbp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
    C:\windows\newname16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS]
    C:\Program Files\\NoDNS\\NoDNS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi]
    C:\Program Files\nvcoi\nvcoi.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2003-10-06 15:16 5058560 C:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2003-10-06 15:16 49152 C:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Bidder]
    C:\PROGRA~1\PCBIDD~1\PCBidder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEUSBTip]
    --a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
    regsvr32 /s C:\WINDOWS\System32\sfg_75f7.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --------- 2003-11-10 16:06 406016 C:\WINDOWS\System32\\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up-Blocker]
    --a------ 2003-12-01 02:00 46592 C:\Program Files\Tweak-XP Pro 3\popup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
    C:\Program Files\Power Scan\powerscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
    --a------ 2003-11-02 19:07 615936 c:\program files\powerstrip\pstrip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack16]
    C:\Program Files\QdrPack\QdrPack16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-03-12 00:49 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
    C:\WINDOWS\System32\bridge.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\retadpu1000272.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
    C:\WINDOWS\System32\SahAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    C:\WINDOWS\System32\scchk32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seir]
    C:\WINDOWS\System32\MCROSO~1.NET\csrss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
    C:\WINDOWS\system32\11F.tmp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
    C:\Documents and Settings\master mark\Application Data\Microsoft\Windows\plqvt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
    C:\Documents and Settings\master mark\Application Data\SpeedRunner\SpeedRunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake.com]
    C:\Program Files\SpywareQuake.com\Spyware-Quake.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    C:\Program Files\SurfSideKick 3\Ssk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
    C:\Program Files\TrojanHunter 4.2\THGuard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
    --a------ 2005-07-04 12:56 1142865 C:\Program Files\tunebite\tunebite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2003-05-15 18:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    C:\Program Files\Common files\updmgr\updmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
    --a------ 2005-12-21 10:14 73728 C:\WINDOWS\System32\PCLECoInst.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
    --a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC5Player]
    C:\Program Files\HHVcdV5Sys\VC5Play.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vDrive Plus]
    --a------ 2003-09-13 20:31 20480 C:\Program Files\vDrive Plus\vStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0c18656.dll]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    C:\WINDOWS\wt\updater\wcmdmgrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    C:\Program Files\webHancer\Programs\whagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
    C:\Program Files\webHancer\Programs\whsurvey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
    C:\WINDOWS\System32\wbxffcnu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
    C:\WINDOWS\winlogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
    C:\Documents and Settings\master mark\Application Data\WinTouch\WinTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wzqo]
    C:\PROGRA~1\COMMON~1\wzqo\wzqom.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfhzoxwgs]
    C:\WINDOWS\System32\wmzovnxr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
    --a------ 2006-10-03 13:04 54776 C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "VC5SecS"=2 (0x2)
    "rpcapd"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "ssl"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    R0 jfvfplgh;jfvfplgh;C:\WINDOWS\system32\drivers\qryqdgbj.dat []
    R2 DVDRIVER;DVdriver;C:\WINDOWS\system32\DRIVERS\dvdriver.sys [2004-07-11 08:49]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
    R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
    R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-23 19:31]
    R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-02-28 22:55]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 23:59]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
    R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
    S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys []
    S2 DPC_SRV_TPOP;DIRECWAY TurboPOP;C:\tpop\tpopservice.exe []
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-10-21 10:26]
    S3 DPCNET5U;Satellite USB Driver;C:\WINDOWS\system32\DRIVERS\dpcnet5u.sys []
    S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
    S4 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-19 21:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-19 17:13:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\hfbhmnje.dll 256020 bytes executable
    C:\WINDOWS\system32\ejnmhbfh.ini 356 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jfvfplgh]
    "ImagePath"="system32\drivers\qryqdgbj.dat"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\bnome.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-19 17:23:10 - machine was rebooted [master mark]
    ComboFix-quarantined-files.txt 2008-06-19 22:22:58

    Pre-Run: 26,813,693,440 bytes free
    Post-Run: 26,789,697,536 bytes free

    696 --- E O F --- 2008-06-11 08:06:28
     
  10. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    i had to split up the combo fix log, it was too long. also, i thought i had the recovery console installed. thats why i didnt install like suggested. also, what free virus protection do you suggest. i never thought i needed one.
     
  11. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    That's ok. There is a LOT there and this will not get it all but let's start here.

    Open Notepad and copy and paste the text in the quote box below into it:

    Save the file to you desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]

    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.
     
  12. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    ComboFix 08-06-16.5 - master mark 2008-06-19 18:10:33.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1097 [GMT -5:00]
    Running from: C:\Documents and Settings\master mark\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\master mark\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\chuiuuyb.ini
    C:\WINDOWS\System32\comre.dll
    C:\WINDOWS\system32\drivers\qryqdgbj.dat
    C:\WINDOWS\system32\ejnmhbfh.ini
    C:\WINDOWS\system32\gvxbxvre.ini
    C:\WINDOWS\system32\hfbhmnje.dll
    C:\WINDOWS\system32\hoopntcy.dll_old
    C:\WINDOWS\system32\kjajtxia.ini
    C:\WINDOWS\system32\ocsvamfr.dll_old
    C:\WINDOWS\system32\oyfvtxhl.dll_old
    C:\WINDOWS\system32\rirnujnd.ini
    C:\WINDOWS\system32\tcpfxkfr.dll_old
    C:\WINDOWS\system32\yvqputjp.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Common Files\wzqo
    C:\Program Files\Common Files\wzqo\wzqoa.lck
    C:\Program Files\Common Files\wzqo\wzqod\class-barrel
    C:\Program Files\Common Files\wzqo\wzqoh
    C:\Program Files\Common Files\wzqo\wzqol.lck
    C:\Program Files\Common Files\wzqo\wzqom.lck
    C:\Program Files\Common Files\wzqo\wzqop.lck
    C:\WINDOWS\system32\chuiuuyb.ini
    C:\WINDOWS\System32\comre.dll
    C:\WINDOWS\system32\drivers\qryqdgbj.dat
    C:\WINDOWS\system32\ejnmhbfh.ini
    C:\WINDOWS\system32\gvxbxvre.ini
    C:\WINDOWS\system32\hdgugpoh.ini
    C:\WINDOWS\system32\hfbhmnje.dll
    C:\WINDOWS\system32\hoopntcy.dll_old
    C:\WINDOWS\system32\hopgugdh.dll
    C:\WINDOWS\system32\kjajtxia.ini
    C:\WINDOWS\system32\ocsvamfr.dll_old
    C:\WINDOWS\system32\oyfvtxhl.dll_old
    C:\WINDOWS\system32\rirnujnd.ini
    C:\WINDOWS\system32\sysmygua.dll
    C:\WINDOWS\system32\tcpfxkfr.dll_old
    C:\WINDOWS\system32\yvqputjp.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_JFVFPLGH
    -------\Service_jfvfplgh


    ((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
    .

    2100-12-07 00:16 . 2005-02-23 22:49 141,334 --a------ C:\WINDOWS\system32\sfg.lib
    2008-06-19 19:34 . 2008-06-19 19:34 256,020 --a------ C:\WINDOWS\system32\fqkfjptd.dll
    2008-06-19 19:34 . 2008-06-19 19:34 356 ---hs---- C:\WINDOWS\system32\dtpjfkqf.ini
    2008-06-17 01:02 . 2008-06-17 01:02 <DIR> d-------- C:\Program Files\Veoh Networks
    2008-06-16 23:08 . 2008-06-16 23:08 <DIR> d-------- C:\Program Files\Trend Micro
    2008-06-11 02:50 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-10 16:18 . 2008-06-10 16:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-10 16:18 . 2008-06-10 16:18 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-06 11:01 . 2008-06-06 11:45 4,681,455,616 --a------ C:\27DRESSES_WS.ISO
    2008-06-06 10:21 . 2008-06-06 10:50 <DIR> d-------- C:\27DRESSES_WS
    2008-06-04 22:25 . 2008-06-04 22:25 <DIR> d-------- C:\VundoFix Backups
    2008-06-03 08:01 . 2008-06-03 08:01 978,413 --a------ C:\WINDOWS\system32\dmerk.dll
    2008-05-30 23:57 . 2008-05-30 23:58 <DIR> d-------- C:\Program Files\Garmin
    2008-05-29 17:04 . 2008-05-29 13:35 230,400 -r-hs---- C:\Documents
    2008-05-29 05:44 . 2008-05-29 05:44 978,413 --a------ C:\WINDOWS\system32\enfus.dll
    2008-05-25 23:39 . 2008-05-26 06:17 <DIR> d-------- C:\Documents and Settings\master mark\Application Data\Download Manager
    2008-05-25 23:31 . 2008-05-25 23:31 <DIR> d-------- C:\Documents and Settings\master mark\Application Data\GARMIN
    2008-05-25 23:29 . 2008-05-25 23:29 <DIR> d-------- C:\Program Files\Garmin GPS Plugin
    2008-05-25 23:20 . 2008-05-30 23:58 <DIR> d-------- C:\Garmin

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-18 02:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-17 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-17 05:51 --------- d-----w C:\Program Files\Opera
    2008-06-16 15:06 --------- d--h--w C:\Documents and Settings\master mark\Application Data\Move Networks
    2008-06-16 05:06 --------- d-----w C:\Program Files\TrojanHunter 4.2
    2008-06-06 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-06-06 15:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-06-06 15:50 --------- d-----w C:\Documents and Settings\master mark\Application Data\RipIt4Me
    2008-06-05 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-30 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2002-07-26 22:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
    2007-12-08 16:35 86,366 --sha-w C:\WINDOWS\system32\ospcont.dat
    .

    ((((((((((((((((((((((((((((( [email protected]_17.21.15.59 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-19 22:06:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-19 23:18:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-06-19 22:06:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-06-19 23:19:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-06-19 22:06:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-06-19 23:19:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-06-19 22:06:33 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-19 23:19:09 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-20 00:35:52 121,364 ----a-w C:\WINDOWS\system32\ebkpyohm.dll
    - 2008-06-19 22:08:46 208,183 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
    + 2008-06-19 23:21:21 208,188 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
    - 2008-06-19 22:11:27 61,850 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-06-19 23:24:02 61,850 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-06-19 22:11:27 414,616 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-06-19 23:24:02 414,616 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 0 2004-02-06 17:29:18 C:\Program Files\321Studios\Platinum\bak\makedir

    ----a-w 145,408 2002-08-29 09:41:26 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\bak\MSConfig.exe
    ----a-w 158,208 2004-08-04 06:56:54 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09702BD3-16FA-49FB-98D7-062537702BFc}]
    2008-06-19 19:35 121364 --a------ C:\WINDOWS\system32\ebkpyohm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87BC8A7B-230D-428B-9971-3CF9DFA3073A}]
    C:\Program Files\MSN Gaming Zone\fomeres821058.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3727275-224F-4AB0-8642-7D461EFB82D8}]
    2007-11-03 05:43 978413 --a------ C:\WINDOWS\system32\bnome.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56 158208]
    "DllRunning"="C:\WINDOWS\system32\fqkfjptd.dll" [2008-06-19 19:34 256020]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "DIRECWAY TurboPOP"="C:\tpop\tpopservice.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bnome]
    bnome.dll 2007-11-03 05:43 978413 C:\WINDOWS\system32\bnome.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gsvlh.exe]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gsvlh.exe
    backup=C:\WINDOWS\pss\gsvlh.exeCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickPopup.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickPopup.lnk
    backup=C:\WINDOWS\pss\QuickPopup.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk
    backup=C:\WINDOWS\pss\Smart Wizard Wireless Settings.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^master mark^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
    path=C:\Documents and Settings\master mark\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 04:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    -ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
    C:\Program Files\AIM\aim.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2007-10-04 10:20 50528 C:\Program Files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
    C:\WINDOWS\alchem.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Virus Update Scheduler]
    C:\WINDOWS\system32\1.tmp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
    C:\WINDOWS\System32\ujnruuvw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    C:\WINDOWS\avp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bargains]
    C:\Program Files\Bargain Buddy\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockAds]
    --a------ 2003-11-05 02:00 20480 C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    --a------ 2002-07-12 03:33 1581056 C:\WINDOWS\mixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\update.exe]
    C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\update.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
    C:\WINDOWS\system32\CF2034.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    C:\WINDOWS\System32\drvwog.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
    C:\WINDOWS\system32\lpeyffnv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
    --a------ 2006-10-11 16:38 3335944 C:\PROGRA~1\DAP\DAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
    --------- 2004-09-03 11:14 53248 C:\Program Files\HP DVD\Umbrella\DVDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2007-03-16 07:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eroca]
    C:\Program Files\Eroca\Eroca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\erwghjjrjt]
    c:\windows\system32\drivers\ucbcg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fafkbqpc.exe]
    C:\Documents and Settings\All Users\Application Data\fafkbqpc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
    --a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
    --a------ 2005-06-24 16:24 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
    C:\WINDOWS\System32\pcnkykga.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
    C:\WINDOWS\System32\qduuhved.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    --a------ 2003-05-15 18:41 163840 C:\Program Files\Microsoft IntelliPoint\point32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    C:\Program Files\Internet Optimizer\optimize.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    C:\Program Files\ISTsvc\istsvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    --a------ 2004-06-16 07:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    --a------ 2004-06-16 07:03 81920 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j9241631]
    C:\WINDOWS\System32\j9241631.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JavaCore]
    C:\Program Files\\JavaCore\\JavaCore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kavec]
    C:\WINDOWS\System32\olkkbp.exe
     
  13. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater]
    regsvr32 /s C:\WINDOWS\System32\kdpupd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kazaa Download Accelerator Updater (required)]
    regsvr32 /s C:\WINDOWS\System32\KDP0e0a.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
    C:\windows\keyboard16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]
    C:\WINDOWS\System32\lsasss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    --a------ 2005-07-19 18:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
    C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    --a------ 2004-09-22 19:20 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
    C:\windows\mousepad16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
    c:\docume~1\master~1\locals~1\temp\msbb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    --a------ 2007-12-18 20:47 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
    C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    --a------ 2004-07-26 20:14 1867776 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndocbn]
    C:\WINDOWS\System32\olkkbp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
    C:\windows\newname16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoDNS]
    C:\Program Files\\NoDNS\\NoDNS.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcoi]
    C:\Program Files\nvcoi\nvcoi.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2003-10-06 15:16 5058560 C:\WINDOWS\System32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2003-10-06 15:16 49152 C:\WINDOWS\System32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Bidder]
    C:\PROGRA~1\PCBIDD~1\PCBidder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEUSBTip]
    --a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCShield]
    regsvr32 /s C:\WINDOWS\System32\sfg_75f7.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --------- 2003-11-10 16:06 406016 C:\WINDOWS\System32\\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up-Blocker]
    --a------ 2003-12-01 02:00 46592 C:\Program Files\Tweak-XP Pro 3\popup.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan]
    C:\Program Files\Power Scan\powerscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
    --a------ 2003-11-02 19:07 615936 c:\program files\powerstrip\pstrip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack16]
    C:\Program Files\QdrPack\QdrPack16.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2005-03-12 00:49 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
    C:\WINDOWS\System32\bridge.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\retadpu1000272.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
    C:\WINDOWS\System32\SahAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    C:\WINDOWS\System32\scchk32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seir]
    C:\WINDOWS\System32\MCROSO~1.NET\csrss.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
    C:\WINDOWS\system32\11F.tmp

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
    C:\Documents and Settings\master mark\Application Data\Microsoft\Windows\plqvt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
    C:\Documents and Settings\master mark\Application Data\SpeedRunner\SpeedRunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareQuake.com]
    C:\Program Files\SpywareQuake.com\Spyware-Quake.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    C:\Program Files\SurfSideKick 3\Ssk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
    C:\Program Files\TrojanHunter 4.2\THGuard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
    --a------ 2005-07-04 12:56 1142865 C:\Program Files\tunebite\tunebite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
    --a------ 2003-05-15 18:45 114688 C:\Program Files\Microsoft IntelliType Pro\type32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    C:\Program Files\Common files\updmgr\updmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
    --a------ 2005-12-21 10:14 73728 C:\WINDOWS\System32\PCLECoInst.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
    --a------ 2006-01-23 15:42 196608 C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC5Player]
    C:\Program Files\HHVcdV5Sys\VC5Play.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vDrive Plus]
    --a------ 2003-09-13 20:31 20480 C:\Program Files\vDrive Plus\vStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    --a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0c18656.dll]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
    C:\WINDOWS\wt\updater\wcmdmgrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    C:\Program Files\webHancer\Programs\whagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
    C:\Program Files\webHancer\Programs\whsurvey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
    C:\WINDOWS\System32\wbxffcnu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
    C:\WINDOWS\winlogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
    C:\Documents and Settings\master mark\Application Data\WinTouch\WinTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wzqo]
    C:\PROGRA~1\COMMON~1\wzqo\wzqom.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yfhzoxwgs]
    C:\WINDOWS\System32\wmzovnxr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
    --a------ 2006-10-03 13:04 54776 C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "VC5SecS"=2 (0x2)
    "rpcapd"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "ssl"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    R2 DVDRIVER;DVdriver;C:\WINDOWS\system32\DRIVERS\dvdriver.sys [2004-07-11 08:49]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
    R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
    R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-23 19:31]
    R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2004-02-28 22:55]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 23:59]
    R3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 08:11]
    R3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 08:11]
    S0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys []
    S2 DPC_SRV_TPOP;DIRECWAY TurboPOP;C:\tpop\tpopservice.exe []
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-10-21 10:26]
    S3 DPCNET5U;Satellite USB Driver;C:\WINDOWS\system32\DRIVERS\dpcnet5u.sys []
    S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
    S4 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 21:27]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-19 23:51:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-19 19:35:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\ebkpyohm.dll 121364 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\bnome.dll
    -> C:\WINDOWS\system32\ceahf.dll
    -> C:\WINDOWS\system32\cmhtq.dll
    -> C:\WINDOWS\system32\ddjlq.dll
    -> C:\WINDOWS\system32\dejpe.dll
    -> C:\WINDOWS\system32\dmerk.dll
    -> C:\WINDOWS\system32\eeppq.dll
    -> C:\WINDOWS\system32\ejktp.dll
    -> C:\WINDOWS\system32\ejpie.dll
    -> C:\WINDOWS\system32\enfus.dll
    -> C:\WINDOWS\system32\femps.dll
    -> C:\WINDOWS\system32\foflr.dll
    -> C:\WINDOWS\system32\gacli.dll
    -> C:\WINDOWS\system32\gdbvd.dll
    -> C:\WINDOWS\system32\ggjqo.dll
    -> C:\WINDOWS\system32\gjoud.dll
    -> C:\WINDOWS\system32\hjard.dll
    -> C:\WINDOWS\system32\hjnqe.dll
    -> C:\WINDOWS\system32\lpdri.dll
    -> C:\WINDOWS\system32\melif.dll
    -> C:\WINDOWS\system32\mhemf.dll
    -> C:\WINDOWS\system32\pbaud.dll
    -> C:\WINDOWS\system32\pdoto.dll
    -> C:\WINDOWS\system32\pmbjj.dll
    -> C:\WINDOWS\system32\pppif.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\bnome.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2008-06-19 19:45:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-20 00:45:16
    ComboFix2.txt 2008-06-19 22:23:13

    Pre-Run: 31,105,218,048 bytes free
    Post-Run: 31,082,721,280 bytes free

    499 --- E O F --- 2008-06-11 08:06:28
     
  14. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,082
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Select Files to Delete choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy the entire report and paste it in your next reply with a new hijackthis log.
    Extra Note:

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  15. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:19:35 PM, on 6/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:85
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {09702BD3-16FA-49FB-98D7-062537702BFc} - C:\WINDOWS\system32\cocrnaix.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {87BC8A7B-230D-428B-9971-3CF9DFA3073A} - C:\Program Files\MSN Gaming Zone\fomeres821058.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CIEPl Object - {F3727275-224F-4AB0-8642-7D461EFB82D8} - C:\WINDOWS\system32\bnome.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\kgqdkelo.dll",setvm
    O4 - HKLM\..\RunServices: [DIRECWAY TurboPOP] C:\tpop\tpopservice.exe -start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?41107731fd4f467f8418d9ce7fce54a5
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?41107731fd4f467f8418d9ce7fce54a5
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193565886953
    O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - https://support.gateway.com/eSupport/static/weblaunch/weblaunch2.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: bnome - C:\WINDOWS\SYSTEM32\bnome.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: DIRECWAY TurboPOP (DPC_SRV_TPOP) - Unknown owner - C:\tpop\tpopservice.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 9528 bytes
     
  16. blightfyre

    blightfyre Thread Starter

    Joined:
    Jun 16, 2008
    Messages:
    12
    Malwarebytes' Anti-Malware 1.18
    Database version: 873

    9:43:34 PM 6/20/2008
    mbam-log-6-20-2008 (21-43-34).txt

    Scan type: Quick Scan
    Objects scanned: 42603
    Time elapsed: 6 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 9
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 44

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\wgpfvqhb.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\meedia (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DllRunning (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\fqkfjptd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dtpjfkqf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hphwwrhw.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\whrwwhph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ipjlbwuj.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\juwbljpi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jifftume.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emutffij.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kfrygghs.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\shggyrfk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ofuoumbe.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ebmuoufo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\okhuixme.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emxiuhko.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pkiyrngo.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ognryikp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pqhfmrfy.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yfrmfhqp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qjikbshk.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khsbkijq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qmjwuadn.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ndauwjmq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qnfgaojg.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gjoagfnq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qxmxaihy.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yhiaxmxq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rfhwfgxw.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wxgfwhfr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\splxshwo.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\owhsxlps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thgyvbvn.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvbvyght.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uaoconus.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sunocoau.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\utkyycqs.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sqcyyktu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vowxbmoo.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\oombxwov.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wgpfvqhb.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\bhqvfpgw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yjkhttxa.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axtthkjy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\sysmaqh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/722045