HERE IS THE AWF LOG.
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Mon 08/20/2007
The current time is: 8:04:56.46
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK
06/07/2005 12:46 AM 57,344 apdproxy.exe
1 File(s) 57,344 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
57344 Jun 7 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
end of report
THIS IS THE HIJACKTHIS. LOG
Logfile of HijackThis v1.99.1
Scan saved at 8:30:01 AM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\mavjuual.exe
C:\Program Files\Common Files\AOL\1161728750\ee\AOLSoftware.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\windows\system32\lrdsrngr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rwinsmdt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\anna\Desktop\applications\fix computer\HijackThis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [mavjuual] C:\WINDOWS\System32\mavjuual.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161728750\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [{3B-B0-0B-BC-ZN}] c:\windows\system32\lrdsrngr.exe CHD003
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\rwinsmdt.exe CHD003
O4 - HKCU\..\Run: [mavjuual] C:\WINDOWS\System32\mavjuual.exe
O4 - HKCU\..\Run: [Scsb] "C:\DOCUME~1\anna\MYDOCU~1\SSTEM3~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [Mxkgud] "C:\Program Files\??pPatch\n?pdb.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lrdsrngr.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinsmdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 6504367468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 6504204625
O20 - AppInit_DLLs:
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)
THIS IS THE COMBOFIX LOG.
ComboFix 07-08-17.2 - "anna" 2007-08-19 20:26:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.54 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\anna\APPLIC~1.\asembl~1
C:\DOCUME~1\anna\APPLIC~1\..\err.log
C:\DOCUME~1\anna\APPLIC~1\install.dat
C:\DOCUME~1\anna\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\anna\APPLIC~1\WinTouch\WTUninstaller.exe
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\filter.drv
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\IExpl32d.exe
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\MSIEHelper.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx475a.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx482b.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx531e.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx64ew.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx66b.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx71ctw.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx72ctw.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx75ctw.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx76ctw.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx78ctw.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\filters\prx80w.dll
C:\DOCUME~1\anna\LOCALS~1\APPLIC~1.\microsoft\internet explorer\prndrv.dll
C:\DOCUME~1\anna\MYDOCU~1.\sstem3~1
C:\DOCUME~1\anna\MYDOCU~1.\sstem3~1\mmc.exe
C:\DOCUME~1\anna\MYDOCU~1.\sstem3~1\s?stem32\
C:\DOCUME~1\anna\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\anna\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\anna\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\DOCUME~1\anna\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log
C:\Program Files\Common Files\WinAntiSpyware 2007\j.exe
C:\Program Files\Common Files\winantispyware 2007\j.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\ComPlus Applications\lavumave.dll
C:\Program Files\ComPlus Applications\lavumave741.dll
C:\Program Files\ComPlus Applications\profsybypru.html
C:\Program Files\inetget2
C:\Program Files\Online Services\hory22011.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ppatch~1
C:\Program Files\ppatch~1\n?pdb.exe
C:\Program Files\spysheriff
C:\Program Files\spysheriff\Uninstall.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\stem~1
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000018_.tmp.dll
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_files.cfg
C:\WINDOWS\system32\drivers\hd_proc.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hd_self.cfg
C:\WINDOWS\system32\drivers\hflt_ipf.sys
C:\WINDOWS\system32\drivers\runtime2.sy_
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\ewpncfhq.dll
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\H1
C:\WINDOWS\system32\H1\dl22011.exe
C:\WINDOWS\system32\ipv6mons.dll
C:\WINDOWS\system32\jerh.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pmnkiji.dll
C:\WINDOWS\system32\rqrrrol.dll
C:\WINDOWS\system32\rwinsmdt.exe
C:\WINDOWS\system32\sklitfgr.dll
C:\WINDOWS\system32\ujxhxheg.dll
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vteciybu.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\system32\wvuutut.dll
C:\WINDOWS\system32\xxyyxus.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\tk58.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\winhp32.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_HFLT_IPF
-------\LEGACY_NDNET1
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_QTSJXIGW
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\LEGACY_UXSPXVEL
-------\cmdService
-------\hflt_ipf
-------\qtsjxigw
-------\uxspxvel
((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))
2007-08-19 20:24 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-19 20:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-17 11:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-08-16 15:46 43,542 --a------ C:\WINDOWS\system32\nnnkjif.dll
2007-08-16 03:00 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-08-16 03:00 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-08-16 03:00 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-08-15 16:01 52,758 --a------ C:\WINDOWS\system32\lrdsrngr.exe
2007-08-15 12:46 43,542 --a------ C:\WINDOWS\system32\qommjki.dll
2007-08-15 10:31 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\NetMon
2007-08-15 10:30 43,542 --a------ C:\WINDOWS\system32\rqrpqpm.dll
2007-08-15 10:30 43,542 --------- C:\WINDOWS\system32\tuvwvtq.dll
2007-08-15 10:30 <DIR> d--hs---- C:\WINDOWS\bkVX
2007-08-15 10:30 <DIR> d-------- C:\WINDOWS\system32\tmps9
2007-08-15 10:30 <DIR> d-------- C:\WINDOWS\system32\chkconfig
2007-08-15 10:30 <DIR> d-------- C:\Temp
2007-08-15 09:01 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2007-08-15 09:01 433,152 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-08-15 09:01 166,656 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2007-08-15 08:38 971,264 --a------ C:\WINDOWS\system32\msgina.dll
2007-08-15 08:38 681,984 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-08-15 08:38 595,968 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-08-15 08:38 51,712 --a------ C:\WINDOWS\system32\msasn1.dll
2007-08-15 08:38 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2007-08-15 08:38 260,608 --a------ C:\WINDOWS\system32\gdi32.dll
2007-08-15 08:38 136,704 --a------ C:\WINDOWS\system32\schannel.dll
2007-08-15 08:37 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-08-14 16:06 <DIR> d-------- C:\Program Files\WinBudget
2007-08-10 07:21 79,872 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-08-09 14:48 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-08-07 15:49 32,512 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-08-07 15:49 3,584 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-08-07 15:49 29,696 --a------ C:\WINDOWS\system32\asr_pfu.exe
2007-08-07 15:49 12,288 --a------ C:\WINDOWS\system32\encapi.dll
2007-08-07 15:49 10,752 --a------ C:\WINDOWS\system32\spiisupd.exe
2007-08-07 15:48 97,792 --a------ C:\WINDOWS\system32\mqtgsvc.exe
2007-08-07 15:48 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-08-07 15:48 88,576 --a------ C:\WINDOWS\system32\mqsec.dll
2007-08-07 15:48 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2007-08-07 15:48 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-08-07 15:48 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2007-08-07 15:48 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-08-07 15:48 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2007-08-07 15:48 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2007-08-07 15:48 67,456 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2007-08-07 15:48 61,440 --a------ C:\WINDOWS\system32\openfiles.exe
2007-08-07 15:48 608,768 --a------ C:\WINDOWS\system32\mqqm.dll
2007-08-07 15:48 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2007-08-07 15:48 57,856 --a------ C:\WINDOWS\system32\nwwks.dll
2007-08-07 15:48 55,808 --a------ C:\WINDOWS\system32\mqlogmgr.dll
2007-08-07 15:48 55,296 --a------ C:\WINDOWS\system32\logman.exe
2007-08-07 15:48 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2007-08-07 15:48 488,960 --a------ C:\WINDOWS\system32\gpedit.dll
2007-08-07 15:48 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2007-08-07 15:48 47,616 --a------ C:\WINDOWS\system32\eventcreate.exe
2007-08-07 15:48 467,456 --a------ C:\WINDOWS\system32\mqutil.dll
2007-08-07 15:48 45,056 --a------ C:\WINDOWS\system32\cipher.exe
2007-08-07 15:48 44,544 --a------ C:\WINDOWS\system32\mqupgrd.dll
2007-08-07 15:48 44,032 --a------ C:\WINDOWS\system32\mqdscli.dll
2007-08-07 15:48 403,456 --a------ C:\WINDOWS\system32\winbrand.dll
2007-08-07 15:48 4,608 --a------ C:\WINDOWS\system32\mqsvc.exe
2007-08-07 15:48 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-07 15:48 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-08-07 15:48 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2007-08-07 15:48 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2007-08-07 15:48 27,136 --a------ C:\WINDOWS\system32\asr_fmt.exe
2007-08-07 15:48 24,576 --a------ C:\WINDOWS\system32\efsadu.dll
2007-08-07 15:48 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2007-08-07 15:48 23,040 --a------ C:\WINDOWS\system32\proxycfg.exe
2007-08-07 15:48 218,112 --a------ C:\WINDOWS\system32\sbe.dll
2007-08-07 15:48 214,016 --a------ C:\WINDOWS\system32\mqoa.dll
2007-08-07 15:48 187,904 --a------ C:\WINDOWS\system32\xpsp1res.dll
2007-08-07 15:48 183,808 --a------ C:\WINDOWS\system32\gptext.dll
2007-08-07 15:48 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-08-07 15:48 172,032 --a------ C:\WINDOWS\system32\mssap.dll
2007-08-07 15:48 17,408 --a------ C:\WINDOWS\system32\mqbkup.exe
2007-08-07 15:48 165,888 --a------ C:\WINDOWS\system32\mqrt.dll
2007-08-07 15:48 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2007-08-07 15:48 16,896 --a------ C:\WINDOWS\system32\secedit.exe
2007-08-07 15:48 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2007-08-07 15:48 156,544 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2007-08-07 15:48 155,648 --a------ C:\WINDOWS\system32\encdec.dll
2007-08-07 15:48 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2007-08-07 15:48 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2007-08-07 15:48 115,200 --a------ C:\WINDOWS\system32\mqrtdep.dll
2007-08-07 15:48 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-08-07 15:48 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2007-08-07 15:48 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2007-08-07 15:48 110,080 --a------ C:\WINDOWS\system32\sbeio.dll
2007-08-07 15:48 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2007-08-07 15:48 1,135,616 --a------ C:\WINDOWS\system32\ntbackup.exe
2007-08-07 15:46 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll
2007-08-07 15:46 995,383 --a------ C:\WINDOWS\system32\mfc42.dll
2007-08-07 15:46 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2007-08-07 15:46 99,840 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-08-07 15:46 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-08-07 15:46 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2007-08-07 15:46 94,720 --a------ C:\WINDOWS\system32\dmusic.dll
2007-08-07 15:46 92,160 --a------ C:\WINDOWS\system32\krnl386.exe
2007-08-07 15:46 91,648 --a------ C:\WINDOWS\system32\loadperf.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-19 20:38 --------- d-------- C:\Program Files\Online Services
2007-08-19 20:05 76288 --a------ C:\WINDOWS\system32\mgkamgk.dll
2007-08-17 10:08 17024 --a------ C:\WINDOWS\system32\drivers\yggdxyqj.sys
2007-08-15 16:08 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-15 09:13 43520 --a------ C:\WINDOWS\system32\conrekwl.dll
2007-08-13 08:34 64512 --a------ C:\WINDOWS\system32\jrvcbuto.dll
2007-08-09 15:05 --------- d-------- C:\Program Files\Messenger
2007-08-07 16:04 --------- d-------- C:\Program Files\Windows NT
2007-08-07 16:04 --------- d-------- C:\Program Files\Movie Maker
2007-08-07 08:37 751616 --a------ C:\WINDOWS\system32\xrxbkits.dll
2007-08-03 08:54 --------- d-------- C:\Program Files\Common Files\Intuit
2007-08-03 08:53 --------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-08-03 08:46 --------- d-------- C:\Program Files\vplaces
2007-08-01 15:20 --------- d-------- C:\Program Files\Yahoo!
2007-07-26 15:23 --------- d-------- C:\Program Files\Mahjong Jade Expedition
2007-07-20 09:52 94208 --a------ C:\WINDOWS\system32\yyofmlca(2).dll
2007-07-20 09:52 63488 --a------ C:\WINDOWS\system32\jrvcbuto(2).dll
2007-07-20 09:52 41984 --a------ C:\WINDOWS\system32\hrqmtzrp(2).dll
2007-07-20 09:52 121856 --a------ C:\WINDOWS\system32\qkdwzgjk(6).dll
2007-07-13 07:06 12416 --a------ C:\WINDOWS\system32\drivers\yggdxyqj(2).sys
2007-07-11 08:49 --------- d-------- C:\DOCUME~1\anna\APPLIC~1\MSN6
2007-07-06 08:54 123392 --a------ C:\WINDOWS\system32\qkdwzgjk(9).dll
2007-07-06 08:54 123392 --a------ C:\WINDOWS\system32\qkdwzgjk(8).dll
2007-07-06 08:54 123392 --a------ C:\WINDOWS\system32\qkdwzgjk(7).dll
2007-07-03 10:57 --------- d-------- C:\Program Files\AIM6
2007-07-02 08:33 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-29 13:47 --------- d-------- C:\Program Files\Jasc Software Inc
2007-06-29 13:46 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-29 08:35 65024 --a------ C:\WINDOWS\system32\jrvcbuto(3).dll
2007-06-29 08:35 39424 --a------ C:\WINDOWS\system32\hrqmtzrp(5).dll
2007-06-29 08:35 39424 --a------ C:\WINDOWS\system32\hrqmtzrp(4).dll
2007-06-29 08:35 39424 --a------ C:\WINDOWS\system32\hrqmtzrp(3).dll
2007-06-21 13:12 --------- d-------- C:\Program Files\MSN Games
2007-06-18 08:51 684567 --a------ C:\WINDOWS\system32\libeay32.dll
2007-06-18 08:51 147729 --a------ C:\WINDOWS\system32\libssl32.dll
2007-06-18 08:48 750592 --a------ C:\WINDOWS\system32\xrxbkits(7).dll
2007-06-18 08:48 750592 --a------ C:\WINDOWS\system32\xrxbkits(6).dll
2007-06-18 08:48 750592 --a------ C:\WINDOWS\system32\xrxbkits(5).dll
2007-06-18 08:22 92672 --a------ C:\WINDOWS\system32\yyofmlca(5).dll
2007-06-18 08:22 92672 --a------ C:\WINDOWS\system32\yyofmlca(4).dll
2007-06-18 08:22 92672 --a------ C:\WINDOWS\system32\yyofmlca(3).dll
2007-06-18 08:22 750592 --a------ C:\WINDOWS\system32\xrxbkits(3).dll
2007-06-18 08:22 140288 --a------ C:\WINDOWS\system32\qkdwzgjk(5).dll
2007-05-31 08:22 684567 --a------ C:\WINDOWS\system32\libeay32(3).dll
2007-05-31 08:22 147729 --a------ C:\WINDOWS\system32\libssl32(3).dll
2007-05-30 08:09 750592 --a------ C:\WINDOWS\system32\xrxbkits(2).dll
2007-05-30 08:09 122368 --a------ C:\WINDOWS\system32\qkdwzgjk(2).dll
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\bkVX\v4pr.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06203B78-837C-4063-BF7D-63AB25EBB469}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F1B11D1-25E0-4A3D-A0A0-9F88AA167D27}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F1FD07-9F94-481F-9D48-6C1031720095}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1771F6B9-5FA6-4CA7-9DDF-76A64F65BF7E}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A6FA265-BAE5-4DD7-889A-08AC9F1C4B7B}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2DFEC3-D83B-466D-B350-FF41F7F91CCE}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CFF73C9-AEF5-4E80-B8B1-5BC3577BB39B}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25B52E74-E9D3-45A6-A2A9-D480D92B93B7}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2962413C-E9B8-4090-BC43-9747949A9972}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C474378-82D5-4C91-BEB3-75BA270135BA}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DFC0242-6631-4A27-8EE3-51AFEFFD2D73}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{303B02A9-0441-4025-8AFC-27B10F3B396E}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35720027-E062-474C-B3B8-21252BB8AFC5}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D54E7BA-0127-4A94-96DE-629BDBD8EB8C}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46C38867-99B5-42D4-99DF-FF08DF45B07E}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49A27C3B-332D-4CFE-A56D-09E8F5605CD3}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B58B2BB-8106-49E8-B381-143C0ABEF2F4}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FF273EC-ED80-4EE7-B226-C71FC333CF5F}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55E8C715-6A63-4A0F-B202-E765890941B8}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56915FDB-C76B-434E-9840-2B48729972EC}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5711FB03-8861-4089-B7AF-BBB46A682357}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]
2007-08-15 10:30 43542 --------- C:\WINDOWS\System32\tuvwvtq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{591C8375-01B4-4DD3-AF61-7A485CAD1B34}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64D712D1-84D9-281C-CE7D-32439D631863}]
2007-03-29 11:04 10240 --a------ C:\WINDOWS\system\bpmtcs32.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C48846-FE00-4669-BC29-C39B6DB01E33}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{720E190D-CF3D-4459-B3C8-B648CD582F5D}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B5FF37A-7FDA-4B4C-A090-42B2A895FC0E}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CD094AB-EEB0-4AD4-B55A-A001C7C218ED}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F9B1CD6-3EE7-46FD-B616-545AF70D2AA2}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87B925C6-B69B-4F1A-8997-B352E6BBA682}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ADC3CBD-6FAB-4773-BC6A-446F489191DC}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B7FE812-5458-497D-8771-1FA6C73231E7}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D412E38-EFA7-4B8F-8022-DEEA52AAD4D5}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9422AC7B-BE7E-41A5-A56B-F6CFCDF21C7B}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95882480-2E0B-473A-B507-AA1BB8D45BA6}]
2007-08-13 08:34 64512 --a------ c:\windows\system32\jrvcbuto.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95F1FB4F-BFE7-483E-B71B-427CADEC3E29}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D2777CD-F812-4B44-B548-1698011DA9E4}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E8D2E39-48B5-4272-B49D-A102B58124FD}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A240E485-B800-4FB7-A0CF-C498165BED9A}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5001AFE-D7F4-4DE0-AD75-C71A633401D2}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6F94888-7FCF-414C-8C5B-021A679D5C4F}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A91D010E-DEF7-4D79-808A-108169EE2387}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE1409A0-A2BA-4A6C-816F-288A577113E5}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF76DB65-C423-4813-973C-E83167CF8B25}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98AB7AF-4870-4154-8D11-662458D2643D}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C72FD44E-C6EE-482A-BAAF-4C68ACF163B6}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFC731D7-AC8F-4D54-86B9-12B6EE78172D}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D34299E9-3AEE-4935-AAA2-7FA2B6DB8311}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDD75832-AF5B-49A7-AF7A-772C3253D010}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72D207F-9D6A-4D95-A948-68EA4CFD5569}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB2B20BB-DA2E-4FFA-B099-1DADAB3E7AB9}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F395538D-5594-4663-B9FD-318F1F58297F}]
2007-08-19 20:05 76288 --a------ c:\windows\system32\mgkamgk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59]
"mavjuual"="C:\WINDOWS\System32\mavjuual.exe" [2007-03-29 11:04]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 00:41]
"HostManager"="C:\Program Files\Common Files\AOL\1161728750\ee\AOLSoftware.exe" [2006-05-09 17:24]
"svhost"="C:\WINDOWS\svhost.exe" []
"{3B-B0-0B-BC-ZN}"="C:\WINDOWS\system32\lrdsrngr.exe" [2007-08-15 16:01]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mavjuual"="C:\WINDOWS\System32\mavjuual.exe" [2007-03-29 11:04]
"Uniblue SpeedUpMyPC"="" []
"Scsb"="C:\DOCUME~1\anna\MYDOCU~1\SSTEM3~1\mmc.exe" []
"Mxkgud"="C:\Program Files\??pPatch\n?pdb.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\ComPlus Applications\profsybypru.html
FriendlyName=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\System32\tuvwvtq.dll [2007-08-15 10:30 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvtq]
tuvwvtq.dll 2007-08-15 10:30 43542 C:\WINDOWS\system32\tuvwvtq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anna^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\anna\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anna^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\anna\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US
ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 avipbb;avipbb;C:\WINDOWS\System32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - QTSJXIGW
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Webcam Enhance V2.1]
C:\WINDOWS\runtfs32.exe
Contents of the 'Scheduled Tasks' folder
2007-08-16 23:14:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-06 23:08:59 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-20 07:57:51
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-20 7:59:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 07:59
--- E O F ---