ok I followed your steps and here is the SDfix, ComboFix, and the hijackthis logs in that order. Thank you soo much for helping me. I hope i did it right.
SDFix: Version 1.115
Run by Scotty Faghem on Tue 11/27/2007 at 04:28 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\X.DAT - Deleted
C:\Z.DAT - Deleted
C:\Documents and Settings\Scotty Faghem\.housecall6.6\Quarantine\WinAntiVirus Pro 2007 v5.0.277.4 Patch.zip.bac_a02136 - Deleted
C:\Documents and Settings\Scotty Faghem\x.dat - Deleted
C:\Documents and Settings\Scotty Faghem\z.dat - Deleted
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\DOCUME~1\SCOTTY~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\n.bat - Deleted
C:\WINDOWS\b111.exe - Deleted
C:\WINDOWS\b143.exe - Deleted
C:\WINDOWS\csrss.exe - Deleted
C:\WINDOWS\Fonts\Crack.exe - Deleted
C:\WINDOWS\Fonts\Setup.exe - Deleted
C:\WINDOWS\mrofinu1188.exe - Deleted
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 118,336 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 2608 File(s) 130,830,156 bytes - Deleted
x.dat and z.dat data copied to \SDFix\Data.txt
Folder C:\Program Files\Temporary - Removed
Folder C:\WINDOWS\Fonts\' - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-27 16:39:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1925265 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 935 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll 1712128 bytes executable
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\WinSxS\Manifests
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 7232 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 1819 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.cat 10971 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a.Manifest 1822 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 7238 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 640 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.cat 7431 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest 1237 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat 7431 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest 397 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest 1877 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest 1177 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.cat 7429 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.Manifest 460 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 1784 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 391 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 7236 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat 7433 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest 1862 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.cat 8339 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03.Manifest 1862 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 7238 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 494 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.cat 7433 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest 500 bytes
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 7236 bytes
C:\WINDOWS\WinSxS\Policies
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.cat 7431 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy 605 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.cat 7431 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy 623 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy 641 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy 641 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.cat 10971 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68\6.0.9792.0.Policy 644 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.cat 7429 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy 621 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.cat 8335 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2982.Policy 621 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.cat 7433 bytes
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy 623 bytes
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll 74802 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll 995383 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll 1011774 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll 401462 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 921088 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 1050624 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 1054208 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 50688 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll 322560 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll 54784 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll 343040 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 1700352 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll 853504 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll 991232 bytes executable
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll 132096 bytes executable
C:\WINDOWS\WMFDist11.log 25284 bytes
C:\WINDOWS\wmp11.log 15496 bytes
C:\WINDOWS\wmsetup.log 140831 bytes
C:\WINDOWS\wmsetup10.log 1189 bytes
C:\WINDOWS\WMSysPr8.prx 156910 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\Wudf01000Inst.log 9450 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\_delis32.ini 816 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 104
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Westwood\\SUN\\GAME.EXE"="C:\\Westwood\\SUN\\GAME.EXE:*:Enabled:Main executable for Tiberian Sun"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:SIGSPat"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\SIERRA\\Half-Life\\voice_tweak.exe"="C:\\SIERRA\\Half-Life\\voice_tweak.exe:*:Enabled:voice_tweak"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\half-life\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\lostcoast\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\lostcoast\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\scottydub\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Westwood\\Renegade\\Game.exe"="C:\\Westwood\\Renegade\\Game.exe:*:Enabled:Renegade"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\system32\\hlpdadgm.exe"="C:\\WINDOWS\\system32\\hlp"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\WINDOWS\\system32\\rbgrpand.exe"="C:\\WINDOWS\\system32\\rbg"
"C:\\WINDOWS\\system32\\pwctjorq.exe"="C:\\WINDOWS\\system32\\pwc"
"C:\\WINDOWS\\system32\\ukegmqtx.exe"="C:\\WINDOWS\\system32\\uke"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 21 Nov 2007 457,569 ..SH. --- "C:\WINDOWS\system32\qqstv.bak1"
Tue 27 Nov 2007 465,662 ..SH. --- "C:\WINDOWS\system32\qqstv.bak2"
Tue 27 Nov 2007 20,812 ..SH. --- "C:\WINDOWS\system32\zcngpxqi.dllbox"
Wed 12 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 27 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Scotty Faghem\Local Settings\Temp\ico1.tmp"
Tue 27 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Scotty Faghem\Local Settings\Temp\ico2.tmp"
Tue 27 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Scotty Faghem\Local Settings\Temp\ico3.tmp"
Tue 27 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Scotty Faghem\Local Settings\Temp\ico4.tmp"
Tue 27 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Scotty Faghem\Local Settings\Temp\ico5.tmp"
Mon 20 Mar 2006 444 A..HR --- "C:\Documents and Settings\Scotty Faghem\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 21 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Tue 21 Nov 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Finished!
ComboFix 07-11-19.4 - Scotty Faghem 2007-11-27 16:56:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.695 [GMT -7:00]
Running from: C:\Documents and Settings\Scotty Faghem\Desktop\malware removal\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Scotty Faghem\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Scotty Faghem\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Scotty Faghem\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\fuhlxvse.exe
C:\WINDOWS\system32\igsgibws.exe
C:\WINDOWS\system32\jfdtfkks.exe
C:\WINDOWS\system32\mqknyejj.exe
C:\WINDOWS\system32\qmjghjbv.exe
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\zcngpxqi.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-27 17:03 414 ---hs---- C:\WINDOWS\system32\zcngpxqi.dllbox
2007-11-27 15:32 85,056 --a------ C:\WINDOWS\system32\ejnwyjam.dll
2007-11-27 15:32 354 --ahs---- C:\WINDOWS\system32\majywnje.ini
2007-11-27 01:20 144,480 --a------ C:\WINDOWS\system32\zcngpxqi.dll
2007-11-27 01:20 144,480 --a------ C:\WINDOWS\system32\bwnpmsrg.dll
2007-11-26 16:36 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-26 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 16:35 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-26 16:19 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-26 16:19 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-26 16:19 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-26 16:19 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-26 16:19 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-26 16:19 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-26 16:19 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-26 16:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-26 16:18 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-26 16:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-26 14:26 85,056 --a------ C:\WINDOWS\system32\vfyfqvtc.dll
2007-11-26 14:26 294 --ahs---- C:\WINDOWS\system32\ctvqfyfv.ini
2007-11-26 14:23 80,960 --a------ C:\WINDOWS\system32\dqumbixr.dll
2007-11-25 21:09 <DIR> d-------- C:\Documents and Settings\Scotty Faghem\Application Data\Viewpoint
2007-11-25 20:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 20:37 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-25 20:37 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-25 20:37 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-25 20:37 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 14:25 294 --ahs---- C:\WINDOWS\system32\edstlfkv.ini
2007-11-25 14:24 85,056 --a------ C:\WINDOWS\system32\vkfltsde.dll
2007-11-25 14:19 71,232 --a------ C:\WINDOWS\system32\bbbwiyvt.exe
2007-11-23 05:46 83,520 --a------ C:\WINDOWS\system32\qxefaxpx.dll
2007-11-23 05:40 294 --ahs---- C:\WINDOWS\system32\qygccmnj.ini
2007-11-23 05:39 85,056 --a------ C:\WINDOWS\system32\jnmccgyq.dll
2007-11-22 13:12 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-22 05:44 79,936 --a------ C:\WINDOWS\system32\mxvxbpvh.dll
2007-11-22 05:38 474 --ahs---- C:\WINDOWS\system32\jtshyjfh.ini
2007-11-22 05:35 71,232 --a------ C:\WINDOWS\system32\nnmxbsos.exe
2007-11-21 05:38 414 --ahs---- C:\WINDOWS\system32\wfpxqtki.ini
2007-11-21 05:35 71,232 --a------ C:\WINDOWS\system32\noshcaak.exe
2007-11-19 15:08 83,008 --a------ C:\WINDOWS\system32\xrebnjhe.dll
2007-11-19 15:05 71,232 --a------ C:\WINDOWS\system32\qkuobwtr.exe
2007-11-18 22:03 144,480 --a------ C:\WINDOWS\system32\qbpxlaed.dll
2007-11-18 21:57 79,424 --a------ C:\WINDOWS\system32\qjkmmqdy.dll
2007-11-18 21:54 71,232 --a------ C:\WINDOWS\system32\rbgrpand.exe
2007-11-18 21:54 354 --ahs---- C:\WINDOWS\system32\kpxoeqxo.ini
2007-11-17 21:43 144,480 --a------ C:\WINDOWS\system32\spfvmyla.dll
2007-11-17 15:07 82,496 --a------ C:\WINDOWS\system32\epupmfce.dll
2007-11-17 01:37 144,480 --a------ C:\WINDOWS\system32\ecnoslmj.dll
2007-11-16 15:04 71,232 --a------ C:\WINDOWS\system32\ybmyxlvj.exe
2007-11-16 13:46 144,480 --a------ C:\WINDOWS\system32\rmjtrmhe.dll
2007-11-15 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 15:12 669,431 --ahs---- C:\WINDOWS\system32\orensrhl.ini
2007-11-15 15:12 85,056 --a------ C:\WINDOWS\system32\lhrsnero.dll
2007-11-15 15:04 71,232 --a------ C:\WINDOWS\system32\fdkiecwo.exe
2007-11-13 19:34 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-13 18:39 669,003 --ahs---- C:\WINDOWS\system32\sbhnaout.ini
2007-11-13 18:36 71,232 --a------ C:\WINDOWS\system32\pvjmdbxn.exe
2007-11-13 18:11 <DIR> d-------- C:\Documents and Settings\Scotty Faghem\.housecall6.6
2007-11-12 13:25 81,472 --a------ C:\WINDOWS\system32\xjnlsnqt.dll
2007-11-12 13:16 590,356 --ahs---- C:\WINDOWS\system32\vtiqdcwg.ini
2007-11-11 20:39 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-11-11 20:39 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-11-11 20:39 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-11-11 20:12 <DIR> d-------- C:\temp_dvd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 03:34 --------- d-----w C:\Program Files\MySpace
2007-11-25 21:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 22:12 --------- d-----w C:\Program Files\Shareaza
2007-11-12 03:42 0 ---h--r C:\28645308.Dat
2007-10-17 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-04 02:52 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-04 02:46 --------- d-----w C:\Program Files\EA Games
2007-09-28 06:51 --------- d--h--w C:\Documents and Settings\Scotty Faghem\Application Data\Move Networks
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05C365ED-686D-4EFC-AD30-3395E66AD0C2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{128C242E-CD9C-4612-8C83-238F99EE2957}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50375C08-9280-4CF9-8543-811B8AE80EC5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53862EFD-0255-47CB-B2FE-8979FB24C1B0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7661F952-10C2-4D92-891B-AB4499106A86}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80E11011-E42B-4318-9F98-2B05D2700332}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-27 01:20 144480 --a------ C:\WINDOWS\system32\zcngpxqi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2B31159-63B8-42DA-B42C-5834E627116D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8aa488f-d147-4f7c-bbad-1689f71fd460}]
2007-11-27 14:21 78912 --a------ C:\WINDOWS\system32\tmybqmor.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E62154E5-9413-475C-B29A-2BF3585775EC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7236607-2D63-4704-B599-EC774AF30721}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zcngpxqi.dll [2007-11-27 01:20 144480]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-11-15 15:03]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 20:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Insider"="C:\Program Files\Insider\Insider.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-03 20:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"20a9da35"="C:\WINDOWS\system32\oxqeoxpk.dll" []
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 04:06]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"winlogon"="C:\WINDOWS\csrss.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-04 15:22:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ommovukj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuutuu]
vtuutuu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ysikmkpw]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ywnmccaz]
ywnmccaz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zcngpxqi]
zcngpxqi.dll 2007-11-27 01:20 144480 C:\WINDOWS\system32\zcngpxqi.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqq.dll
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sys
R2 WUSB54GSCSVC;WUSB54GSCSVC;"C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe"
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-27 17:04:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsUpdate.log 1928111 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\wininit.ini 935 bytes
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 25284 bytes
C:\WINDOWS\wmp11.log 15496 bytes
C:\WINDOWS\wmsetup.log 140831 bytes
C:\WINDOWS\wmsetup10.log 1189 bytes
C:\WINDOWS\WMSysPr8.prx 156910 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\Wudf01000Inst.log 9450 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\_delis32.ini 816 bytes
scan completed successfully
hidden files: 18
**************************************************************************
.
Completion time: 2007-11-27 17:07:24 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:06 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\FindVundo.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {05C365ED-686D-4EFC-AD30-3395E66AD0C2} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {128C242E-CD9C-4612-8C83-238F99EE2957} - (no file)
O2 - BHO: (no name) - {50375C08-9280-4CF9-8543-811B8AE80EC5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7661F952-10C2-4D92-891B-AB4499106A86} - (no file)
O2 - BHO: (no name) - {80E11011-E42B-4318-9F98-2B05D2700332} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zcngpxqi.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2B31159-63B8-42DA-B42C-5834E627116D} - (no file)
O2 - BHO: {064df17f-9861-dabb-c7f4-741df884aa8d} - {d8aa488f-d147-4f7c-bbad-1689f71fd460} - C:\WINDOWS\system32\tmybqmor.dll
O2 - BHO: (no name) - {E62154E5-9413-475C-B29A-2BF3585775EC} - (no file)
O2 - BHO: (no name) - {F7236607-2D63-4704-B599-EC774AF30721} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zcngpxqi.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [20a9da35] rundll32.exe "C:\WINDOWS\system32\oxqeoxpk.dll",b
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B36BDE-C075-4418-BBA3-9517CC932DF3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{63B36BDE-C075-4418-BBA3-9517CC932DF3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{63B36BDE-C075-4418-BBA3-9517CC932DF3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ommovukj - C:\WINDOWS\
O20 - Winlogon Notify: vtuutuu - vtuutuu.dll (file missing)
O20 - Winlogon Notify: ysikmkpw - C:\WINDOWS\
O20 - Winlogon Notify: ywnmccaz - ywnmccaz.dll (file missing)
O20 - Winlogon Notify: zcngpxqi - C:\WINDOWS\SYSTEM32\zcngpxqi.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 9945 bytes