Hi- I ran combo fix and posted the log plus the new hijack this log below. I turned off my virus scanners to DL and run combox fix and after the roboot combo fix does I got hit with a bunch of new problems. The worst being I can no longer get online. I'm in the process of backing up all of my files now just in case I get completely locked out or reloading windows is a best option. This is REALLY bad. I'm afraid to do anything again that disables my protection as this nearly killed me.
ComboFix 09-03-18.01 - Sunshine Lehmann 2009-03-19 8:08:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2052 [GMT -5:00]
Running from: c:\documents and settings\Sunshine Lehmann\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090318-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sunshine Lehmann\Application Data\Install.dat
c:\windows\cookies.ini
c:\windows\system32\ahtn.htm
c:\windows\system32\eeMWyyxx.ini
c:\windows\system32\frmwrk32.exe
c:\windows\system32\jukazena.dll
c:\windows\system32\KknUDJjl.ini
c:\windows\system32\ntdll64.exe
c:\windows\system32\pteqjtwi.ini
c:\windows\system32\test.ttt
c:\windows\system32\tizohale.dll
c:\windows\system32\tovofada.dll
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-18 19:58 . 2009-03-18 19:58 21,091 --a------ c:\windows\system32\AAWService_2009_03_18_19_58_07.dmp
2009-03-18 19:44 . 2009-03-18 19:44 <DIR> d-------- c:\program files\Alwil Software
2009-03-18 19:38 . 2009-03-18 19:38 18,937 --a------ c:\windows\system32\AAWService_2009_03_18_19_38_03.dmp
2009-03-18 19:30 . 2009-03-18 19:30 19,805 --a------ c:\windows\system32\AAWService_2009_03_18_19_30_14.dmp
2009-03-18 17:02 . 2009-03-18 17:02 24,415 --a------ c:\windows\system32\AAWService_2009_03_18_17_02_44.dmp
2009-03-18 16:54 . 2009-03-19 08:15 106,094 --a------ c:\windows\system32\drivers\b66205da.sys
2009-03-18 16:54 . 2009-03-18 16:54 99,328 --a------ C:\pvnncaoo.exe
2009-03-18 16:54 . 2009-03-18 16:54 27,648 --a------ C:\qvmkk.exe
2009-03-18 16:54 . 2009-03-18 16:54 2 --a------ C:\1886896006
2009-03-18 07:21 . 2009-03-18 07:21 19,700 --a------ c:\windows\system32\AAWService_2009_03_18_07_21_57.dmp
2009-03-18 07:17 . 2009-03-18 07:17 18,572 --a------ c:\windows\system32\AAWService_2009_03_18_07_17_57.dmp
2009-03-18 07:12 . 2009-03-18 07:12 24,415 --a------ c:\windows\system32\AAWService_2009_03_18_07_12_56.dmp
2009-03-18 00:18 . 2009-03-18 00:18 23,249 --a------ c:\windows\system32\AAWService_2009_03_18_00_18_18.dmp
2009-03-17 21:34 . 2009-03-17 21:34 20,189 --a------ c:\windows\system32\AAWService_2009_03_17_21_34_23.dmp
2009-03-17 21:07 . 2009-03-17 21:07 20,189 --a------ c:\windows\system32\AAWService_2009_03_17_21_07_57.dmp
2009-03-17 17:05 . 2009-03-17 17:05 133,120 --a------ c:\windows\ubomezim.dll
2009-03-17 16:53 . 2009-03-17 16:53 41,984 --a------ c:\windows\Smufoxe.dll
2009-03-17 16:53 . 2009-03-18 16:53 41,984 --a------ C:\sxprfkgw.exe
2009-03-17 16:53 . 2009-03-18 16:53 10,240 --a------ C:\tlgvlvdw.exe
2009-03-16 16:04 . 2009-03-16 16:04 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\Media Player Classic
2009-03-16 15:17 . 2009-03-16 17:25 <DIR> d-------- c:\program files\QuickTime Alternative
2009-03-16 15:17 . 2009-03-16 15:17 <DIR> d-------- c:\program files\Media Player Classic
2009-03-16 15:17 . 2007-04-27 09:42 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx
2009-03-16 15:17 . 2007-04-27 09:42 49,152 --a------ c:\windows\system32\QuickTime.qts
2009-03-16 15:00 . 2009-03-16 15:00 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\MPEG Streamclip
2009-03-16 08:52 . 2009-03-16 08:52 <DIR> d-------- c:\windows\system32\windows media
2009-03-16 08:52 . 2009-03-16 08:52 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-16 08:52 . 2009-03-16 08:52 <DIR> d-------- c:\program files\Windows Media Components
2009-03-16 08:14 . 2009-03-09 14:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-16 07:51 . 2009-03-09 14:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-16 07:49 . 2009-03-16 07:49 <DIR> d-------- c:\program files\Lavasoft
2009-03-16 07:49 . 2009-03-16 07:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-16 07:49 . 2009-03-16 07:49 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:08 . 2006-06-04 15:48 198,144 --------- c:\windows\system32\_psisdecd.dll
2009-03-15 13:08 . 2006-06-04 15:48 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-03-15 13:07 . 2009-03-15 13:07 <DIR> d-------- c:\program files\Digital Photo Navigator 1.5
2009-03-15 01:30 . 2009-03-15 01:30 1,595 --a------ c:\windows\ST6UNST.000
2009-03-15 00:44 . 2009-03-15 00:44 <DIR> d-------- c:\program files\ScreenPrint32 v3
2009-03-15 00:44 . 2009-03-15 01:30 249,856 --------- c:\windows\Setup1.exe
2009-03-15 00:44 . 2009-03-15 01:30 73,216 --a------ c:\windows\ST6UNST.EXE
2009-03-14 23:22 . 2009-03-16 08:01 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-14 23:22 . 2009-03-14 23:22 1,409 --a------ c:\windows\QTFont.for
2009-03-14 20:52 . 2009-03-19 08:13 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\.rainlendar2
2009-03-14 20:51 . 2009-03-14 20:52 <DIR> d-------- c:\program files\Rainlendar2
2009-03-14 13:56 . 2009-03-14 13:56 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\Stardock
2009-03-14 13:56 . 2009-03-14 13:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{067CEB81-A49B-4597-9505-A5515881D672}
2009-03-14 12:16 . 2009-03-15 01:42 <DIR> d-------- c:\program files\Stardock
2009-03-14 12:16 . 2009-03-15 01:42 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-14 11:06 . 2009-03-14 11:06 <DIR> d-------- c:\program files\TweetDeck
2009-03-14 11:06 . 2009-03-14 11:06 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-14 11:06 . 2009-03-14 11:06 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-03-06 15:15 . 2009-03-06 15:15 <DIR> d-------- c:\program files\Common Files\SupportSoft
2009-02-24 11:39 . 2009-02-24 11:39 <DIR> d-------- c:\program files\MSECache
2009-02-23 08:53 . 2009-02-23 08:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-02-23 08:53 . 2009-02-23 08:53 368,640 --a------ c:\windows\system32\ReWire.dll
2009-02-23 08:53 . 2009-02-23 08:53 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2009-02-23 08:51 . 2009-02-23 08:53 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\Propellerhead Software
2009-02-23 01:17 . 2009-02-23 01:17 <DIR> d-------- c:\program files\Propellerhead
2009-02-19 20:45 . 2009-02-19 20:45 <DIR> d-------- c:\program files\Microsoft Solutions
2009-02-19 20:45 . 2009-02-19 20:45 <DIR> d-------- c:\documents and settings\Sunshine Lehmann\Application Data\ORSLN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 19:01 --------- d-----w c:\program files\LimeWire
2009-03-18 02:37 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-18 02:16 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 19:13 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-17 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 17:03 --------- d-----w c:\program files\Google
2009-03-17 17:03 --------- d-----w c:\program files\Full Tilt Poker
2009-03-17 17:01 --------- d-----w c:\program files\Windows Live Toolbar
2009-03-17 16:59 --------- d-----w c:\program files\VentSrv
2009-03-17 16:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-17 16:23 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\Skype
2009-03-16 20:17 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\Apple Computer
2009-03-16 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-16 20:14 --------- d-----w c:\program files\QuickTime
2009-03-16 12:38 --------- d-----w c:\program files\SpywareBlaster
2009-03-16 12:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 03:18 --------- d-----w c:\program files\CyberLink
2009-03-15 21:55 --------- d-----w c:\program files\Java
2009-03-15 18:14 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\CyberLink
2009-03-15 18:08 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-14 22:10 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\LimeWire
2009-03-13 19:53 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\MSN6
2009-03-11 13:19 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\skypePM
2009-03-07 00:31 --------- d-----w c:\program files\World of Warcraft
2009-03-03 02:08 0 ----a-w c:\documents and settings\Sunshine Lehmann\GoToAssistDownloadHelper.exe
2009-02-26 14:00 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-14 05:06 --------- d-----w c:\documents and settings\Sunshine Lehmann\Application Data\DivX
2009-02-14 04:40 --------- d-----w c:\program files\Common Files\Control Panels
2009-02-14 04:40 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2009-02-14 03:48 --------- d-----w c:\program files\Bonjour
2009-02-14 03:43 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-11 01:41 --------- d-----w c:\documents and settings\Sydney\Application Data\MSN6
2008-08-21 21:03 0 ----a-w c:\documents and settings\Sunshine Lehmann\jagex_runescape_preferences.dat
2008-03-29 21:47 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-11-30 03:26 23,405,072 ----a-w c:\program files\AdbeRdr811_en_US.exe
2008-09-17 02:41 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091620080917\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SightSpeed"="c:\program files\SightSpeed\SightSpeed.exe" [2008-07-18 4770616]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-02-21 4333568]
"12ZFG94-F641-2SF-K31P-5N1ER6H6L2"="c:\recycler\S-1-5-21-3768935224-3887913295-690910863-1151\service.exe" [2009-03-18 43008]
"12CFG515-K641-55SF-N55P"="c:\recycler\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe" [2009-03-19 25118]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-03-11 936960]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2002-02-27 151552]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-13 50688]
"Multi-Media Keyboard"="c:\progra~1\MULTI-~1\MMKey.exe" [2002-09-14 172032]
"FLMOFFICE4DMOUSE"="c:\program files\Browser Mouse\mouse32a.exe" [2008-01-05 360448]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Eqeweduvakad"="c:\windows\Smufoxe.dll" [2009-03-17 41984]
"Fnerud"="c:\windows\ubomezim.dll" [2009-03-17 133120]
"SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-17 c:\windows\RTHDCPL.exe]
"StandardKeyboard"="KBDaemonA.exe" [2004-11-26 c:\windows\system32\KBDaemonA.exe]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\program files\Stardock\Fences\DesktopDock.dll" [2009-02-25 517480]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= myokent.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKbdCfg.exe"=
"c:\\Program Files\\Verizon\\McciTrayApp.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSCv2\\WUSB54GSC.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-16 64160]
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-18 114768]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2007-11-17 6656]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-18 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [2009-01-18 65596]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-03 35840]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe --> c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [?]
S2 wuflyjqorue;wuflyjqorue;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-05 17920]
S3 DPFilter;USB Keyboard Filter Driver;c:\windows\system32\drivers\DPFilter.sys [2008-01-04 8092]
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;c:\windows\system32\drivers\KBNTXP.sys [2007-11-17 7296]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2009-01-18 198144]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wuflyjqorue
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:06]
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{090d0d8e-d51d-4f0b-9acd-161005e5e002} - (no file)
BHO-{2b4ef98a-049e-4fea-b645-df44682351ed} - (no file)
BHO-{b8eb2e50-1b1f-4ec2-b794-291faefd9632} - (no file)
BHO-{BCA98B66-43A0-462A-8186-D92B3956E94C} - (no file)
BHO-{D1AAFCAA-7298-416D-9957-185317F5F96D} - (no file)
BHO-{F99FFC7A-03E7-4385-A61C-BA0DE6E92F2D} - (no file)
HKCU-Run-Windows Resurections - c:\windows\TEMP\pk3omyta.exe
Notify-yaywvuVp - yaywvuVp.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Windows Live Search
IE: Append to existing PDF
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: E&xport to Microsoft Excel
IE: Open in new background tab
IE: Open in new foreground tab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} -
hxxp://www.gamehouse.com/games/tumblebugs/axhost.cabFF - ProfilePath - c:\documents and settings\Sunshine Lehmann\Application Data\Mozilla\Firefox\Profiles\gmb03577.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://en-us.start.mozilla.com/firefox? ... S:officialFF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-19 08:15:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b66205da]
"ImagePath"="\SystemRoot\System32\drivers\b66205da.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,4f,35,21,f6,e0,
f3,04,be,c8,28,51,af,b0,29,a3,98,57,04,1e,91,af,c4,76,f7,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,cb,2f,02,2e,6f,
11,f3,3f,71,3b,04,66,8b,46,0d,96,09,c5,53,e9,d2,b1,37,f4,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,0a,b9,a3,70,5d,
1a,cf,e4,25,da,ec,7e,55,20,c9,26,6d,2b,2c,ac,ad,dc,4c,c9,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,96,95,4d,68,4d,
30,7d,31,3e,1e,9e,e0,57,5a,93,61,c4,1c,54,fa,53,c2,05,67,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1e,7f,98,6b,74,
0b,1b,22,cd,44,cd,b9,a6,33,6c,cd,45,41,cb,b1,96,79,98,6e,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,0f,f7,b2,ed,1a,
bb,24,ab,b0,18,ed,a7,3f,8d,37,a4,9d,8b,15,d7,ef,b2,dd,a9,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,0d,d2,54,5b,
55,da,62,31,77,e1,ba,b1,f8,68,02,58,ed,6d,ca,63,c1,7f,fa,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,3a,6e,0f,0c,
93,5b,4d,83,6c,56,8b,a0,85,96,ab,2d,08,19,6e,e0,b4,5c,e8,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ed,1e,c5,60,5d,
53,8d,ac,51,fa,6e,91,28,9e,14,cc,b4,f9,ff,73,55,89,cb,67,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,5d,48,7c,a0,5a,
eb,ce,57,b1,cd,45,5a,a8,c4,f8,b9,ce,98,9b,0a,99,25,69,e1,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,33,f6,ef,bb,a2,
7a,e7,91,e3,0e,66,d5,eb,bc,2f,6b,27,76,dc,6b,02,3d,1c,09,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,28,6f,9d,f2,b9,
9d,20,0c,fa,ea,66,7f,d4,3b,6b,70,6a,14,86,e0,1b,90,bc,2c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\sxs.dll
c:\windows\system32\myokent.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\myokent.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Netropa\Multimedia Keyboard\Traymon.exe
c:\program files\Netropa\Onscreen Display\osd.exe
c:\windows\system32\rundll32.exe
c:\program files\Stardock\ObjectDock\ObjectDock.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-03-19 8:18:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 13:18:01
Pre-Run: 223,390,195,712 bytes free
Post-Run: 224,807,030,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
401 --- E O F --- 2009-03-11 08:01:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:40 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\KBDaemonA.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\MULTI-~1\MMKey.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SightSpeed\SightSpeed.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =
http://go.microsoft.com/fwlink/?LinkId=54843R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [StandardKeyboard] KBDaemonA.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Multi-Media Keyboard] C:\PROGRA~1\MULTI-~1\MMKey.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Eqeweduvakad] rundll32.exe "C:\WINDOWS\Smufoxe.dll",e
O4 - HKLM\..\Run: [Fnerud] rundll32.exe "C:\WINDOWS\ubomezim.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-3768935224-3887913295-690910863-1151\service.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N55P] C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\etf6s5tg9i.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\etf6s5tg9i.exe
O4 - HKCU\..\Run: [opru2vpoa5eclxbh4hl3y9z47stnyjfp] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\lmhhkrg.exe
O4 - HKCU\..\Run: [ysi4hymwwdhj3] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\dr8ex3kpgy.exe
O4 - HKCU\..\Run: [uudp5dr25n4f96fzalauxbmwl9phkkevle9be909bz3x8u8rk] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\tggtkm1.exe
O4 - HKCU\..\Run: [fy07g9ngefvcj5nawo] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\jyrr7n54fu.exe
O4 - HKCU\..\Run: [pl054tovmrlbspoz8t7kiyky4go13gyiy5bbpjmpwasvm8] C:\DOCUME~1\SUNSHI~1\LOCALS~1\Temp\vdis8qb9.exe
O4 - Startup: Revolve Clock.lnk = C:\Documents and Settings\Sunshine Lehmann\Local Settings\Temp\Rar$EX00.156\Revolve Clock\Revolve Clock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4097228859O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cabO16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) -
http://www.gamehouse.com/games/tumblebugs/axhost.cabO16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: oledll - {59945B67-9234-9234-D929-7F84D923BC79} - C:\WINDOWS\system32\wm16tokl.dll
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Program Files\Stardock\Fences\DesktopDock.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WUSB54GSC - GEMTEKS - C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
--
End of file - 15235 bytes